Re: More to be added to licenses file for 1.1.1 ?
Technically... its bad for a module to need to access bits from ../ (or ../../ or ../../../../../../). The proper way to do this would be to add them to a new license module, then have each module depend on it, using dependency plugin to download unpack and then antrun to copy into place. Still easier to have LICENSE.txt and NOTICE.txt local to the module. Most of them will be the same, so not much work to maintain... a few will need to be customized to keep us legal. If we want to have a global... then we gotta write up some custom plugin to handle that automatically for us. --jason On Jul 18, 2006, at 8:04 PM, Kevan Miller wrote: On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote: Kevan Miller wrote: On Jul 18, 2006, at 8:53 AM, John Sisson wrote: Whilst testing the geronimo eclipse plugin, eclipse prompted me to acknowledge the Sun license at http://developers.sun.com/ license/berkeley_license.html when caching the j2ee schema files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ). This made me wonder whether this license has been included for Geronimo (since we redistribute schema files) and it appears the LICENSE.txt file in 1.1 doesn't contain it. I'll add a JIRA for 1.1.1 if there aren't any objections. Can anyone think of any other licenses or notices we may have overlooked? Yes. Would appreciate your thoughts on the following: 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util (currently they are only Bouncy Castle -- I believe that we have ASL code in there, also). I think we should do it 2) Do we need to add Bouncy Castle to our global LICENSE and NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ? I think yes. 3) Insure NOTICE files are included in our jar files (currently only LICENSE files are there) 4) Do we need to add LICENSE/NOTICE files in our generated CARs? 5) Can the global LICENSE and NOTICE files be used in all our generated artifacts (distributions, jars, cars)? Or do we need global files and specific license/notice files for generated module jars and car files? --kevan 2-4 should be run by legal, no? To support #5, I hope we don't need some kind of maven magic. I think 1,2,3 are must do's. I think we can ignore 4. There are some CAR files in ibiblio -- http://www.ibiblio.org/maven/ geronimo/cars/ However, I'm not sure why they are there... They are all 1.0 and dated December 22nd. Should we have them removed? To my knowledge, we don't build or distribute CAR files in 1.1 (we do have .car directories in our repository, but IMO that's no different from any other directory name we might have...) Regarding 5, I think the right thing to do is have a global LICENSE and NOTICE file in the base of our distributions. We currently have this. Each of our jar files should have LICENSE and NOTICE files specific to each jar. I don't think that this is hard to do. Am I wrong? They all need standard ASL license and notice files. util needs to include bouncy castle info. Are there other geronimo generated jars with any licensing requirements beyond ASL 2? --kevan
Re: More to be added to licenses file for 1.1.1 ?
Sorry for the slow response.. comments inline. Kevan Miller wrote: On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote: Kevan Miller wrote: On Jul 18, 2006, at 8:53 AM, John Sisson wrote: Whilst testing the geronimo eclipse plugin, eclipse prompted me to acknowledge the Sun license at http://developers.sun.com/license/berkeley_license.html when caching the j2ee schema files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ). This made me wonder whether this license has been included for Geronimo (since we redistribute schema files) and it appears the LICENSE.txt file in 1.1 doesn't contain it. I'll add a JIRA for 1.1.1 if there aren't any objections. Can anyone think of any other licenses or notices we may have overlooked? Yes. Would appreciate your thoughts on the following: 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util (currently they are only Bouncy Castle -- I believe that we have ASL code in there, also). I think we should do it Agree. 2) Do we need to add Bouncy Castle to our global LICENSE and NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ? I think yes. Agree. 3) Insure NOTICE files are included in our jar files (currently only LICENSE files are there) Agree. 4) Do we need to add LICENSE/NOTICE files in our generated CARs? Any artifact we publish should have a LICENSE/NOTICE file in it. 5) Can the global LICENSE and NOTICE files be used in all our generated artifacts (distributions, jars, cars)? Or do we need global files and specific license/notice files for generated module jars and car files? --kevan 2-4 should be run by legal, no? I think we should aim to have LICENSE and NOTICE files specific to each jar. What I am not sure of is what licenses need to be included. See my related post http://marc.theaimsgroup.com/?l=geronimo-devm=115335093425013w=2 To support #5, I hope we don't need some kind of maven magic. I think 1,2,3 are must do's. I think we can ignore 4. There are some CAR files in ibiblio -- http://www.ibiblio.org/maven/geronimo/cars/ However, I'm not sure why they are there... They are all 1.0 and dated December 22nd. Should we have them removed? To my knowledge, we don't build or distribute CAR files in 1.1 (we do have .car directories in our repository, but IMO that's no different from any other directory name we might have...) Regarding 5, I think the right thing to do is have a global LICENSE and NOTICE file in the base of our distributions. We currently have this. Each of our jar files should have LICENSE and NOTICE files specific to each jar. I don't think that this is hard to do. Am I wrong? They all need standard ASL license and notice files. util needs to include bouncy castle info. Are there other geronimo generated jars with any licensing requirements beyond ASL 2? I think many modules would need to include licenses for third party libraries as their licenses say use of. I also discussed this in the related post link above. We may need to ask legal about this. John --kevan
Re: More to be added to licenses file for 1.1.1 ?
