seeking an elegant solution, somewhat OT
Robert Lauriston
robert at lauriston.com
Wed Nov 26 14:07:01 PST 2014
I could use that too. I haven't found anything more elegant than a
spreadsheet. I have an entry for every third-party .jar file and for
new releases compare that column with the latest contents of the /lib
directory to see if there's anything new.
Most use Apache 2.0 or Eclipse 1.0. I also have Apache 1.1, BSD, CDDL
1.0, 1.0.1, and 1.1, CERN, GLPL 2.1 and 3, MIT, Mozilla 1.1 and 2.0,
and numerous proprietary public licenses. A handful are public domain.
Most if not all of the BSD and MIT licenses I've seen include a clause
such as "The above copyright notice and this permission notice shall
be included in
all copies or substantial portions of the Software."
GPL (as opposed to LGPL) can't be distributed with commercial
software. If I find GPL libraries or others that can't be distributed
(such as for Oracle and MS JDBC drivers) I file bugs. I also file bugs
if the license requires a notice file that's missing.
I believe a link to the source on Maven Central Repository or
Sourceforge is adequate for satisfying the sources requirement. That's
what Apache seems to be doing.
It's increasingly common for license disclosure to be reduced to a URL
in pom.xml.
On Wed, Nov 26, 2014 at 1:33 PM, John Sgammato
<john.sgammato at actifio.com> wrote:
>
> Seeking some creative input, or maybe a success story...
> The products that I write about use a variety of open source and other licenses. There is a thicket of rules surrounding attribution of them. I am looking for a way to assemble this the first time, and then to maintain it after that.
>
> I have a list of about 300 software components that need different handling according to their licenses.
>
> Some (MIT, BSD) require no attribution.
> Some (Apache) require us to reproduce a "NOTICE" file from the original distribution. These vary from vendor to vendor.
> Some (GPL) require us to include a copyright statement, a statement of the terms under which the code is distributed, and instructions on how to obtain the sources used to build the component.
> There are others that have more unique requirements.
More information about the framers
mailing list