I've reviewed the legal files in the 4.1 branch and fixed them up to
the best of my ability. For non-jar artifacts I've generally relied
on hardcoded LICENSE and NOTICE files since the maven-remote-
resources-plugin tends to put them in odd places.
Since the status of jmdns looks exceedingly fuzzy to me I also added
an activemq-jmdns_1.0 module that contains the files that are
definitely under the apache license, and moved them to a sun-friendly
package.
If anyone can stand to review this stuff that would be great. I
expect to be proposing a release vote for 4.1.2 later today or tomorrow.
Many thanks
david jencks
On Mar 31, 2008, at 1:12 PM, Hiram Chirino wrote:
On Fri, Mar 28, 2008 at 7:04 PM, David Jencks
<[EMAIL PROTECTED]> wrote:
In my hopefully finite-length effort to get a 4.1.2 release out I've
been looking a little bit at the LICENSE and NOTICE files in the 4.1
branch and trunk and think many of them have big problems.
Current thinking expressed on the legal-discuss is that:
A source code unit expected to be checked out from svn needs LICENSE
and NOTICE files in svn at the root of the checkout. These files
should apply exactly to the source code checked out, and not include
any language only appropriate for dependencies that may be needed to
build or run the software. These are the only LICENSE and NOTICE
files that need to be actually present in svn.
Each artifact distributed needs a LICENSE and NOTICE file. These
may
be hardcoded in svn or generated. These files should accurately
describe the license(s) and required notices of what is actually in
the distribution unit (e.g. jar, war, tar.bz2) and not describe
anything not included that might be necessary to use the software.
Artifacts can also have descriptions of dependencies needed to use
the software but these descriptions should not be in the LICENSE or
NOTICE files.
so....
Looking around there are 2 problems:
- some of the LICENSE and possibly NOTICE files look like they have
generally large amounts of text appropriate for dependencies, not
what they actually apply to
What do you mean by "not what they actually apply to"?
- some LICENSE files are decidedly incomplete. For instance the
activemq-web-console includes all the sun jaxb jars but no CDDL
Ah lets add that asap.
license. The trunk root LICENSE.txt file doesn't include the
licenses for the javascript in the activemq-web-console.
All those bits are in the distro NOTICE I think.
Possible solutions....
The root LICENSE and NOTICE files have to be fixed by hand AFAIK.
All the others can be generated using the maven-remote-resources
plugin. Thanks to Dan Kulp the latest apache resource bundle
actually generates stuff compliant with the apparent policy. What
needs to happen is that modules that have extra LICENSE or NOTICE
requirements need the extra stuff to be put into
src/main/appended-resources/META-INF/LICENSE and src/main/appended-
resources/META-INF/NOTICE
I can help with setting this up but I don't know what code might
need
such extra legal goo. If I'm going to be able to help I'd need
accurate information on this.
This sounds like a good plan. Perhaps we should dissect the current
LICENSE and NOTICE distro files since that what got all the attention
last time we reviewed the release legal bits.
There's also a geronimo maven plugin that can verify that legal
files
are present in all the artifacts you build (jar, war, javadoc,
source, etc). I think it's a big help in release auditing to
include
this plugin in the regular build to catch problems early.
Sounds good.
thanks
david jencks
--
Regards,
Hiram
Blog: http://hiramchirino.com
Open Source SOA
http://open.iona.com