On Jul 19, 2006, at 2:12 AM, Jason Dillon wrote: Technically... its bad for a module to need to access bits from ../ (or ../../ or ../../../../../../). The proper way to do this would be to add them to a new license module, then have each module depend on it, using dependency plugin to download unpack and then antrun to copy into place. Still easier to have LICENSE.txt and NOTICE.txt local to the module. Most of them will be the same, so not much work to maintain... a few will need to be customized to keep us legal. If we want to have a global... then we gotta write up some custom plugin to handle that automatically for us. I'd be proposing that the LICENSE and NOTICE files be local to the module. That's what we currently have. The distribution license and notice files are in modules/scripts/ src/resources. They are currently built by hand. I'm assuming that they will continue to be built by hand. Automatically generating the license/module information would be great (I'm just a little doubtful that it's going to happen...) You have to include license/notice info for all of our generated modules -- that seems doable. However, the harder part is compiling license/notice information for dependencies that are loaded into our repository. We'd need to capture that information as meta-data, then accumulate during the assembly. We need to be more rigorous in maintaining our LICENSE and NOTICE information. IMO, identifying and compiling the information is the hard part, not getting them into the necessary format... --kevan --jason On Jul 18, 2006, at 8:04 PM, Kevan Miller wrote: On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote: Kevan Miller wrote: On Jul 18, 2006, at 8:53 AM, John Sisson wrote: Whilst testing the geronimo eclipse plugin, eclipse prompted me to acknowledge the Sun license at http://developers.sun.com/ license/berkeley_license.html when caching the j2ee schema files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ). This made me wonder whether this license has been included for Geronimo (since we redistribute schema files) and it appears the LICENSE.txt file in 1.1 doesn't contain it. I'll add a JIRA for 1.1.1 if there aren't any objections. Can anyone think of any other licenses or notices we may have overlooked? Yes. Would appreciate your thoughts on the following: 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util (currently they are only Bouncy Castle -- I believe that we have ASL code in there, also). I think we should do it 2) Do we need to add Bouncy Castle to our global LICENSE and NOTICE files (i.e. branches/1.1/modules/scripts/src/ resources/) ? I think yes. 3) Insure NOTICE files are included in our jar files (currently only LICENSE files are there) 4) Do we need to add LICENSE/NOTICE files in our generated CARs? 5) Can the global LICENSE and NOTICE files be used in all our generated artifacts (distributions, jars, cars)? Or do we need global files and specific license/notice files for generated module jars and car files? --kevan 2-4 should be run by legal, no? To support #5, I hope we don't need some kind of maven magic. I think 1,2,3 are must do's. I think we can ignore 4. There are some CAR files in ibiblio -- http://www.ibiblio.org/maven/ geronimo/cars/ However, I'm not sure why they are there... They are all 1.0 and dated December 22nd. Should we have them removed? To my knowledge, we don't build or distribute CAR files in 1.1 (we do have .car directories in our repository, but IMO that's no different from any other directory name we might have...) Regarding 5, I think the right thing to do is have a global LICENSE and NOTICE file in the base of our distributions. We currently have this. Each of our jar files should have LICENSE and NOTICE files specific to each jar. I don't think that this is hard to do. Am I wrong? They all need standard ASL license and notice files. util needs to include bouncy castle info. Are there other geronimo generated jars with any licensing requirements beyond ASL 2? --kevan
Re: More to be added to licenses file for 1.1.1 ?
On Jul 18, 2006, at 8:53 AM, John Sisson wrote: Whilst testing the geronimo eclipse plugin, eclipse prompted me to acknowledge the Sun license at http://developers.sun.com/license/ berkeley_license.html when caching the j2ee schema files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ). This made me wonder whether this license has been included for Geronimo (since we redistribute schema files) and it appears the LICENSE.txt file in 1.1 doesn't contain it. I'll add a JIRA for 1.1.1 if there aren't any objections. Can anyone think of any other licenses or notices we may have overlooked? Yes. Would appreciate your thoughts on the following: 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util (currently they are only Bouncy Castle -- I believe that we have ASL code in there, also). 2) Do we need to add Bouncy Castle to our global LICENSE and NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ? I think yes. 3) Insure NOTICE files are included in our jar files (currently only LICENSE files are there) 4) Do we need to add LICENSE/NOTICE files in our generated CARs? 5) Can the global LICENSE and NOTICE files be used in all our generated artifacts (distributions, jars, cars)? Or do we need global files and specific license/notice files for generated module jars and car files? --kevan
Re: More to be added to licenses file for 1.1.1 ?
