On 9 May 2012 07:42, Emmanuel Lécharny <elecha...@gmail.com> wrote: > Le 5/9/12 2:27 AM, sebb a écrit : > >> On 8 May 2012 13:06, Emmanuel Lécharny<elecha...@gmail.com> wrote: >>> >>> Comments inline >>> >>> Le 5/8/12 11:05 AM, sebb a écrit : >>>> >>>> On 8 May 2012 09:13, Francesco Chicchiriccò<ilgro...@apache.org> >>>> wrote: >>>>> >>>>> Hi Sebb, >>>>> you can find my replies embedded below. >>>>> >>>>> I am going to send a [CANCEL] reply to this thread, remove Nexus >>>>> staging >>>>> repo and SVN tag, fix everything and start again the release process >>>>> for >>>>> 1.0.0-RC1-incubating from scratch. >>>>> >>>>> Regards. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> The NOTICE file is very long; I suspect that not all of the entries >>>>>> are >>>>>> *required*. >>>>> >>>>> >>>>> The LICENSE and NOTICE files were written against the parent POM: all >>>>> the >>>>> dependencies with scope != test were considered, then. >>>> >>>> The N&L files must relate to what is actually included in the archive. >>> >>> >>> We release sources, so making a distinction between scope != test >>> dependencies and scope=test dependencies does not make sense, AFAICT. If >>> we >>> use a 3rd party product to test Syncope, then I think we must refer their >>> licenses in NOTICE and LICENSE. >> >> No, AIUI the N&L files only relate to what is being released, not any >> external dependencies. > > See JDBM example in > http://incubator.apache.org/guides/releasemanagement.html#note-license-and-notice. > Typically, JDBM will be a dependencies, but still it requires you to include > the needed references into N&L files. > > I'm a bit lost here, as the idea is to allow users to download the source > package we release, and not infringe any of the 3rd party software Licences, > by including in our own N&L files what the 3rd party product requires us to > include.
The cited link says: "So, if the release _redistributes_ any source or artifacts ..." ... "This product _includes_ software developed by ..." [My _emphasis_] It's clear from the above that the N&L must relate to what is actually included in the release package. Unless dependencies are included in the release, they should not be mentioned in the N&L files. There are separate rules for what 3rd party software ASF projects are allowed to depend on. > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
