On Tue, 4 Aug 2020 at 13:01, Jaroslav Tulach <[email protected]> wrote: > I am not a fan of punishing users for using my API/product.
Neither am I. I just think you're aiming that at the wrong people! I agree with what Matthias said earlier, "There was more than enough time in the oracle area to mirror binaries to maven central, but noone bothered." In fact, there is still time for Oracle to mirror it internally or externally and request we update the redirections? > If one can guarantee the bits are identical, I'd say both situations are the > same. What if Apache server delivers the checksum files and my server delivers > the JARs? That would be both license correct (3rd party JARs goes from > elsewhere) as well as secure (Maven would refuse any changed JAR) from ASF > perspective. Maybe. Technically it might be the same, but from other points of view (eg. entity validating the downloads) it might not be. Worth discussing as an alternative plan though. > > You should now have been CC'd into an off-list email conversation > > involving Oracle on these. > > I haven't noticed any conversation. I'll dig out and forward. Best wishes, Neil --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
