is there anyway to run maven-rat-plugin to make sure ASF licensed assets are *not* being subverted by salesforce
http://creadur.apache.org/rat/apache-rat-plugin/rat-mojo.html Apache Rat™ Plugin for Apache Maven – apache-rat:rat<http://creadur.apache.org/rat/apache-rat-plugin/rat-mojo.html> creadur.apache.org apache-rat:rat. Note:This goal should be used as a Maven report. Full name: org.apache.rat:apache-rat-plugin:0.13-SNAPSHOT:rat. Description: ? Martin ______________________________________________ ________________________________ From: John D. Ament <johndam...@apache.org> Sent: Saturday, June 3, 2017 9:46 AM To: general@incubator.apache.org Subject: Re: Images in source code. On Fri, Jun 2, 2017 at 8:20 PM Craig Russell <apache....@gmail.com> wrote: > Hi James, > > Everything that is not explicitly called out in the top level NOTICE and > LICENSE files are licensed under the Apache 2.0 license. > > Adding a file to this directory might mislead people into thinking that > they need to perform more due diligence with other files in other > directories. > > My advice is to *not* add anything. Let the images be licensed per the > terms the top level LICENSE file. > Agreed. What we do like to make sure is called out is if there is provenance that these images came from somewhere else. If these images were not created by you and were not already under apache license, then we would have a concern. > > Craig > > > On Jun 2, 2017, at 2:20 PM, James Bognar <james.bog...@salesforce.com> > wrote: > > > > Thanks! > > > > I haven't found a metadata editor that works yet, so I'll just add a > > LICENSE.txt file to the directory. Hopefully that's enough. > > > > On Fri, Jun 2, 2017 at 4:48 PM, Josh Elser <els...@apache.org> wrote: > > > >> On 6/2/17 1:15 PM, James Bognar wrote: > >> > >>> I just added several png files to the source tree of our podling. I > >>> created them myself. Are there any best-practices on how to mark > these as > >>> Apache licensed? > >>> > >>> > >> I'm not sure of a good way to track this. I'm not sure if png supports > >> arbitrary metadata which could be edited. Some ways I've seen used > >> elsewhere to try to better propagate license/ownership: > >> > >> * Comments on the issue-tracker issue that introduced them citing > >> origin/source (typically for images that are copied, not created) > >> * Entry in LICENSE/NOTICE (shouldn't be done unnecessarily, of course) > >> * A README in the same directory with relevant info > >> > >> If the images are of the podling's creation, I wouldn't be particularly > >> worried. The copyright notice on your source-release and LICENSE are > >> sufficient to inform downstream consumers. > >> > >> Probably not the answer you're looking for, but hope it helps :) > >> > >> - Josh > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > >> For additional commands, e-mail: general-h...@incubator.apache.org > >> > >> > > > > > > -- > > James Bognar > > Craig L Russell > c...@apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
