Hi,
As you know by now, we recently released the latest version of our
product, 5.2, which we are all very proud of and is the manifestation
of much hard both within Nuxeo and from you our committed community.
As part of this release we were planning to ship the implementation of
the Sharepoint Protocols (WSS) to offer a great integration with the
client desktop, allowing MSOffice and Windows Explorer to natively
access Nuxeo's repository.
However, we have recently discovered that the external development
company that we contracted with to deliver this component has
introduced some foreign GPL-licensed code into this component,
breaching its contributor agreement. While this the code wasn't used
by the component (it was mainly for testing purposes), we strongly
forbid this kind of behavior for any reason.
To remedy this, we have decided to remove the whole component, not
only the 4-5 impacted files to be sure the IP is clean and the
copyright managed properly. The RC release has been repackaged without
the problematic component and all the source code has been wiped out
from the codebase. We will devise later what we will do with this code
(release it on sourceforge under the GPL with a joint copyright or
just destroy it).
As part as our commitment to our customer and the community, the
feature will be developed again by a different team in a clean-room
environment, without reusing any of the knowledge previously acquired.
So it will be back soon (4-8 weeks), as a plugin for the 5.2 and as
part as the next minor version (5.2.1).
While we are clearly disappointed by this situation we realize that
our decision to adopt a completely open source development model opens
the possibility for situations such as this to occur. That said, we
believe the benefits out weight the negatives and in the end make the
software stronger and the code cleaner.
To be completely clear let me state again our strict policy when it
comes to dealing with foreign code to keep our IP and codebase clean:
- *never* use any GPL-licensed code under any circumstance
- If you are considering the use of foreign code or library, ask
permission from the project's tech lead when you think it's the best
option (including the purpose and the license)
- never remove any header or copyright when you reuse a single file
- never copy/paste foreign code
Keeping our IP clean is something we will never compromise on as we
never want to put our customers or our community at risk. While our
support customers are covered by the indemnification clause the
broader point here is we will not tolerate any deviations from our
standards.
Actions have already been taken to enforce and make more transparent
our policy on these topics, and please know that we have been affected
by this incident and know full well the impact it could have on our
credibility moving forward. We believe the swift and uncompromising
actions we have taken will make us stronger and help build more trust
in the code we're proud and happy to deliver to our customers and our
community.
Thanks for your confidence,
EB.
PS: let me know if you would like more information or details.
--
Éric Barroca, CEO — Nuxeo, Open Source ECM — www.nuxeo.com
Phone: (fr) +33 6 2174 7764 • (us) +1 617 418 3118 • (skype) ebarroca
Follow me: http://twitter.com/ebarroca • http://blogs.nuxeo.com/ebarroca
[New] Join the Nuxeo Group on LinkedIn: http://www.linkedin.com/groups?gid=43314
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
