Kohsuke Kawaguchi wrote:
>> To clarify my reasons for asking. I have no intention to modify the spec
>> API but I would like to be able to perform my own builds based on the
>> source provided as this would (under the CDDL) allows me to ship the
>> outcome of that build (Executable) under my own license. The problem
>> with the current (source) distribution is that I accept the Work under
>> the terms of the CDDL, but as some of the individual source files don't
>> explicitly refer to the CDDL. As such I'm reluctant to distribute JAXB
>> under the CDDL as I would have to make available the Source while the
>> license headers are not 'clear' for the javax.xml namespace.
>
>
> I'm bit confused as to which part of the above refers to the RI and
> which part to the API, but I believe you can certainly redistribute API
> jars.
IANAL, but let's give it a try.
Assuming jaxb-api.jar is under the CDDL (I can't find any remarks it is
licensed under something else) I would expect the source to be licensed
under the CDDL too as redistributing jaxb-api.jar by me under the CDDL
gives me at least the obligation to make the source code for it available.
The source distribution that goes with the binary distribution provides
the source for the javax.xml namespace so I was hopefull, but the header
doesn't refer to the CDDL. It states something like this:
"This software is the proprietary information of Sun Microsystems,
Inc. Use is subject to license terms."
A common statement for source code that is/will be distributed under
various licensing terms, but the actual binding to the terms effective
is not as strong as with a header that explicitly refers to the terms
applicable to the file.
It might be the case that the files are under the CDDL too, but I'm in
doubt here. Problems start when I distribute the source as part of a
work that is licensed (as a whole) under my own (different) license. As
I'm not entitled to relicense the source I have to take measurements to
make sure it is clear for the receiver under which terms the source is
licensed to them, the headers of most of the other files do that, except
for the API source files.
As our company 'normalizes' software distributions in our repository
to make sure (amongst other things [*]) all legal aspects are covered
and as we often make our own build I'm currently not completely
confident whether everything is OK. One might call it license paranoia
;-), but as a principle I believe (besides the legal requirement) one
should honor the license terms of the original authors.
[*] by normalizing the distributions it is often possible to reduce the
number of applicable license drastically; JAXB runtime versus JAXB
compile time (XJC) and the version of J2SE JAXB is deployed on (no
Xerces and Xalan required for J2SE 1.4 and above) as license
proliferation is a real problem.
> You mentioned that "some of the individual source files don't explicitly
> refer to the CDDL." Which files are they?
I must admit I didn't check each source file, but just took a few
samples. That way I found out that all the source files in the javax.xml
namespace (part of the source distribution) don't have the CDDL header,
but another check also revealed the source files in the com.sun.relaxng
namespace have the "This software ... terms" statement as file header.
>> I understand it will take some time, but there are some clear signals
>> everything is heading in the right direction ;-)
>
>
> My understanding is that the migration of 1.0 source code to CDDL is
> complete. So if there's anything we are missing, we'd like to know.
Sorry, I refered to the CVS access, not to the licensing of JAXB in general.
But I must admit I find the (weekly) distribution rather vague with
which parts are covered by which license. In general software projects
do a bad job in identifying which parts of a distribution are covered by
which license (most of the times they only mention the license by which
the whole work is covered).
As an example the source distribution contains a few JAR files that
(based on some searching) can be identified as being licensed under:
Apache License, Version 1.1 (xercesImpl.jar, xalan.jar, resolver.jar)
BSD type license (relaxngDatatype.jar)
MIT license (isorelax.jar)
Without this information it is rather hard for people performing a
redistribution (or partial distribution) to find out which licenses
apply and what they must include as part of that distribution.
> P.S. I really wish all those licenses are much shorter...
Me too, but actually reading the CDDL is rather straightforward.
--
Mark