On Wed, 26 Feb 2003, Noel J. Bergman wrote: > differing views on how to make use of the repository. Costin and I seem to > be of the option that a significant portion of the value of the repository > comes from sharing and centralizing the managment of ASF-acceptable third > party jars.
Not entirely true, but close. I think third party jars that are found compatible with ASF license - i.e. freely redistributable - are very valuable as they will allow projects to better manage their dependencies. I don't believe in a single repository or a single policy - the download tools must be smart and be able to deal with different kinds of repositories ( apache, sourceforge, maven, etc ). Heck - if the tool can display the license and ask for an "I agree" and if this satisfies the requirements of some licenses - it should be supported. That's what makes a good tool - flexibility and ability to accept multiple inputs. > should reply in proxy, so I will quote him: "People *must* know that the > maven team decided a whole lot of things about repositories. And having an > apache only repository is almost useless; even apache uses non-apache code. > The current 'daedalus' repository seems to be duplicating what's already > been done in maven." Well, Maven doesn't seem to be that concerned with duplication, and values the competition :-) To paraphrase Jason - what's wrong with multiple competing repositories ? A smart tool should be able to support multiple policies - or choose to restrict the users to a particular set. To take one example - the jar naming - I understand very well that Maven people decided on this thing. And I understand that a lot of people consider this a good decision - and a lot of other people don't. If this becomes an apache-wide policy, I strongly disagree that Maven can decide for apache policies. In other words - as long as maven decisions affect only maven - I don't care. But if it affects other projects, and the repository certainly does - then the PMCs of those projects or the apache community are the ones that decide. > > Licensing policy is quite tricky and lots of things need to be done > > before the ASF should even consider setting up a centralized easily > > user-accessible distribution [of third party jars] > > But that's the whole point, Leo. :-) Given the confusion and effort > related to the approved use of third party jars, I see that as a primary > benefit of the repository, not even a secondary one. Especially from the > standpoint of the Board (and projects) being able to verify that all third > party jars have clean license. I'm not sure if you have any idea of how > many hours and hours Dion has invested in going through the Maven > repository, and its licensing. +1 - with the same mention that multiple repositories should be supported by the tools, and apache should contain only apache software and what is fully redistributable ( and aproved by the board ). > By using the repository as the authoritative statement of what is > acceptable, projects have both a known authority and a known procedure for > securing approval to use another jar. This provides further protection to +1 > And those would be the guiding principles used by the repository oversight > committee to approve new contents. By centralizing it, if there are any +1 on the oversight committee for non-apache jars. A strong -1 on oversight for apache jars. We already have PMCs for each project, and those should oversee the distribution of their own files. Costin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
