incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Owen <sro...@gmail.com>
Subject Re: Bloated NOTICE files are evil
Date Sat, 11 Oct 2014 17:50:37 GMT
On Sat, Oct 11, 2014 at 6:35 PM, Ted Dunning <ted.dunning@gmail.com> wrote:
> On Sat, Oct 11, 2014 at 8:13 AM, Sean Owen <srowen@gmail.com> wrote:
>
>> Here's another example. Drill distributes Netty 4.0.20, which is AL2
>> licensed and contains a substantial NOTICE file with stuff like ...
>>
>>
>> -------------------------------------------------------------------------------
>> This product contains the extensions to Java Collections Framework which
>> has
>> been derived from the works by JSR-166 EG, Doug Lea, and Jason T. Greene:
>>
>>   * LICENSE:
>>     * license/LICENSE.jsr166y.txt (Public Domain)
>>   * HOMEPAGE:
>>     * http://gee.cs.oswego.edu/cgi-bin/viewcvs.cgi/jsr166/
>>     *
>> http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbosscache/experimental/jsr166
>>
>
> What you quote is an acknowledgment of public domain code.
>
> How is that a problem?

I think the productive way forward is to read clause 4d of the Apache
License 2.0. It doesn't say "you can ignore things in the NOTICE file
that don't seem relevant to you because they're referring to public
domain things". It specifies that the NOTICE file contents are to be
reproduced in a distribution of a Derivative Work. For better or
worse, that's what it says.

Then have a look at the Netty NOTICE file I've pointed out. It
contains much more than this, including MIT, BSD, AL2 licensed
references -- although again, this isn't really relevant according to
AL2, but may help you. I've copied the content below.

This is just one dependency I highlighted with what appears to be a
license problem in this release; I would not expect it is the only
one. I don't think it's good practice to guess ad hoc at reasons to
ignore the issue of OSS licensing. Why not just conduct a review in
good time? I think it's pretty hard to get right given the complexity,
and I doubt every project has it perfect, but a good-faith effort is
not optional.


-------------------------------------------------------------------------------
This product contains the extensions to Java Collections Framework which has
been derived from the works by JSR-166 EG, Doug Lea, and Jason T. Greene:

  * LICENSE:
    * license/LICENSE.jsr166y.txt (Public Domain)
  * HOMEPAGE:
    * http://gee.cs.oswego.edu/cgi-bin/viewcvs.cgi/jsr166/
    * http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbosscache/experimental/jsr166/

This product contains a modified version of Robert Harder's Public Domain
Base64 Encoder and Decoder, which can be obtained at:

  * LICENSE:
    * license/LICENSE.base64.txt (Public Domain)
  * HOMEPAGE:
    * http://iharder.sourceforge.net/current/java/base64/

This product contains a modified portion of 'Webbit', an event based
WebSocket and HTTP server, which can be obtained at:

  * LICENSE:
    * license/LICENSE.webbit.txt (BSD License)
  * HOMEPAGE:
    * https://github.com/joewalnes/webbit

This product contains a modified portion of 'SLF4J', a simple logging
facade for Java, which can be obtained at:

  * LICENSE:
    * license/LICENSE.slf4j.txt (MIT License)
  * HOMEPAGE:
    * http://www.slf4j.org/

This product contains a modified portion of 'ArrayDeque', written by Josh
Bloch of Google, Inc:

  * LICENSE:
    * license/LICENSE.deque.txt (Public Domain)

This product contains a modified version of Roland Kuhn's ASL2
AbstractNodeQueue, which is based on Dmitriy Vyukov's non-intrusive MPSC queue.
It can be obtained at:

  * LICENSE:
    * license/LICENSE.abstractnodequeue.txt (Public Domain)
  * HOMEPAGE:
    * https://github.com/akka/akka/blob/wip-2.2.3-for-scala-2.11/akka-actor/src/main/java/akka/dispatch/AbstractNodeQueue.java

This product optionally depends on 'JZlib', a re-implementation of zlib in
pure Java, which can be obtained at:

  * LICENSE:
    * license/LICENSE.jzlib.txt (BSD style License)
  * HOMEPAGE:
    * http://www.jcraft.com/jzlib/

This product optionally depends on 'Protocol Buffers', Google's data
interchange format, which can be obtained at:

  * LICENSE:
    * license/LICENSE.protobuf.txt (New BSD License)
  * HOMEPAGE:
    * http://code.google.com/p/protobuf/

This product optionally depends on 'Bouncy Castle Crypto APIs' to generate
a temporary self-signed X.509 certificate when the JVM does not provide the
equivalent functionality.  It can be obtained at:

  * LICENSE:
    * license/LICENSE.bouncycastle.txt (MIT License)
  * HOMEPAGE:
    * http://www.bouncycastle.org/

This product optionally depends on 'Snappy', a compression library produced
by Google Inc, which can be obtained at:

  * LICENSE:
    * license/LICENSE.snappy.txt (New BSD License)
  * HOMEPAGE:
    * http://code.google.com/p/snappy/

This product optionally depends on 'JBoss Marshalling', an alternative Java
serialization API, which can be obtained at:

  * LICENSE:
    * license/LICENSE.jboss-marshalling.txt (GNU LGPL 2.1)
  * HOMEPAGE:
    * http://www.jboss.org/jbossmarshalling

This product optionally depends on 'Caliper', Google's micro-
benchmarking framework, which can be obtained at:

  * LICENSE:
    * license/LICENSE.caliper.txt (Apache License 2.0)
  * HOMEPAGE:
    * http://code.google.com/p/caliper/

This product optionally depends on 'Apache Commons Logging', a logging
framework, which can be obtained at:

  * LICENSE:
    * license/LICENSE.commons-logging.txt (Apache License 2.0)
  * HOMEPAGE:
    * http://commons.apache.org/logging/

This product optionally depends on 'Apache Log4J', a logging framework, which
can be obtained at:

  * LICENSE:
    * license/LICENSE.log4j.txt (Apache License 2.0)
  * HOMEPAGE:
    * http://logging.apache.org/log4j/

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message