Thanks, sebb - we really appreciate your insight here! Considering this feedback now - will update in a bit.
---------- Forwarded message ---------- From: sebb <[email protected]> Date: Thu, Dec 5, 2013 at 12:31 PM Subject: Re: [MENTOR] Re: Issues with LICENSE/NOTICE files To: larry mccay <[email protected]> Cc: "[email protected]" <[email protected]> On 5 December 2013 17:15, larry mccay <[email protected]> wrote: > Here is a proposal for the NOTICE and RELEASE file changes going forward: > > For release 0.3.1: > > NOTICES file will be positioned at the top of the source tree. It is NOTICE not NOTICES, but yes it should be at top of source tree. [This is so the user can easily find it] > It will have > any references that aren't included as source removed - making it mostly > empty. It is not just source that is important; binary files in the source distribution (e.g. images) can potentially require an entry in the NOTICE file. Also not all 3rd party additions needs an entry in the NOTICE file. But they must have an entry in the LICENSE file. > LICENSE file will also be position at the top of the source tree. For 0.3.1 > we will include references to the licenses of all external project > dependencies and call them out as binary dependencies. Do you mean that you wish to use the same LICENSE file for both source and binary archives? I'm not sure that is specifically disallowed, but AFAIK it is not recommended. But I guess so long as it is clear which section of the file only applies to the binary archive that would be OK for the next release. > Both of these files will be copied into the release artifacts during > assembly. Are you *sure* that the binary archive does not include any dependencies that require a mention in the NOTICE file? > Next release (trunk): > > NOTICES file will be positioned at the top of the source tree. It will have > any references that aren't included as source removed - making it mostly > empty. > LICENSE file will remove direct references to external project licenses and > replace them with a pointer to a licenses directory that will contain all of > the license files for the binary dependencies. > > Both files will continue to be copied into the release artifacts at assembly > time but in addition we will also copy the license directory as well. Again, it may be that a different NOTICE file is needed for the binary distribution. > Looking for feedback on this from our mentors and sebb - who has initiated > the need for these changes. > > On Thu, Dec 5, 2013 at 9:54 AM, larry mccay <[email protected]> wrote: >> >> There is a current thread on general called Release Verification Checklist >> that is relevant here. >> >> >> >> On Thu, Dec 5, 2013 at 9:32 AM, Kevin Minder >> <[email protected]> wrote: >>> >>> Hi Everyone, >>> Here is what I think we should do to resolve this. I have both a short >>> term and long term goal in mind. >>> >>> Short term we need to review and enhance this. >>> https://cwiki.apache.org/confluence/display/KNOX/Dependencies >>> We need to review it to make sure it is still correct for 0.3.1. >>> We need to enhance it to capture exactly what should be in the LICENSE >>> and NOTICE files for each of these dependencies. >>> I think we should enlist sebb (Sebastian Bazley?) while we have his >>> attention in this effort. >>> >>> Long term I think we should propose some form of the result for this to >>> be maintained by Apache. It is very inefficient that each projects needs to >>> independently rediscover the right answer for this. There should just be a >>> list. If you use this JAR you need "this" in LICENSE and "that" in NOTICE. >>> >>> Kevin. >>> >>> -- >>> CONFIDENTIALITY NOTICE >>> NOTICE: This message is intended for the use of the individual or entity >>> to which it is addressed and may contain information that is confidential, >>> privileged and exempt from disclosure under applicable law. If the reader of >>> this message is not the intended recipient, you are hereby notified that any >>> printing, copying, dissemination, distribution, disclosure or forwarding of >>> this communication is strictly prohibited. If you have received this >>> communication in error, please contact the sender immediately and delete it >>> from your system. Thank You. >> >> >
