________________________________
From: James Bognar <james.bog...@salesforce.com>
Sent: Sunday, June 4, 2017 9:13 AM
To: general@incubator.apache.org
Subject: Re: Images in source code.
That's a good question. I've discovered that images CAN contain metadata
that includes ownership information. Rat could check for these. In
practice though, these comment fields don't seem to be often used.
If I could add a simple "Copyright Apache" message to the metadata, I
would, but the tooling is suprisingly lacking.
MG>To answer the second question
MG>entities who purchase a product (salesforce) would not necessarily know:
MG>who created the code (especially when license information is stripped out
and there is no attribution in META-INF readme/licenses)
MG>who generated the images..(assuming designers have the legal right to
trademark/copyright their work)
MG>apologies for picking on salesforce ..ive seen other organisations grab
OpenSource Assets/Code, stripout licenses & call it their own
MG>James if you can show me where the Copyright Apache is in metadata .. I'll
get maven-rat-plugin to read metadata and throw BuildException
MG>and fail the rat check
MG>thanks for your help
On Sun, Jun 4, 2017 at 8:49 AM, Martin Gainty <mgai...@hotmail.com> wrote:
> is there anyway to run maven-rat-plugin to make sure ASF licensed assets
> are *not* being subverted by salesforce
>
>
> http://creadur.apache.org/rat/apache-rat-plugin/rat-mojo.html
Apache Rat™ Plugin for Apache Maven –
apache-rat:rat<http://creadur.apache.org/rat/apache-rat-plugin/rat-mojo.html>
creadur.apache.org
apache-rat:rat. Note:This goal should be used as a Maven report. Full name:
org.apache.rat:apache-rat-plugin:0.13-SNAPSHOT:rat. Description:
>
>
> Apache Rat™ Plugin for Apache Maven – apache-rat:rat<http://creadur.
> apache.org/rat/apache-rat-plugin/rat-mojo.html>
> creadur.apache.org
> apache-rat:rat. Note:This goal should be used as a Maven report. Full
> name: org.apache.rat:apache-rat-plugin:0.13-SNAPSHOT:rat. Description:
>
> ?
>
> Martin
> ______________________________________________
>
>
>
> ________________________________
> From: John D. Ament <johndam...@apache.org>
> Sent: Saturday, June 3, 2017 9:46 AM
> To: general@incubator.apache.org
> Subject: Re: Images in source code.
>
> On Fri, Jun 2, 2017 at 8:20 PM Craig Russell <apache....@gmail.com> wrote:
>
> > Hi James,
> >
> > Everything that is not explicitly called out in the top level NOTICE and
> > LICENSE files are licensed under the Apache 2.0 license.
> >
> > Adding a file to this directory might mislead people into thinking that
> > they need to perform more due diligence with other files in other
> > directories.
> >
> > My advice is to *not* add anything. Let the images be licensed per the
> > terms the top level LICENSE file.
> >
>
> Agreed. What we do like to make sure is called out is if there is
> provenance that these images came from somewhere else. If these images
> were not created by you and were not already under apache license, then we
> would have a concern.
>
>
> >
> > Craig
> >
> > > On Jun 2, 2017, at 2:20 PM, James Bognar <james.bog...@salesforce.com>
> > wrote:
> > >
> > > Thanks!
> > >
> > > I haven't found a metadata editor that works yet, so I'll just add a
> > > LICENSE.txt file to the directory. Hopefully that's enough.
> > >
> > > On Fri, Jun 2, 2017 at 4:48 PM, Josh Elser <els...@apache.org> wrote:
> > >
> > >> On 6/2/17 1:15 PM, James Bognar wrote:
> > >>
> > >>> I just added several png files to the source tree of our podling. I
> > >>> created them myself. Are there any best-practices on how to mark
> > these as
> > >>> Apache licensed?
> > >>>
> > >>>
> > >> I'm not sure of a good way to track this. I'm not sure if png supports
> > >> arbitrary metadata which could be edited. Some ways I've seen used
> > >> elsewhere to try to better propagate license/ownership:
> > >>
> > >> * Comments on the issue-tracker issue that introduced them citing
> > >> origin/source (typically for images that are copied, not created)
> > >> * Entry in LICENSE/NOTICE (shouldn't be done unnecessarily, of course)
> > >> * A README in the same directory with relevant info
> > >>
> > >> If the images are of the podling's creation, I wouldn't be
> particularly
> > >> worried. The copyright notice on your source-release and LICENSE are
> > >> sufficient to inform downstream consumers.
> > >>
> > >> Probably not the answer you're looking for, but hope it helps :)
> > >>
> > >> - Josh
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> > >> For additional commands, e-mail: general-h...@incubator.apache.org
> > >>
> > >>
> > >
> > >
> > > --
> > > James Bognar
> >
> > Craig L Russell
> > c...@apache.org
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> > For additional commands, e-mail: general-h...@incubator.apache.org
> >
> >
>
--
James Bognar
