I'd say we do that and also add download urls for all of them so they
appear like xml-apis.
Elliot Metsger wrote:
Here are all the "bad" entries. They include 3rd party jars.
We can hack the plugin to map a groupId to the missing project info if
people think we need to do so.
esm:~/src/pluto-1.1.x$ find . -name NOTICE|xargs cat | grep Unnamed
|sort -u
This product includes/uses software, Unnamed -
avalon-framework:avalon-framework:jar:4.1.3
This product includes/uses software, Unnamed -
commons-beanutils:commons-beanutils:jar:1.7.0
This product includes/uses software, Unnamed -
commons-logging:commons-logging-api:pom:1.1
This product includes/uses software, Unnamed -
commons-logging:commons-logging:jar:1.0
This product includes/uses software, Unnamed - javax.servlet:jstl:jar:1.0.6
This product includes/uses software, Unnamed -
javax.servlet:servlet-api:jar:2.3
This product includes/uses software, Unnamed - junit:junit:jar:3.7
This product includes/uses software, Unnamed - log4j:log4j:jar:1.2.12
This product includes/uses software, Unnamed - logkit:logkit:jar:1.0.1
This product includes/uses software, Unnamed - taglibs:standard:jar:1.0.6
This product includes/uses software, Unnamed - xerces:xercesImpl:jar:2.6.2
This product includes/uses software, Unnamed -
xerces:xmlParserAPIs:jar:2.6.2
This product includes/uses software, Unnamed -
xml-apis:xml-apis:jar:1.0.b2 (http://xml.apache.org/commons/#external)
Elliot Metsger wrote:
Ok what do people think? Using the latest apache resources jar we
still have some "bad" entries in our NOTICE files. Here are four
examples of "bad" entries:
This product includes/uses software, Unnamed -
javax.servlet:servlet-api:jar:2.3
This product includes/uses software, Unnamed -
xerces:xmlParserAPIs:jar:2.6.2
This product includes/uses software, Unnamed -
commons-logging:commons-logging-api:pom:1.1
This product includes/uses software, Unnamed -
xml-apis:xml-apis:jar:1.0.b2 (http://xml.apache.org/commons/#external)
I'm inclined to say that the "bad" entries are good enough, and
satisfy the requirements of the NOTICE file. What do people think?
Just to contrast, here are "good" entries:
This product includes/uses software, Plexus Common Utilities,
developed by Codehaus (http://www.codehaus.org/)
This product includes/uses software, Maven Reporting API
(http://maven.apache.org/maven-reporting/maven-reporting-api),
developed by Apache Software Foundation (http://www.apache.org/)
This product includes/uses software, Maven Repository Metadata Model
(http://maven.apache.org/maven-repository-metadata),
developed by Apache Software Foundation (http://www.apache.org/)
This product includes/uses software, Maven Plugin Registry Model
(http://maven.apache.org/maven-plugin-registry),
developed by Apache Software Foundation (http://www.apache.org/)
This product includes/uses software, JTidy
(http://jtidy.sourceforge.net),
developed by JTidy (http://jtidy.sf.net)
This product includes/uses software, Portlet API
(http://www.jcp.org/en/jsr/detail?id=168)
Elliot
Elliot Metsger wrote:
So I got pinged again by the repository folks, this time Daniel Kulp.
None of our maven artifacts have a LICENSE or NOTICE file in them, and
apparently this is also required per
http://www.apache.org/legal/src-headers.html:
Does the policy apply to binary/object files, such as executables or
JAR files?
Yes. Even if there are no source files within the release, the
LICENSE file and NOTICE file are still both required within every ASF
distribution -- whether the unit of distribution is a .jar, .msi,
.tar/.?gz, .zip, .exe installer, or any other file format used for
distributions. For example, Windows .exe files must not be used as a
unit of distribution unless they are installers and include the
LICENSE and NOTICE files in their installation.
This is in Jira as PLUTO-349.
I'm not sure where this leaves us with our existing releases.
Elliot
