On Tuesday 24 October 2006 15:43, Karl Pauls wrote: > 1) Everything distributed must be under ASL or similar license (i.e., > compatible).
Somewhat incorrect (dep on interpretation of statement). All new software developed and hosted on ASF infrastructure must be Apache licensed. Existing software that is hosted on ASF infrastructure and may or may not be modified into derived works, must (beside being vetted through the incubator) be Apache license compatible, i.e. no reciprocity in the licensing terms. So far there are no disagreements. legal@ ML has been discussing whether or not ASF projects are allowed to have dependencies on, optional or not, other licenses deemed not compatible with Apache license. Many gray areas, and I would like to leave that out of this discussion for now... > 2) Users of Apache products must be provided with all licensing terms > applicable to any part of the product and must be given prominent > notice when any of those terms include restrictions significantly > different from the Apache License. Correct. That goes for ALL LICENSES that touches on a released artifact, whether optional or not. All such licenses goes into the NOTICE file, which MUST be placed in the root of the released artifact, together with the LICENSE file. It has been said (not sure if it is still in effect) that both tar balls and Maven distributed Jars are considered 'released artifacts', and have the above requirement. > In essence, I believe, it boils down to whether the software depended > upon comes with reciprocity attached (i.e., requires that the software > itself is under the same license and subsequently, so must be derived > works). Not only reciprocity. There are also issues around submarining of patents into other people's products via a BSD license. People who are very concerned, must be able to know before hand what licensing terms are wrapped up inside the larger package. > In regard to the example, I'd argue that due to the ASL version of the > OSGi subprojects and the OSGi terms we don't need to add it to the > NOTICE file of released artifacts that only depend on it. Note, > however, that for example the framework subproject will need to add it > (because it contains the AdminPermission stuff). We depend on the specification, and the licensing terms of the specifications would need to go into NOTICE file. IIRC, that has been changed to Apache License v2.0, and an appropriate entry would still mark that we have such dependency in the sources. I don't think anyone would object if it is omitted, but for good measure... Cheers Niclas
