Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0-beta9
    • Component/s: None
    • Labels:
      None

      Description

      The source archive apache-log4j-2.0-beta8-src.zip contains at the top-level:

      LICENSE
      LICENSE.txt
      NOTICE
      NOTICE.txt

      This is unnecessary and confusing.
      The two LICENSE files are similar, except that the Appendix in LICENSE.txt has been amended from

      Copyright [yyyy] [name of copyright owner]
      to
      Copyright 1999-2005 The Apache Software Foundation

      That section of the license file should not be updated; it is a template for 3rd parties to use (and could probably be dropped as it is not part of the AL 2.0).

      The two NOTICE files are very different; NOTICE starts "Log4j Distribution"; this is wrong, it should be "Apache Log4j" and the leading blank line should be dropped.

      NOTICE.txt starts OK, and has two attributions.
      Are these both required?
      See:
      http://www.apache.org/dev/licensing-howto.html#mod-notice

      Are you sure both notifications are required?
      Given the discrepancy with the other NOTICE file is very unclear what has happened here and what is correct.

      Also, I cannot find any reference to Dumpster in the source archive; only included bits must be referenced in N&L files. [Later] I see the source was copied to a new package

      It's not obvious in the binary archive either, but I suppose it could be hidden in one of the jars.

      The LICENSE.txt file in the binary archive has been modified same as in the source archive. Looks like an attempt to automate changing the NOTICE dates has failed and managed to mangle the LICENSE as well.

      It's vital that NOTICE files are as short as possible.

        Activity

        Hide
        Ralph Goers added a comment -

        LICENSE and NOTICE are generated by Maven. I need to figure out how. The "Log4j Distribution" in the NOTICE file is because the assemblies are created in the Log4j distribution sub-project and Maven is inserting the project name.

        Both of the attributions in NOTICE.txt look to me to be required.

        Show
        Ralph Goers added a comment - LICENSE and NOTICE are generated by Maven. I need to figure out how. The "Log4j Distribution" in the NOTICE file is because the assemblies are created in the Log4j distribution sub-project and Maven is inserting the project name. Both of the attributions in NOTICE.txt look to me to be required.
        Hide
        Sebb added a comment - - edited

        AFAIK it's the remote-resources plugin that causes the problem.
        If you want to manage your own N&L files (probably necessary here) it will have to be disabled.

        There's a problem with the N&L files in the binary archive apache-log4j-2.0-beta8-bin.zip.
        NOTICE.txt mentions ResolverUtil.java and Dumbster, but LICENSE.txt does not.
        The LICENSE file must include details of all 3rd party software; some such software also needs to be mentioned in NOTICE.

        Also the LICENSE.txt file in the binary archive is likewise corrupted from the original

        I don't think Dumbster needs to be mentioned in NOTICE(.txt); the embedded notice.txt in the Dumbster download is empty.
        I see now that the source code was directly copied into a new package, and the original Copyright statements were removed.
        That DOES require a mention in the NOTICE file [1], but it also requires written permission from the original author [2]
        And it does need to be mentioned in LICENSE(.txt)

        And certainly ResolverUtil must be mentioned in LICENSE(.txt). Depending on the terms of its license, it may need to be mentioned in NOTICE(.txt) as well.

        But in all cases the LICENSE file must contain the text of, or pointers to a local copy of the text of, the licenses of the source or binary code that is included in the archive or jar file. The NOTICE file must include the standard ASF stuff; it may need to include other notices, depending on what their licenses say.

        [1] http://www.apache.org/legal/src-headers.html#3party
        [2] http://www.apache.org/legal/src-headers.html#header-existingcopyright

        Show
        Sebb added a comment - - edited AFAIK it's the remote-resources plugin that causes the problem. If you want to manage your own N&L files (probably necessary here) it will have to be disabled. There's a problem with the N&L files in the binary archive apache-log4j-2.0-beta8-bin.zip. NOTICE.txt mentions ResolverUtil.java and Dumbster, but LICENSE.txt does not. The LICENSE file must include details of all 3rd party software; some such software also needs to be mentioned in NOTICE. Also the LICENSE.txt file in the binary archive is likewise corrupted from the original I don't think Dumbster needs to be mentioned in NOTICE(.txt); the embedded notice.txt in the Dumbster download is empty. I see now that the source code was directly copied into a new package, and the original Copyright statements were removed. That DOES require a mention in the NOTICE file [1] , but it also requires written permission from the original author [2] And it does need to be mentioned in LICENSE(.txt) And certainly ResolverUtil must be mentioned in LICENSE(.txt). Depending on the terms of its license, it may need to be mentioned in NOTICE(.txt) as well. But in all cases the LICENSE file must contain the text of, or pointers to a local copy of the text of, the licenses of the source or binary code that is included in the archive or jar file. The NOTICE file must include the standard ASF stuff; it may need to include other notices, depending on what their licenses say. [1] http://www.apache.org/legal/src-headers.html#3party [2] http://www.apache.org/legal/src-headers.html#header-existingcopyright
        Hide
        Ralph Goers added a comment -

        Each jar and distribution zip now only has a single LICENSE and NOTICE file. In addition the NOTICE file contains the information only required for the specific jar or zip.

        Show
        Ralph Goers added a comment - Each jar and distribution zip now only has a single LICENSE and NOTICE file. In addition the NOTICE file contains the information only required for the specific jar or zip.

          People

          • Assignee:
            Ralph Goers
            Reporter:
            Sebb
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development