On Fri, Mar 28, 2008 at 7:04 PM, David Jencks <[EMAIL PROTECTED]> wrote: > In my hopefully finite-length effort to get a 4.1.2 release out I've > been looking a little bit at the LICENSE and NOTICE files in the 4.1 > branch and trunk and think many of them have big problems. > > Current thinking expressed on the legal-discuss is that: > > A source code unit expected to be checked out from svn needs LICENSE > and NOTICE files in svn at the root of the checkout. These files > should apply exactly to the source code checked out, and not include > any language only appropriate for dependencies that may be needed to > build or run the software. These are the only LICENSE and NOTICE > files that need to be actually present in svn. > > Each artifact distributed needs a LICENSE and NOTICE file. These may > be hardcoded in svn or generated. These files should accurately > describe the license(s) and required notices of what is actually in > the distribution unit (e.g. jar, war, tar.bz2) and not describe > anything not included that might be necessary to use the software. > > Artifacts can also have descriptions of dependencies needed to use > the software but these descriptions should not be in the LICENSE or > NOTICE files. > > so.... > > Looking around there are 2 problems: > - some of the LICENSE and possibly NOTICE files look like they have > generally large amounts of text appropriate for dependencies, not > what they actually apply to
What do you mean by "not what they actually apply to"? > - some LICENSE files are decidedly incomplete. For instance the > activemq-web-console includes all the sun jaxb jars but no CDDL Ah lets add that asap. > license. The trunk root LICENSE.txt file doesn't include the > licenses for the javascript in the activemq-web-console. > All those bits are in the distro NOTICE I think. > Possible solutions.... > > The root LICENSE and NOTICE files have to be fixed by hand AFAIK. > All the others can be generated using the maven-remote-resources > plugin. Thanks to Dan Kulp the latest apache resource bundle > actually generates stuff compliant with the apparent policy. What > needs to happen is that modules that have extra LICENSE or NOTICE > requirements need the extra stuff to be put into > > src/main/appended-resources/META-INF/LICENSE and src/main/appended- > resources/META-INF/NOTICE > > I can help with setting this up but I don't know what code might need > such extra legal goo. If I'm going to be able to help I'd need > accurate information on this. > This sounds like a good plan. Perhaps we should dissect the current LICENSE and NOTICE distro files since that what got all the attention last time we reviewed the release legal bits. > There's also a geronimo maven plugin that can verify that legal files > are present in all the artifacts you build (jar, war, javadoc, > source, etc). I think it's a big help in release auditing to include > this plugin in the regular build to catch problems early. Sounds good. > > thanks > david jencks > > -- Regards, Hiram Blog: http://hiramchirino.com Open Source SOA http://open.iona.com
