[jira] Created: (FOR-855) verify the license situation prior to each release

verify the license situation prior to each release
---------------------------------------------------

         Key: FOR-855
         URL: http://issues.apache.org/jira/browse/FOR-855
     Project: Forrest
        Type: Bug

  Components: Project administration  
    Reporter: David Crossley
    Priority: Blocker
     Fix For: 0.8-dev


This should be continually happening anyway, but immediately prior to each release we need to verify that our license situation is in order. This issue should not ever be closed, rather just move the "Fix for Version" on to the next release.

Here are some of the tasks:

A) Ensure that all supporting libraries have a corresponding license. Basically every jar file or other external package needs to have a *.license.txt file. Ensure that any license conditions are met, e.g. for some we must add an entry to NOTICE.txt, while for some others we must not. Remember to abide by the ASF guidelines (e.g. nothing more restrictive than the Apache License).

B) Scan the whole trunk repository to add missing ASF copyright headers to source files and to ensure that the ASF copyright headers have not been accidently added to external files. See etc/relicense.txt


--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

     [ http://issues.apache.org/jira/browse/FOR-855?page=all ]

David Crossley updated FOR-855:
-------------------------------

    Description:
This should be continually happening anyway, but immediately prior to each release we need to verify that our license situation is in order. This issue should not ever be closed, rather just move the "Fix for Version" on to the next release.

Here are some of the tasks:

A) Ensure that all supporting libraries have a corresponding license. Basically every jar file or other external package needs to have a *.license.txt file. Ensure that any license conditions are met, e.g. for some we must add an entry to NOTICE.txt, while for some others we must not. Remember to abide by the ASF guidelines (e.g. nothing more restrictive than the Apache License).

B) Scan the whole trunk repository to add missing ASF license headers to source files and to ensure that the ASF license headers have not been accidently added to external files. See etc/relicense.txt


  was:
This should be continually happening anyway, but immediately prior to each release we need to verify that our license situation is in order. This issue should not ever be closed, rather just move the "Fix for Version" on to the next release.

Here are some of the tasks:

A) Ensure that all supporting libraries have a corresponding license. Basically every jar file or other external package needs to have a *.license.txt file. Ensure that any license conditions are met, e.g. for some we must add an entry to NOTICE.txt, while for some others we must not. Remember to abide by the ASF guidelines (e.g. nothing more restrictive than the Apache License).

B) Scan the whole trunk repository to add missing ASF copyright headers to source files and to ensure that the ASF copyright headers have not been accidently added to external files. See etc/relicense.txt



> verify the license situation prior to each release
> --------------------------------------------------
>
>          Key: FOR-855
>          URL: http://issues.apache.org/jira/browse/FOR-855
>      Project: Forrest
>         Type: Bug

>   Components: Project administration
>     Reporter: David Crossley
>     Priority: Blocker
>      Fix For: 0.8-dev

>
> This should be continually happening anyway, but immediately prior to each release we need to verify that our license situation is in order. This issue should not ever be closed, rather just move the "Fix for Version" on to the next release.
> Here are some of the tasks:
> A) Ensure that all supporting libraries have a corresponding license. Basically every jar file or other external package needs to have a *.license.txt file. Ensure that any license conditions are met, e.g. for some we must add an entry to NOTICE.txt, while for some others we must not. Remember to abide by the ASF guidelines (e.g. nothing more restrictive than the Apache License).
> B) Scan the whole trunk repository to add missing ASF license headers to source files and to ensure that the ASF license headers have not been accidently added to external files. See etc/relicense.txt

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

     [ http://issues.apache.org/jira/browse/FOR-855?page=all ]

David Crossley reassigned FOR-855:
----------------------------------

    Assign To: David Crossley

> verify the license situation prior to each release
> --------------------------------------------------
>
>          Key: FOR-855
>          URL: http://issues.apache.org/jira/browse/FOR-855
>      Project: Forrest
>         Type: Bug

>   Components: Project administration
>     Reporter: David Crossley
>     Assignee: David Crossley
>     Priority: Blocker
>      Fix For: 0.8-dev

>
> This should be continually happening anyway, but immediately prior to each release we need to verify that our license situation is in order. This issue should not ever be closed, rather just move the "Fix for Version" on to the next release.
> Here are some of the tasks:
> A) Ensure that all supporting libraries have a corresponding license. Basically every jar file or other external package needs to have a *.license.txt file. Ensure that any license conditions are met, e.g. for some we must add an entry to NOTICE.txt, while for some others we must not. Remember to abide by the ASF guidelines (e.g. nothing more restrictive than the Apache License).
> B) Scan the whole trunk repository to add missing ASF license headers to source files and to ensure that the ASF license headers have not been accidently added to external files. See etc/relicense.txt

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

    [ http://issues.apache.org/jira/browse/FOR-855?page=comments#action_12448047 ]
           
David Crossley commented on FOR-855:
------------------------------------

Here is a link to Cliff's explanatory doc:
http://apache.org/legal/src-headers.html

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ http://issues.apache.org/jira/browse/FOR-855?page=comments#action_12448051 ]
           
David Crossley commented on FOR-855:
------------------------------------

Status:
Part A is still to be done.
Part B is done once, need to do again just prior to release.

