[!SebastianBazley] Comments

  • I assume that NOTICE files don't need to itemise Apache projects, e.g. if Apache Foo includes Apache Bar in the distribution, this does not need to be mentioned, as Apache Bar is covered by the paragraph: "This product includes software developed at The Apache Software Foundation..."

    • [!RoyFielding] Right.

  • Where do the LICENSE, NOTICE and README files need to appear? eg.
    • In every independently distributed artifact, e.g. source/binary archives, binary jars (Java)?

      • [!RoyFielding] Yes.

    • In source code repositories? If so, where?

      • [!SamRuby] Root directory of the distribution

        • [!SebastianBazley] does "distribution" include source code repositories?

          • [!RoyFielding] Yes, the repository itself is a form of distribution. The N&L files should appear at the root of each trunk or branch. Additional N&L files may be placed in other subtree locations, depending on how the project makes use of its own repository space and how they choose to construct packages for release.

    • If an archive includes nested archives or Java jars, I assume these also need N&L files - is this correct?

      • [!RoyFielding] Each distribution only needs to obey the requirements of each copyright owner exactly once. For convenience, they may be obeyed more than once. Use your own judgment.

  • I assume that the LICENSE NOTICE and README files are only supposed to contain details of items that are actually included in a distribution.
    • Is this correct?

      • [!SamRuby] I would agree... for the LICENSE and NOTICE

      • [!RoyFielding] They must, at a minimum, contain the required attributions for what is being distributed in that distribution. They may include additional details for what is distributed within release packages (as a convenience to the RM). They should never include any mention of anything that is not distributed by the ASF, even if the product does not work without said thing – such information belongs in the README file.

    • Or should they ever include references to external dependencies? If so, when?

      • [!SamRuby] Seems like something that one would expect to find in a README

    • Where an Apache project has multiple modules which are also distributed in separate files, do the N&L files need to be tailored for the individual items, or can the same N&L files be used for all modules? For example, there may be some code in module A that requires an attribution, but module B does not have the code: can module B use the same N&L files?

      • [!SamRuby] I'm not sure I understand this question. One distribution, multiple files, one set of NOTICE, LICENSE, and README files. [!SebastianBazley] I was thinking of projects which distribute archives containing multiple jars. The jars may also be distributed independently (e.g. via Maven repositories), so presumably need N & L files too. Or some projects may have multiple archives which include different combinations of files - perhaps one which contains everything, and others which contain different subsets.

  • The NOTICE file also contains the line Copyright [yyyy] The Apache Software Foundation. What are the rules for [yyyy]? Is it only supposed to be the year of release? Originally when the copyright years were in the source files, I believe the rule was that the year was supposed to be updated every time there was a substantial (copyrightable) change.

    • [!SamRuby] it is my understanding that the minimum necessary is to put the year of first publication, and that (in the US at least), copyright lasts for 95 years; and therefore should be updated more frequently that that for works expected to still be of any value beyond that term. I've also seen some people put forward some non-legal reasons for suggesting that the year be kept current, but in general skipping a year or three doesn't seem to raise any significant concerns.

    • [!SebastianBazley] In that case, the example NOTICE file above is wrong, unless the Apache HTTP server was first published in 2008

    • [!RolandWeber] What I've seen elsewhere is two years, where the first records the initial copyright and the second is updated after significant changes. example

    • [!RoyFielding] The answer depends on the copyright being noticed. The copyright notice in the NOTICE or README files is for the collective work (the only copyright actually owned by the ASF, in most cases). As such, that date should change every time anything within the collective work is changed. The copyright notice within other files is usually copyright of the expression within that file, and should only be updated when the expression is substantially modified (justifying a new creative work). Do not rely on past practice for examples – in almost all cases, the "mass update" of copyright years in every file was incorrect.

[!HenriYandell] Comments

  • Should we provide a 'how to do attribution' section against NOTICEs for each license? I'm thinking of the recent discussion on CPL and how it should provide a link to the original homepage.

    • [!RoyFielding] Probably. Thanks for volunteering.

  • No labels