incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonas Pfefferle" <>
Subject Re: licenses and copyrights of dependencies
Date Wed, 07 Nov 2018 16:07:25 GMT
Hi Vincent,

At least right now we have the source code part covered since we do not ship 
any third party code/jars etc. with it. However, as you pointed it is a 
concern for the binary release. We just want this to be easy to  manage. At 
the moment we have 80+ jars that we ship as dependencies in the binary 
release. As pointed out before all of them have the license at least 
mentioned in the pom or have a license file in META-INF. Best case scenario 
we could just list all jars in the LICENSE file and refer to their license 
in the jar instead of copying everything. This makes it much easier to 
add/remove dependencies or change versions...
Does this make sense?


  On Wed, 7 Nov 2018 15:56:45 +0000
  "Vincent S Hou" <> wrote:
> Hi Jonas,
> I totally understand your situation right now, because I have just 
>gone through the release process for my project Apache OpenWhisk as 
> Regarding whether you should add the copyright, to me, it depends on 
>the source code release or the binary release.
> If you only care about the source code release, you can only focus 
>on the "SOURCE CODE". For example, if one or some of your SOURCE CODE 
>come from another library with a certain copyright, you should add it 
>into your LICENSE file. If your code depends on jar or any other 
>packages shipped by other parties, you do not need to add their 
>copyright into your LICENSE, because your source code release do not 
>and should not include any jar or packages. You can document 
>somewhere that these jars or packages are dependencies to run your 
> If you come to binary release, and all the dependencies play a role 
>in order to compile your source code, you need to have the LICENSE 
>file with all the copyright for the dependencies.
> In a nutshell, source code release is relatively easier to edit your 
>LICENSE, but binary release may be a hassle. 
>For folks with different comments, welcome to chime in.
> Best wishes.
> Vincent Hou (侯胜博)
> Advisory Software Engineer, OpenWhisk Contributor, Open Technology, 
>IBM Cloud
> Notes ID: Vincent S Hou/Raleigh/IBM, E-mail:,
> Phone: +1(919)254-7182
> Address: 4205 S Miami Blvd (Cornwallis Drive), Durham, NC 27703, 
>United States
> -----"Jonas Pfefferle" <> wrote: -----
> To: "" <>
>From: "Jonas Pfefferle" <>
> Date: 11/07/2018 07:35AM
> Subject: licenses and copyrights of dependencies
> Hi all,
> We are just preparing a new release and are wondering how and what 
> required for licenses and copyrights of components shipped with an 
> According to the release 
> policy 
> we need to include licenses of all components shipped in an 
>artifact. The 
> example just appends all licenses to the LICENSE file including the 
> copyrights. Is the copyright required? Shouldn't the copyright be 
> to the NOTICE file instead?
> Also we found that some artifacts have contradicting or missing 
> e.g. in the pom of one artifact a BSD clause 2 license is mentioned 
>but no 
> LICENSE files are shipped in the jars, however the source contains a 
> clause 3 license.
> Thanks,
> Jonas
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
>For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message