Skip to content

Commit

Permalink
Fix #532: Add APACHE-2-noemail.txt
Browse files Browse the repository at this point in the history
  • Loading branch information
@mathieucarbou
mathieucarbou committed May 12, 2024
1 parent 9de20ec commit bb405fd
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions ...-plugin/src/main/resources/com/mycila/maven/plugin/license/templates/APACHE-2-noemail.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
Copyright Β© ${year} ${owner}

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

This comment has been minimized.

Sign in to view

Copy link
@dbmalkovsky

dbmalkovsky May 15, 2024

Shouldn't this be (note the s after http ):

https://www.apache.org/licenses/LICENSE-2.0

This comment has been minimized.

Sign in to view

Copy link
@mathieucarbou

mathieucarbou May 15, 2024
edited
Loading

Author Owner

No. Read: https://www.apache.org/licenses/LICENSE-2.0

This comment has been minimized.

Sign in to view

Copy link
@hazendaz

hazendaz May 15, 2024

Collaborator

That is a bit confusing. Their doc is old there . It should be secure. The site redirects and having http: in the projects is a problem when https: is the real location. Personally I think it should be changed to https and apache should update their own information given there is no real http: location since it simply redirects to https.

This comment has been minimized.

Sign in to view

Copy link
@mathieucarbou

mathieucarbou May 16, 2024

Author Owner

Screenshot 2024-05-16 at 09 13 52

This comment has been minimized.

Sign in to view

Copy link
@mathieucarbou

mathieucarbou May 16, 2024

Author Owner

The license header text has NOTHING to do with the project code or its capability to resolve http(s) urls.

This comment has been minimized.

Sign in to view

Copy link
@dbwiddis

dbwiddis May 16, 2024

Contributor

That exact same page, at the top, lists the text copy of the license at a different URL:

Screenshot 2024-05-16 at 1 46 49β€―AM

However, following the https link https://www.apache.org/licenses/LICENSE-2.0.txt we get to the official text version of the license which begins:

                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/

And so we enter an infinite loop where observing the 's' makes it go away, and not observing it makes it come back. Heisenberg would be proud.

Off to pet my cat, which may or may not be alive.

This comment has been minimized.

Sign in to view

Copy link
@mathieucarbou

mathieucarbou May 16, 2024
edited
Loading

Author Owner

there is a difference between the text header Apache asks to put at the top of headers (which is text, and could be anything) and the URL they use to refer to their web pages.

The link you point: https://www.apache.org/licenses/LICENSE-2.0.txt is just a link, it is not part of a template and could be anything. They could have wrote https://www.apache.org/licenses/LICENSE-2.0, https://www.apache.org/LICENSE-2.0.txt, or whatever they want. This is just a link to a web page.

The only requirement is that the link in the header template which they ask to put on header file points directly or through a redirect to the Apapche license page, which is what is done.

I don't see any issue here, and if you do I suggest you communicate with the Apache folks to sort it out ;-)

This comment has been minimized.

Sign in to view

Copy link
@dbwiddis

dbwiddis May 17, 2024

Contributor

For clarity, I'm leaning toward using the suggested (http) language verbatim. I'm just amused at the inconsistency. I don't see an issue or need to change anything... particularly if it's just a default that users can change if it matters to them.

This comment has been minimized.

Sign in to view

Copy link
@hazendaz

hazendaz May 19, 2024

Collaborator

IMO I switch all license headers for apache or any other that have valid https in place to avoid nearly all files from showing http: in them when trying to track down real concerning issues. I think that is best practice in general because one should not rely on a redirect to work long term.

This comment has been minimized.

Sign in to view

Copy link
@mathieucarbou

mathieucarbou May 19, 2024
edited
Loading

Author Owner

IMO I switch all license headers for apache or any other that have valid https in place to avoid nearly all files from showing http: in them when trying to track down real concerning issues. I think that is best practice in general because one should not rely on a redirect to work long term.

So your header is not anymore the header that the Apache foundation recommends to use. I am not saying it's wrong, I am just saying that the file header should be according to the Apache recommendations, by default. Up to users to decide how far they change from this default.

This comment has been minimized.

Sign in to view

Copy link
@dbwiddis

dbwiddis May 19, 2024

Contributor

Actually @mathieucarbou, ASF does include the https version in their FAQ: https://www.apache.org/foundation/license-faq.html#Apply-My-Software

So it would still be "the header" (or at least one of two headers differing by a single letter) that ASF recommends. So is the http version. Either is valid for non-ASF projects. For ASF projects, the http version is required per https://www.apache.org/legal/src-headers.html

The version on the bottom of the license header page here is proposed to be removed (https://issues.apache.org/jira/browse/LEGAL-416). See also https://issues.apache.org/jira/browse/LEGAL-536 and https://issues.apache.org/jira/browse/LEGAL-457 discussing this issue, all talking about making the https change after removing the footer.

Related, the actual, legal text of the license that you read when you follow that link (using http or https) also includes the http version, as I noted above. You can not arbitrarily change the text of that license. So we will always have at least one http around... until v3 (or 2.1, or whatever) of the license.

If we were starting from scratch, I'd favor the "s". We're not. The existing template we're creating a new version of also uses http. I'd prefer consistency, having these both match, and I'd not like to change the other header to add an "s" because that would create a useless diff on hundreds of files for no good reason.

I'd prefer keeping the http version until ASF eventually changes their footer.

This comment has been minimized.

Sign in to view

Copy link
@dbwiddis

dbwiddis May 19, 2024

Contributor

Searched ASF projects. 40x as many files have headers with http than those with https.

HTTP: 1.4 million files

HTTPS: 35.3 thousand files

This comment has been minimized.

Sign in to view

Copy link
@mathieucarbou

mathieucarbou May 19, 2024

Author Owner

@dbwiddis : thanks for shining a light on all these concrete discussions!
On a side note, reading about SPDX, I am using that for some projects since a while now and I must say it simplifies things things a lot. Headers would also be easier to find & replace and also be normilised if we supported SPDX headers.

This comment has been minimized.

Sign in to view

Copy link
@dbwiddis

dbwiddis May 19, 2024

Contributor

@dbwiddis : thanks for shining a light on all these concrete discussions! On a side note, reading about SPDX, I am using that for some projects since a while now and I must say it simplifies things things a lot. Headers would also be easier to find & replace and also be normilised if we supported SPDX headers.

Agreed! I've switched my own project to a 2-liner SPDX header and at work we also use a simpler SPDX.

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

0 comments on commit bb405fd

Please sign in to comment.