The issue is that ASF release artifacts should have in their root a
LICENSE file which includes all the licensing details of the artifact.

This source release artifact,
clerezza-0.2-incubating-source-release.zip, does have a LICENSE file
at its root, but that file has no mention that the source distribution
also contains YUI which is BSD licensed.

Ok you have now pointed out that the BSD license is in fact included
in the source distribution in a file named
web.resources.yui\LICENSE.bsd.yahoo.txt, but that was not at all
obvious and i didn't find it when looking for the license.

The traditional approach for ASF releases is to copy all the licenses
into the top-level LICENSE file so that they are very easy to see.
Some projects don't like that so have the third party licenses
somewhere else. Some people say if you use the somewhere else approach
then the top level LICENSE must at least have a link to them, i don't
know if that is strictly required perhaps if they are all collected
somewhere obvious like a top-level folder named licenses that might be
enough too. But just having all the license scattered about in the
distribution in no obvious place and with no high level doc pointing
out that they exist is not enough IMHO.

There was some discussion about this in
https://issues.apache.org/jira/browse/LEGAL-31 (which i note is still
open!).

   ...ant

On Sun, Jan 15, 2012 at 4:38 PM, Reto Bachmann-Gmür
<m...@farewellutopia.com> wrote:
> Thank you for reviewing the release candidate
>
> I'm not sure what the issue with the source distribution is: the
> module web.resources.yui mentions the yahoo copyright in the notice
> file and the bsd license is included.
>
> I guess this should also be the case for the launchers and thus the
> binary distribution zip.
>
> That the name of the binary release doesn't match the one of the
> source release is intended. The source release is a distribution of
> many components, the binary release is a release of the launcher which
> contains most but not all the components.
>
> Cheers,
> Reto
>
> On Sat, Jan 14, 2012 at 10:00 AM, ant elder <ant.el...@gmail.com> wrote:
>> On Fri, Jan 13, 2012 at 3:18 PM, Reto Bachmann-Gmür <r...@apache.org> wrote:
>>> Hi all,
>>>
>>> Clerezza 0.2 is ready for release.  This will be our first incubator 
>>> release.
>>>
>>> We had a preliminary vote in the PPMC, which has been accepted, the +1
>>> votes include the one from IPMC member Tommaso Teofili.
>>>
>>> The PPMC vote result is here:
>>> http://mail-archives.apache.org/mod_mbox/incubator-clerezza-dev/201201.mbox/%3CCALvhUEXQVsKro6jRBY06%2B2fh6TGv5yBkAGd3Eoj6mqiQ%3DCe1hQ%40mail.gmail.com%3E
>>>
>>> We need two more IPMC votes to pass.
>>>
>>> Please vote on releasing Clerezza parent and all the modules in the
>>> release profile.
>>>
>>> A zip with the source distribution and one with an executable binary
>>> distribution (jena tdb based launcher) are available with their
>>> signatures at:
>>>
>>> http://people.apache.org/~reto/clerezza-release-201201/
>>>
>>> In svn the release version is tagged parent-0.2-incubating.
>>>
>>> Keys:
>>> https://svn.apache.org/repos/asf/incubator/clerezza/trunk/KEYS
>>>
>>> The vote is open for 72 hours, or until we get the needed number of votes
>>> (3 +1).
>>>
>>>  [ ] +1 Release this package as Apache Clerezza 0.2-incubating
>>>  [ ] -1 Do not release this package because...
>>>
>>> To learn more about Apache Clerezza visit:
>>> http://incubator.apache.org/clerezza/
>>>
>>> Cheers,
>>> Reto
>>>
>>
>> Unfortunately there are some licensing issues.
>>
>> The source distribution includes YUI which is BSD licensed so this
>> needs to be mentioned and the BSD license needs to be included in the
>> source distribution LICENSE file.
>>
>> There are similar issues with the binary distribution which includes
>> many third party artifacts with various licenses and none of those are
>> mentioned anywhere that i could find. Its a big release so I've not
>> checked the details, I think you need to do a legal audit of the
>> release artifacts to find whats there and what needs to be added to
>> the LICENSE and NOTICE files. Ask your mentors or here on general@ if
>> you're not sure how to do it.
>>
>> Otherwise the release all looks pretty good a couple of minor comments are:
>> - the NOTICE file date has 2011 and that could be changed to 2012.
>> - the name of the binary distribution artifact doesn't match the name
>> of the source artifact or include the release version
>>
>>   ...ant
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>> For additional commands, e-mail: general-h...@incubator.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Reply via email to