Kevan Miller wrote: On Jul 18, 2006, at 8:53 AM, John Sisson wrote: Whilst testing the geronimo eclipse plugin, eclipse prompted me to acknowledge the Sun license at http://developers.sun.com/license/berkeley_license.html when caching the j2ee schema files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ). This made me wonder whether this license has been included for Geronimo (since we redistribute schema files) and it appears the LICENSE.txt file in 1.1 doesn't contain it. I'll add a JIRA for 1.1.1 if there aren't any objections. Can anyone think of any other licenses or notices we may have overlooked? Yes. Would appreciate your thoughts on the following: 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util (currently they are only Bouncy Castle -- I believe that we have ASL code in there, also). I think we should do it 2) Do we need to add Bouncy Castle to our global LICENSE and NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ? I think yes. 3) Insure NOTICE files are included in our jar files (currently only LICENSE files are there) 4) Do we need to add LICENSE/NOTICE files in our generated CARs? 5) Can the global LICENSE and NOTICE files be used in all our generated artifacts (distributions, jars, cars)? Or do we need global files and specific license/notice files for generated module jars and car files? --kevan 2-4 should be run by legal, no? To support #5, I hope we don't need some kind of maven magic. Regards, Alan
Re: More to be added to licenses file for 1.1.1 ?
5) Can the global LICENSE and NOTICE files be used in all our
generated artifacts (distributions, jars, cars)? Or do we need
global files and specific license/notice files for generated
module jars and car files?
--kevan
2-4 should be run by legal, no?
To support #5, I hope we don't need some kind of maven magic.
Probably do...
Unless you can include a file from a resource, then a build extension
could be added to allow all modules to pick them up.
Or download from a URL (could be http://svn.apache.org/...) but I
don't like to do that since its outside of version control (even if
it is pulled from svn, its probably going to be HEAD, which is not
always going to be correct)
Or create a custom plugin to setup the resources to be added to the
jars/was/ears.
Easier to just leave the LICENSE.txt and NOTICE.txt files in each
module and configure Maven to include them from ${pom.basedir} :-\
--jason
Re: More to be added to licenses file for 1.1.1 ?
On Jul 18, 2006, at 6:43 PM, Alan D. Cabrera wrote: Kevan Miller wrote: On Jul 18, 2006, at 8:53 AM, John Sisson wrote: Whilst testing the geronimo eclipse plugin, eclipse prompted me to acknowledge the Sun license at http://developers.sun.com/ license/berkeley_license.html when caching the j2ee schema files (e.g. http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd ). This made me wonder whether this license has been included for Geronimo (since we redistribute schema files) and it appears the LICENSE.txt file in 1.1 doesn't contain it. I'll add a JIRA for 1.1.1 if there aren't any objections. Can anyone think of any other licenses or notices we may have overlooked? Yes. Would appreciate your thoughts on the following: 1) Fix LICENSE and NOTICE files for branches/1.1/modules/util (currently they are only Bouncy Castle -- I believe that we have ASL code in there, also). I think we should do it 2) Do we need to add Bouncy Castle to our global LICENSE and NOTICE files (i.e. branches/1.1/modules/scripts/src/resources/) ? I think yes. 3) Insure NOTICE files are included in our jar files (currently only LICENSE files are there) 4) Do we need to add LICENSE/NOTICE files in our generated CARs? 5) Can the global LICENSE and NOTICE files be used in all our generated artifacts (distributions, jars, cars)? Or do we need global files and specific license/notice files for generated module jars and car files? --kevan 2-4 should be run by legal, no? To support #5, I hope we don't need some kind of maven magic. I think 1,2,3 are must do's. I think we can ignore 4. There are some CAR files in ibiblio -- http://www.ibiblio.org/maven/geronimo/cars/ However, I'm not sure why they are there... They are all 1.0 and dated December 22nd. Should we have them removed? To my knowledge, we don't build or distribute CAR files in 1.1 (we do have .car directories in our repository, but IMO that's no different from any other directory name we might have...) Regarding 5, I think the right thing to do is have a global LICENSE and NOTICE file in the base of our distributions. We currently have this. Each of our jar files should have LICENSE and NOTICE files specific to each jar. I don't think that this is hard to do. Am I wrong? They all need standard ASL license and notice files. util needs to include bouncy castle info. Are there other geronimo generated jars with any licensing requirements beyond ASL 2? --kevan
