Dwayne: I get it, because I'm in exactly the same boat. I can even put a price tag on it; it's around a $15K mistake -- per occurrence -- for me to have to reboot a compliance validation exercise because I made representations about licenses that turn out not to be true.
I'm sure there's a huge staff bandwidth problem though, because the JRuby team is not large. Not only would JRuby need to aggressively police the licenses of new inclusions, but review the licenses every time the dependencies are updated, to make sure the terms have not changed. That's a load of work. If enough (let's say 3?) volunteers pop up, maybe jruby-dev could pick up that work to review inclusions for each release for IP problems. For me, helping police the IP is cheaper than the cost of discovering surprise GPL code where I didn't expect it to be ... but I can't promise to be on hand every time either. - Rob On Wed, Jul 14, 2010 at 3:34 AM, Charles Oliver Nutter <head...@headius.com>wrote: > If it's pretty clear-cut which libraries we should or should not > distribute, we can make adjustments to the distribution so that things > are more clear-cut. We have desired to make our licensing easier to > understand, but given the fact that most OSS projects are themselves > hard-to-understand, it's a complicated task. Can you spell out what > would make you comfortable to redistribute JRuby? >
