danielspicar
commented
12 years ago The jmxremote_optional.jar in maven is declared to be licensed under Common Development And Distribution License (CDDL) Version 1.0.
This is good news. Sepcifically because we only include the binary form.
According to http://www.apache.org/legal/resolved.html:
Software under the following licenses may be included in binary form within an Apache product if the inclusion is appropriately labeled: CDDL, Versions 1.0 and 1.1 [...]
By including only the object/binary form, there is less exposed surface area of the third-party work from which a work might be derived; this addresses the second guiding principle of this policy. By attaching a prominent label to the distribution and requiring an explicit action by the user to get the reciprocally-licensed source, users are less likely to be unaware of restrictions significantly different from those of the Apache License. Please include the URL to the product's homepage in the prominent label.
Specifically I think these measures are required:
- The NOTICE file must point to the source form of the included binary.
- CDDL license full text must be available in the distribution.
Libraries incompatible with Apache 2.0 License:
Are there any more?