I agree with Marshall. The NOTICE/LICENSE files should reflect what is actually inside a JAR/ZIP and non-applicable parts should - if feasible - be removed.
That said, the LICENSE/NOTICE files e.g. from the Spring distribution are also usually shooting beyond the goal and make references to third-party code that may or may not be in a particular artifact... and all artifacts contain the same notices/licenses. In the case of Spring, I find it not particularly practicable to figure out what is relevant and what not. But here, specific parts seem to be clearly assignable to specific non-packaged JARs, so it appears to be practicable to be more accurate. -- Richard > On 26.04.2016, at 23:03, Marshall Schor <[email protected]> wrote: > > Here's a summary (please correct if wrong): > > There are two "optional" JARs not distributed with UIMA-AS have license and > (partial) notice info in the uima-as LICENSE/NOTICE files. > > One of the value propositions that lets others make use of our technology is > the > reputation we maintain about our always somewhat imperfect attempts at having > accurate license and notice files. I would prefer that we strive to keep our > reputation where it is by removing the license and partial notice for these > JARs, and perhaps adding some documentation (if needed) specifying what JARs > can > be optionally downloaded (from ActiveMQ distribution) for providing additional > functionality, not provided out of the box by the UIMA-AS binary distribution. > > Having said that, if the others on the PMC feel that this flaw (having extra > licenses and extra (partial) notices not needed is OK for releasing, I won't > stand in the way. > > I'll do a bit more testing, and then if nothing more is found, vote -0 to > indicate this. > > http://www.apache.org/foundation/voting.html > > -Marshall > > > On 4/26/2016 11:05 AM, Jaroslaw Cwiklik wrote: >> Thanks Marshall. Just to provide more context for the problems found >> >> The JmDNS seems to be part of auto discovery of network of brokers via >> unicast instead of hard coded URLs. This is not part of standard uima-as >> configuration we distribute. When such functionality is needed users may >> download their own copy of AMQ and use that. Of course there is an issue of >> having this jar documented in LICENSE and NOTICE but not present in the >> distribution. >> >> The second one jasypt is providing encryption and decryption of user >> credentials per: http://activemq.apache.org/encrypted-passwords.html. I >> think the lack of this jar can also be dealt with the same way as above. >> >> Given the above I will await your vote. One way or the other I need your >> vote to proceed. Seems like quality of the distribution mandates RC3 vote >> down. >> >> Jerry >> >> On Mon, Apr 25, 2016 at 5:56 PM, Marshall Schor <[email protected]> wrote: >> >>> Although others may be voting +1 to release, just to be clear, I'm >>> currently -1 >>> until the license / notice issues mentioned above are resolved. >>> >>> -Marshall
