Given that there is ambiguity in terms of which license applies, and given that one of these licenses is Apache Software License 2.0, my suggestion is to keep BSD on record for our release. That way, we cover the more restrictive case and ideally should not pose any problems.
Regards, Arvind Prabhakar On Fri, Jun 28, 2013 at 4:43 PM, Mike Percy <mpe...@apache.org> wrote: > Interesting find, Hari. These guys are really a licensing disaster. However > I believe Maven is wrong since the LICENSE file in their repository > contains this: > > > https://code.google.com/p/findbugs/source/browse/branches/1.3.9/findbugs/LICENSE-jsr305.txt > > -- > The JSR-305 reference implementation (lib/jsr305.jar) is > distributed under the terms of the New BSD license: > > http://www.opensource.org/licenses/bsd-license.php > > See the JSR-305 home page for more information: > > http://code.google.com/p/jsr-305/ -- So I think it really is BSD. > Thoughts? Thanks, Mike > > > On Fri, Jun 28, 2013 at 4:24 PM, Hari Shreedharan < > hshreedha...@cloudera.com > > wrote: > > > Hi, > > > > Looks like jsr305 is actually ASL2.0 (according to the mvn central pom > for > > the specific version: > > > http://search.maven.org/#artifactdetails%7Ccom.google.code.findbugs%7Cjsr305%7C1.3.9%7Cjar > ). > > The pom installed locally also has this: > > <licenses> > > <license> > > <name>The Apache Software License, Version > > 2.0</name> > > <url> > > http://www.apache.org/licenses/LICENSE-2.0.txt</url> > > <distribution>repo</distribution> > > </license> > > </licenses> > > > > > > The webpage on the other hand says it is BSD licensed. Maybe we should > > verify this? I know the last few of our releases went out with BSD in the > > Licenses file. > > > > > > Thanks, > > Hari > > > > > > On Friday, June 28, 2013 at 1:37 PM, Jarek Jarcec Cecho wrote: > > > > > +1 > > > > > > * Checked license file > > > * Run tests > > > * Checked other top level files > > > * Checked checksums and signature > > > > > > Jarcec > > > > > > On Mon, Jun 24, 2013 at 07:30:18PM -0700, Mike Percy wrote: > > > > This is the fourth release for Apache Flume as a top-level project, > > > > version 1.4.0. We are voting on release candidate RC1. > > > > > > > > It fixes the following issues: > > > > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=756924e96ace470289472a3bdb4d87e273ca74ef > > > > > > > > *** Please cast your vote within the next 72 hours *** > > > > > > > > The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, > > *.sha1) > > > > for the source and binary artifacts can be found here: > > > > http://people.apache.org/~mpercy/flume/apache-flume-1.4.0-RC1/ > > > > > > > > Maven staging repo: > > > > > https://repository.apache.org/content/repositories/orgapacheflume-067/ > > > > > > > > The tag to be voted on: > > > > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=756924e96ace470289472a3bdb4d87e273ca74ef > > > > > > > > Flume's KEYS file containing PGP keys we use to sign the release is > > here: > > > > https://svn.apache.org/repos/asf/flume/dist/KEYS > > > > > > > > Thanks, > > > > Mike > > > > > > > > > > > > > > > > > > > >
