On Thu, 31 Mar 2005, Geir Magnusson Jr. wrote:
> We are able to include binary jars from other outside projects in our
> official releases, because
>
> a) it's clear that we are the publisher of the combined work
> that is our release
> b) there has been sufficient oversight by the releasing PMC
> to ensure that the licenses and re-distribution terms for
> the third party jars are appropriate
c) we are tracking those third party jars, ensuring that they
are readily recognizable as third party (e.g. by putting them
in a separate directory) and have full control to make sure that
the license agreements are tracked.
> In order to do have a maven repo that includes third party jars, we must
>
> a) make it clear that we are *NOT* the publisher of the third party
> jars, but we are just redistributing it under appropriate terms
> as defined by the publisher
c) and we track the license which allows us to re-distribute. This is
usually the same license under which our users can re-distributed;
though there are exceptions (think some of the SUN artefacts where
the ASF secretariat has a separate document on file).
> b) we can demonstrate that the PMC had oversight and control
> over the contents of the repository to monitor the content,
> license and re-dist terms
Dw.
