> all PMCs whose committers 'commit' to the repository should maintain
> some oversight.
Infrastructure hasn't considered that a good model for the Wiki, and I don't
know that it would work any better for the repository. Someone needs to
take responsibility for the oversight.
> I'm not suggesting we place non-ASF jars online, which
> simplifies license issues rather by a large amount.
Yes, that does. But I am expecting that people will want common things like
JUnit, which I understand to be acceptable so long as the IBM license is
there. Once the binary distinction of ASF v non-ASF is dropped, then the
simplicity of it being OK because it is all ASF-licensed code turns into the
policing scenario that Maven is currently practicing, through Dion Gillard.
But using the repository to hold third party jars for which the ASF has
specifically ascertained appropriate license rights exist seems to be what
gives us the most bang, because it is the third party libraries that are the
most potentially time consuming and "risky". Rather than each project have
to deal with each third party jar, using the repository for that purpose
would both share the burden of acquiring suitable license rights, and
ensuring that they were acquired.
So, yes, the ASF-only distinction simplifies repository policing, but using
it as the central location for authorized third party jars simplifies
overall policing of third party license issues for the ASF as a whole.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
