You weren't blocked - the vote passed on 26 Feb. The notice file
should have less information - but it was not a blocker.
FWIW, I like David's solution - it does put the onus back on the
developer to understand the licenses of all your dependencies, but I
feel that is necessary in this case.
On 11/03/2008, at 6:10 AM, Shane Isbell wrote:
This sounds good to me. I recently tried to release a first version of
Apache NMaven in the incubator and got blocked on this very issue of
having
the dependency info in the Notice file. Any solution would be
appreciated.
Shane
On Mon, Mar 10, 2008 at 11:44 AM, David Jencks
<[EMAIL PROTECTED]>
wrote:
IIUC we've previously agreed that the only LICENSE and NOTICE files
that actually need to be in svn are at the root of expected checkouts
such as trunk, branches/xxx, and tags/xxx; all other LICENSE and
NOTICE files in distributable artifacts can be generated by some
process. Projects that use maven often want to use the maven-remote-
resources-plugin to generate these files since typically many of them
are identical.
Furthermore as Roy pointed out recently the NOTICE file should be
really really minimal and only include information relevant to what
is actually in the distribution unit such as a jar. There's been a
lot of complaint about the resource bundles typically used with the
maven-remote-resources-plugin since the NOTICE files include
essentially a list of the transitive dependencies of the maven
project. I think many people find this dependency information useful
but it clearly does not belong in the NOTICE file.
At Geronimo I've developed a resource bundle that attempts to address
these issues. I'd like to find out if there are any objections to it
and if not propose it as the standard resource bundle for use at
apache by the maven-remote-resources-plugin. Right now its in the
voting stage of release and can be checked out at
https://svn.apache.org/repos/asf/geronimo/genesis/tags/genesis-1.4/
legal-bundle
and viewed at
http://people.apache.org/~djencks/staging-repo/org/apache/geronimo/
genesis/legal-bundle/1.4/legal-bundle-1.4.jar
Here's what it does:
By default, the LICENSE file is the standard apache license. The
NOTICE file is generated from a velocity template; here's an example
of the output (between ----- lines which are not included)
------------------------------------------------------
Geronimo :: Directory Plugin
Copyright 2003-2008 Apache Software Foundation
This product includes software developed at
Apache Software Foundation (http://www.apache.org/).
------------------------------------------------------
In the 99% of the time when this is the correct LICENSE and NOTICE,
that's all you do. In the remaining 1% of the time where additional
information is needed appended to these standard files, you put the
additions in
src/main/appended-resources/LICENSE
and
src/main/appended-resources/NOTICE
In the remaining 0.1% of the time where the standard files are not
correct you can arrange by other means to insert custom LICENSE and
NOTICE files.
In addition, there is a generated DEPENDENCIES file that lists the
transitive dependencies of the project, determined from the poms,
organized by organization, with the known license info. Here's an
example of such a DEPENDENCIES file:
// ------------------------------------------------------------------
// Transitive dependencies of this project determined from the
// maven pom organized by organization.
// ------------------------------------------------------------------
Genesis Plugins :: Tools
From: 'an unknown organization'
- Unnamed - ant:ant:jar:1.6.5 ant:ant:jar:1.6.5
- Unnamed - junit:junit:jar:3.8.1 junit:junit:jar:3.8.1
From: 'Apache Software Foundation' (http://www.apache.org/)
- Maven Artifact (http://maven.apache.org/maven-artifact)
org.apache.maven:maven-artifact:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Artifact Manager (http://maven.apache.org/maven-artifact-
manager) org.apache.maven:maven-artifact-manager:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Model (http://maven.apache.org/maven-model)
org.apache.maven:maven-model:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Plugin API (http://maven.apache.org/maven-plugin-api)
org.apache.maven:maven-plugin-api:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Profile Model (http://maven.apache.org/maven-profile)
org.apache.maven:maven-profile:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Project Builder (http://maven.apache.org/maven-project)
org.apache.maven:maven-project:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Repository Metadata Model (http://maven.apache.org/maven-
repository-metadata) org.apache.maven:maven-repository-metadata:jar:
2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Local Settings Model (http://maven.apache.org/maven-
settings) org.apache.maven:maven-settings:jar:2.0.4
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
- Maven Wagon API org.apache.maven.wagon:wagon-provider-api:jar:
1.0-alpha-6
License: The Apache Software License, Version 2.0 (http://
www.apache.org/licenses/LICENSE-2.0.txt)
From: 'Codehaus' (http://codehaus.org)
- Plugin Support (http://mojo.codehaus.org/plugin-support)
org.codehaus.mojo:plugin-support:jar:1.0-alpha-1
From: 'Codehaus' (http://www.codehaus.org/)
- Default Plexus Container org.codehaus.plexus:plexus-container-
default:jar:1.0-alpha-9
- Plexus Common Utilities org.codehaus.plexus:plexus-utils:jar:1.2
From: 'The Apache Software Foundation' (http://jakarta.apache.org)
- Commons JEXL (http://jakarta.apache.org/commons/jexl/) commons-
jexl:commons-jexl:jar:1.1
License: The Apache Software License, Version 2.0 (/LICENSE.txt)
- Lang (http://jakarta.apache.org/commons/lang/) commons-
lang:commons-lang:jar:2.3
License: The Apache Software License, Version 2.0 (/LICENSE.txt)
- Logging (http://jakarta.apache.org/commons/logging/) commons-
logging:commons-logging:jar:1.0.4
License: The Apache Software License, Version 2.0 (/LICENSE.txt)
From: 'The Codehaus' (http://codehaus.org/)
- classworlds (http://classworlds.codehaus.org/)
classworlds:classworlds:jar:1.1-alpha-2
------------------------------------------------------------------
As with any resource bundle for the m-r-r-p, you can supply missing
information such as organization and license in a src/main/remote-
resources/supplemental-models.xml file.
------------------------------------------------------------------
Note on javaee5 artifacts:
Some javaee5 artifacts such as wars and ears when built by maven
usually physically include all or some of the dependencies of the
maven project. While it might be nice to have the m-r-r-p roll up
the LICENSE and NOTICE files from the contents and come up with
something, that is out of scope of this proposal. I expect anyone
building such an assembly will examine the contents and construct by
hand suitable files to append to the standard LICENSE and NOTICE
files.
------------------------------------------------------------------
Objections? Comments?
many thanks
david jencks
--
Brett Porter
[EMAIL PROTECTED]
http://blogs.exist.com/bporter/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
