[
https://issues.apache.org/jira/browse/EDGENT-271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15657634#comment-15657634
]
Dale LaBossiere commented on EDGENT-271:
----------------------------------------
I believe all of the noted concerns have been addressed via
https://github.com/apache/incubator-edgent/pull/234 merge to release1.0.0
The binary-release's LICENSE and NOTICE contain pointers to files (under
licenses) containing the component's actual/full license and notice info.
The pi4j issue was previously addressed - the jar has been removed
> binary-release conform better to license¬ice for 3rd party content
> ---------------------------------------------------------------------
>
> Key: EDGENT-271
> URL: https://issues.apache.org/jira/browse/EDGENT-271
> Project: Edgent
> Issue Type: Task
> Reporter: Dale LaBossiere
> Assignee: Dale LaBossiere
> Fix For: Apache Edgent 1.0.0
>
>
> In response to review of binary release LICENSE/NOTICE and the reference and
> content of binary-release-bundled-content:
> The info looks good, but it’s not really in line with what is recommend to do
> [1] If it put up for an incubator vote, it IMO is likely to pass (given
> everything else is good) but is likely to get a few “please fix in next
> release” comments.
> My minor concerns are:
> - LICENSE doesn’t include the text of 3rd party licenses but points to
> another file.
> - Some license are referred to by URL, information at that URL can change
> over time. It’s best to download and include a copy of that license.
> - pointing to content inside a jar required the user to unpack that jar to se
> ether information. IMO better to copy all license files into a seperate
> directory where they can be clearly seen.
> - May not be complying with some 3rd party license terms. While the licenses
> are permissive most licenses state you need to include the full text of the
> license in anything you distribute.
> - NOTICE refers to the same external file as LICENSE. NOTICE and LICENSE are
> for different purposes and in general NOTICE doesn't include licensing
> information.
> - NOTICE may be missing [2] information from bundled ASLv2 software NOTICE
> files. [2]
> Thanks,
> Justin
> 1. http://www.apache.org/dev/licensing-howto.html
> 2. http://www.apache.org/dev/licensing-howto.html#mod-notice
> -----------------------------------------------
> A separate jira has been created for the pi4J issue:
> - javax.servlet-api-3.1.0.jar is CDDL-2 and GPL.
> See [4] and https://glassfish.java.net/nonav/public/CDDL+GPL.html
> <https://glassfish.java.net/nonav/public/CDDL+GPL.html>
> - javax.websocket-api-1.0.jar is CDDL-1.1 and GPL-2
> See [5] and https://glassfish.java.net/public/CDDL+GPL_1_1.html
> <https://glassfish.java.net/public/CDDL+GPL_1_1.html>
> The above is fine as you can select the license to use from any dual licensed
> software and CDDL is category B and is allowed to be used in a convenience
> binary.
> - pi4j-core-1.0.jar is LGPL-3.0
> See [6] and http://www.gnu.org/licenses/lgpl.txt
> <http://www.gnu.org/licenses/lgpl.txt>
> This would not be allowed. You could ask VP legal togged permission to make a
> release if you going to be removed in the next incubating release.
> Thanks,
> Justin
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
