Arvind, sounds reasonable to me. Hari, any concerns with this approach?
Thanks, Mike On Sat, Jun 29, 2013 at 12:25 AM, Arvind Prabhakar <arv...@apache.org>wrote: > Given that there is ambiguity in terms of which license applies, and given > that one of these licenses is Apache Software License 2.0, my suggestion is > to keep BSD on record for our release. That way, we cover the more > restrictive case and ideally should not pose any problems. > > Regards, > Arvind Prabhakar > > On Fri, Jun 28, 2013 at 4:43 PM, Mike Percy <mpe...@apache.org> wrote: > > > Interesting find, Hari. These guys are really a licensing disaster. > However > > I believe Maven is wrong since the LICENSE file in their repository > > contains this: > > > > > > > https://code.google.com/p/findbugs/source/browse/branches/1.3.9/findbugs/LICENSE-jsr305.txt > > > > -- > > The JSR-305 reference implementation (lib/jsr305.jar) is > > distributed under the terms of the New BSD license: > > > > http://www.opensource.org/licenses/bsd-license.php > > > > See the JSR-305 home page for more information: > > > > http://code.google.com/p/jsr-305/ -- So I think it really is BSD. > > Thoughts? Thanks, Mike > > > > > > On Fri, Jun 28, 2013 at 4:24 PM, Hari Shreedharan < > > hshreedha...@cloudera.com > > > wrote: > > > > > Hi, > > > > > > Looks like jsr305 is actually ASL2.0 (according to the mvn central pom > > for > > > the specific version: > > > > > > http://search.maven.org/#artifactdetails%7Ccom.google.code.findbugs%7Cjsr305%7C1.3.9%7Cjar > > ). > > > The pom installed locally also has this: > > > <licenses> > > > <license> > > > <name>The Apache Software License, Version > > > 2.0</name> > > > <url> > > > http://www.apache.org/licenses/LICENSE-2.0.txt</url> > > > <distribution>repo</distribution> > > > </license> > > > </licenses> > > > > > > > > > The webpage on the other hand says it is BSD licensed. Maybe we should > > > verify this? I know the last few of our releases went out with BSD in > the > > > Licenses file. > > > > > > > > > Thanks, > > > Hari > > > > > > > > > On Friday, June 28, 2013 at 1:37 PM, Jarek Jarcec Cecho wrote: > > > > > > > +1 > > > > > > > > * Checked license file > > > > * Run tests > > > > * Checked other top level files > > > > * Checked checksums and signature > > > > > > > > Jarcec > > > > > > > > On Mon, Jun 24, 2013 at 07:30:18PM -0700, Mike Percy wrote: > > > > > This is the fourth release for Apache Flume as a top-level project, > > > > > version 1.4.0. We are voting on release candidate RC1. > > > > > > > > > > It fixes the following issues: > > > > > > > > > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=756924e96ace470289472a3bdb4d87e273ca74ef > > > > > > > > > > *** Please cast your vote within the next 72 hours *** > > > > > > > > > > The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, > > > *.sha1) > > > > > for the source and binary artifacts can be found here: > > > > > http://people.apache.org/~mpercy/flume/apache-flume-1.4.0-RC1/ > > > > > > > > > > Maven staging repo: > > > > > > > https://repository.apache.org/content/repositories/orgapacheflume-067/ > > > > > > > > > > The tag to be voted on: > > > > > > > > > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=756924e96ace470289472a3bdb4d87e273ca74ef > > > > > > > > > > Flume's KEYS file containing PGP keys we use to sign the release is > > > here: > > > > > https://svn.apache.org/repos/asf/flume/dist/KEYS > > > > > > > > > > Thanks, > > > > > Mike > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
