Stefano Mazzocchi wrote:
I have looked at the code you distribute and you are in clear violation of the ASF license and the ASF guidelines for these reasons:
OK, I don't want to delve into whether Ivelin's move is right or not from a community POV (but yes, I do share Steven and Torsten's concerns). This email sounds a bit too much like a threat to me, while I tend to assume that Ivelin was and is in good faith and unwilling to hurt anyone.
when I wear my PMC chair hat (and it's going to be a rare event), I am an officer of the foundation, trying to protect the interests of the foundation.
If the Ivelin's code is exploited, or infringes a patent, or is sued by someone and the foundation didn't have proper oversight, the foundation can get in trouble and *I*, as the PMC chair, I'm going to feel ashamed for having let this happening.
I'm *NOT* stating that Ivelin is doing this on purpose, hell no, but I'm pretty sure that he didn't understand the legal implications of his move and he needs to act quickly about it: either compliying with the ASF license or with the ASF code development policies.
Anyway, since you are making a point on legal stuff, with my lawyer hat on, I'm afraid that either I misunderstood at all the Apache license or you're just wrong when you say:
2) you are distributing ASF-copyrighted code from outside the ASF infrastructure.
I don't see what is the problem here: do you mean that I can't distribute Cocoon, or HTTPD, or Tomcat on my very own FTP server? Why that? Since when? The Apache license looks pretty clear to me when it comes to freedom to redistribute stuff and indeed I don't see why and how this can be seen as a violation. And if that's a violation, well... I guess that there are plenty of Internet resources that are
right, let me restate:
- you are distributing *MODIFIED* ASF-copyrighted code from outside the ASF infrastructure, and this in violation of the ASF practices and considered bad from an ethical point of view. It also removes legal PMC oversight and makes the ASF vulnerable to legal attacks.
As per package names, well... I guess it's questionable: I'm not sure that articles 4 and 5 cover even package names: actually one might say that *taking away* "org.apache" from the package name is a licence violation since it's a way to hide where the software comes from. OTOH, keeping those names might be confusing so I don't really know where to stand. For sure it's not polite and savy, but I'm not dead sure that it's illegal (meaning defendable in court).
You are right, there is nothing in the license that covers java package names explicitly. As a matter of fact, though, the java package namespaces are used to identify resources uniquely. And if you are abusing this namespace without the legal rights to the names, you are potentially hurting the owner. This scheme comes from the URI space and this space is legally *owned* by the foundation.
I'm pretty sure that if I identified my namespaces with something like "http://www.microsoft.com/whatever";, I would get their lawyers knocking on my doors even if, I'm sure, there is no license I signed or clicked-thru that prevented me from doing it.
Stefano.
