On Mon, May 19, 2008 at 12:23 AM, Martijn Dashorst <[EMAIL PROTECTED]> wrote: > On 5/19/08, Frank Bille <[EMAIL PROTECTED]> wrote: >> 1) I personally only know how to write code; not how to create cute >> kitten images. Therefore I don't question that Thoof could really have >> created the source code at hand. And the source code is not *so* >> complex. But in my world it takes more effort to create a kitten >> image, than it does to create a kitten captcha component. Ideally it >> would be nice if every file in the batch was followed by a >> oneliner/tag, saying "created in-house", "3. party ASL", etc. > > In an ideal world we could do anything with any IP. But the process of > the Software Grant and the IP Clearance have been vetted by the Legal > department of the ASF. The owner of Thoof has put his signature under > the Software Grant. This is as far as the ASF is concerned enough to > ensure due dilligence. Be it either source code or other IP > transferred under the grant.
Ok >> 2) But if we should be practical, then for my sake I trust the source >> code, but if we could just get a "yes, images are created in-house" or >> something from Thoof, then I would be satisfied. I know they have >> signed of the zip file, but if I look at the ip-clearance page[0], I >> see no dates on the "Check items" task. Does that mean that we don't >> really know what the license are for those images? > > Huh? What are you talking about? This check is for stuff that is not > under the ASL. Thoof has submitted the whole IP for distribution under > the Apache License, as per Software Grant. There is nothing to be > found that is not part of this grant. > > None of the source files have the appropriate License header, nor does > the zip have a License file. And yet you are willing to accept the > source code to be distributable under the ASL, even though they are > clearly lacking the License headers and License.txt Ok, it's about trust and I trust that the source code is theirs. >> 3) I'm +1 for including the components, with or without the images >> depending on what we find out with those. > > There is nothing to find out. They fall under the software grant. > Either you mistrust the grant (I would like to know what the evidence > is why you think the images are not owned by thoof), and should vote > -1, or you trust the grant, and you cast your vote based on whether or > not you find it a worthy addition (could still be -1). Again it's all about trust. And I trust that the java (and html) source code is (originally) owned by Thoof. I'm just slightly worried about the images. I can try to contact them myself and ask about those images. I don't have any evidence that they are problematic, but then again I don't have any evidence they are not. So just to summarize: I like the component as idea (no doubt about that) I trust the java source code. I trust that Thoof has done a good job making sure that they own the IP for it all I would like to find out if that good job also covers the images. I can't mistrust the grant unless I have evidence. So I'm going to see if I can get information about those images from Thoof. I not I would still be +1 for inclusion. We can remove them if we find out there are problems. Frank