Because we let the release slip past the cut-off date of 1 November, we now need to fully meet the new policy. Main job is to organise the license files for supporting products and refer to them.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/FOR-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12472463 ]

Ross Gardler commented on FOR-855:
----------------------------------

With the move to Ivy we will no longer have jar files in the lib directory, they will instead be in tools/ivy.repository/[PROJECTNAME]/jars

As a result we will no longer need to name license files *.license.txt as they can be placed within the projectname directory.

I'm not sure how this affects the related issue FOR-857

I will be performing Part A as I work our dependencies and add them to our ivy repository. I'll post any issues requiring more oversight against this issue.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/FOR-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12472465 ]

Ross Gardler commented on FOR-855:
----------------------------------

I'm not 100% sure that the ASM license is compatible with the ASL2. It's a "simple" license, see branches/ivyBuild/tools/ivy/repository/asm/LICENSE.txt

Does anyone have any knowledge about this before I take it to legal-discuss@...

(note forrest 0.8 does not use it so we could always just drop it from our repo if we are unsure)



--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/FOR-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12472502 ]

David Crossley commented on FOR-855:
------------------------------------

The ASM license is BSD-style which is an allowed license. See http://www.apache.org/legal/3party.html#category-a

You need to add a copy of their license to tools/ivy/repository/[PROJECTNAME]/LICENSE.txt
(which eventually needs to be declared as per FOR-857).


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

David Crossley (JIRA) wrote:
>     [ https://issues.apache.org/jira/browse/FOR-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12472502 ]
>
> David Crossley commented on FOR-855:
> ------------------------------------
>
> The ASM license is BSD-style which is an allowed license. See http://www.apache.org/legal/3party.html#category-a
>
> You need to add a copy of their license to tools/ivy/repository/[PROJECTNAME]/LICENSE.txt
> (which eventually needs to be declared as per FOR-857).

Thanks David. I added the license last night, but may well have not got
around to commiting it yet (different machine today). All licenses will
be in ordr by the time I finish the Ivy work.

Ross

    [ https://issues.apache.org/jira/browse/FOR-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12487368 ]

David Crossley commented on FOR-855:
------------------------------------

I have done part B a couple of times recently and processed our trunk with "Arat" and waded through the results. Nice correlation of reports.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/FOR-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Crossley updated FOR-855:
-------------------------------

        Fix Version/s:     (was: 0.8-dev)
                       0.9
    Affects Version/s: 0.9

Done for 0.8 release. Moving the issue over to next 0.9 rather than closing.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/FOR-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Crossley reassigned FOR-855:
----------------------------------

    Assignee:     (was: David Crossley)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/FOR-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Crossley updated FOR-855:
-------------------------------

    Description:
This should be continually happening anyway, but immediately prior to each release we need to verify that our license situation is in order. This issue should not ever be closed, rather just move the "Fix for Version" on to the next release.

Here are some of the tasks:

A) Ensure that all supporting libraries have a corresponding license. Basically every jar file or other external package needs to have a *.license.txt file. Ensure that any license conditions are met, e.g. for some we must add an entry to NOTICE.txt, while for some others we must not. Remember to abide by the ASF guidelines (e.g. nothing more restrictive than the Apache License).

B) Scan the whole trunk repository to add missing ASF license headers to source files and to ensure that the ASF license headers have not been accidently added to external files. See etc/relicense.txt

C) Remove any author tags.

  was:
This should be continually happening anyway, but immediately prior to each release we need to verify that our license situation is in order. This issue should not ever be closed, rather just move the "Fix for Version" on to the next release.

Here are some of the tasks:

A) Ensure that all supporting libraries have a corresponding license. Basically every jar file or other external package needs to have a *.license.txt file. Ensure that any license conditions are met, e.g. for some we must add an entry to NOTICE.txt, while for some others we must not. Remember to abide by the ASF guidelines (e.g. nothing more restrictive than the Apache License).

B) Scan the whole trunk repository to add missing ASF license headers to source files and to ensure that the ASF license headers have not been accidently added to external files. See etc/relicense.txt



Added task "C) Remove any author tags." This has been done in the past (e.g. FOR-123) but it is a continual monitoring job.

There is one tool to list them, in the "commiiters" repository in the "tools' section.

Here is the Board recommendation:
http://www.apache.org/foundation/records/minutes/2004/board_minutes_2004_09_22.txt
and the issue has been discussed many times on various mail lists, if people want to search to learn the rationale.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/FOR-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12764941#action_12764941 ]

David Crossley commented on FOR-855:
------------------------------------

Over the past few weeks i have been gradually developing a Perl script to assist with "Task A)". It intends to ensure that every jar has a matching license file, and that all licenses are referenced in our top-level LICENSE.txt file. Until we fully use Ivy, that will assist with this issue.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.