The "answers" below are not on behalf of the ASF, but based on what the common sense appears to be, from my individual perspective.
In particular, your project is not relieved from learning what a license requires of it and demonstrating satisfaction of such requirements. -- replying below to -- From: Alex Harui [mailto:aha...@adobe.com] Sent: Monday, January 5, 2015 09:52 To: general@incubator.apache.org Subject: Re: Binary Convenience Package Dependencies [ ... ] >2A) If your build script downloads an MPL jar, must it provide an option >to download the source? > >2B) If your build script downloads an MPL jar, is any other additional >warning or explicit action required? <orcmid> It depends on what the governing license requires with respect to Whatever is being done with the download. If you are redistributing the jar or anything in it, see (2C). As a *practice* it can be valuable to download accompanying licenses and to make it clear where the download is obtained. That's a matter of being transparent with regard to the provenance of code being used and what version it is, etc. That can matter in the event there is a later concern about revelations of upstream defects, vulnerabilities, and such. Presumably the upstream source will provide any determination on the availability of source code. (In (2B) there is no indication that the ASF project is accessing such source code itself.) </orcmid> > >2C) If your binary package bundles an MPL jar (assuming the answer to #1 >allows it), must it provide an option to download the source? <orcmid> This item has nothing to do with the ASF policy about category B software. For (2C), the obligation is to comply with the MPL license with respect to redistribution of a binary component that is provided under that license. In particular, what other ASF projects might or might not do is not a reliable precedent for what your project does. What your project must do is comply with the applicable license. There may be additional steps required as part of the ASF policy and recommendations, but the minimum is determined by the governing license. For example, your project's LICENSE and NOTICE files included in your binary package bundle will likely also address the presence of the MPL-licensed dependency, as required in accordance with ASF policy. </orcmid> > >Thanks, >-Alex > >[1] http://www.apache.org/dev/release.html >[2] http://www.apache.org/legal/resolved.html --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
