This document defines the protocol at Apache Marmotta for managing dependencies, both new ones and version upgrades, refining the [http://www.apache.org/dev/licensing-howto.html|general guidelines].
Because this is easier to manage when adding/modifying a dependency than all together when preparing a release, every developer is responsible to strictly follow this protocol when this happens.
When adding a new dependency, you may need to ask yourself: which distribution would be affected by this new dependency?
In Marmotta we do both source and binary releasing; the first one is basically the full source code, while the second one affect just the webapp, the installer and ldpath.
Therefore, there are four cases:
- The dependency is managed by Maven 2. The dependency cannot be managed by Maven
Basically the first case will only affect the binary distributions, not the source one. The second does affect the source distribution too. Generally the first way is much preferable, but unfortunately not always feasible, because: the artifact is not available on maven central, no maven artifact available (quite common for javascript libraries), code needs to be patched for any reason, etc
Therefore all affects LICENSE and NOTICE must be updated to reflect on each distribution this new dependency:
- For Apache-2.0-licensed dependency, assuming once again that that the dependency subtree contains no bundled subcomponents under other licenses and thus the ALv2 applies uniformly to all files, there is no need to modify LICENSE. If the dependency supplies a NOTICE file, its contents must be analyzed and the relevant portions bubbled up into the top-level NOTICE file. Optionally, for internal tracking purposes, we also add a reference saying "the ALv2 also applies to the following".
- For permissively-licensed dependencies (3-clause BSD, X11, MIT, BSD, W3C, etc.), although strictly there is no need, we add a reference from the NOTICE. And at LICENSE we add references describing the copyright, the dependency's location within the source tree when necessary, and its license text.