We have had a practice of having different licenses for the "source" and "bin" distribution. The source distribution, consisting (usually) of just the sources in SVN, has just the Apache license, typically.
The "bin" distribution has collected licenses beyond this, corresponding to the various licenses of the additional "jars" being distributed. There is also a "top level" license, in SVN, which is a file at the same svn level as all the projects in a particular entity (such as the Sandbox, uimaj, uima-as, etc.). These are currently not done consistently - some copy the "binary" distribution, others the source. Should we be doing it this way, or just keeping the one license associated with the Binary distribution? -Marshall
