On Sun, 16 May 2021 at 18:28, Matthias Bläsing <mblaes...@doppel-helix.eu> wrote: > Oracle decided to add the "Certain source files > distributed ..." paragraph, which make the license from my POV > problematic as it puts the uncertainty onto the user and not the > copyrightholder.
Yes, as far as I'm aware it's mainly this uncertainty which leaves GPL+CPE in the Cat X, ask per use, on Legal's side, rather than the text of CPE itself. And Legal have still not resolved that we, as user, can assert this in the way done here. > In the future I wonder whether each nb-javac release will need to be > vetted like this, Assuming no clarification in the repository of the terms, then that seems to be the only option. And hopefully we can get resolved that that approach is OK. > This also raises the question whether the build > is reproducible and whether it is ok, that there is no direct > connection between the binary artifact ant the source artifact. Yes, and the ambiguity of the LauncherProperties file does raise a question about the current process there too. A longer term approach to this might be to download the sources from Maven, validate the license headers (akin to RAT), and build from source as part of our build? Best wishes, Neil --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org For additional commands, e-mail: dev-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
