okey, i'm wading in here, noting as i do the angels high-tailing it in the other direction.. :-)
i'm ccing community@apache because i think portions of this discussion are important to the entire asf developer community, and not just jakarta. (jakarta leads the way again! <grin nature="completely non-hostile"/>) this is my take on the things we need to keep in mind. i may be wrong; where i'm unsure, i'm erring on the side of conservatism. and i'm saying this stuff with my board hat semi-on; that is, i'll be glad to be corrected or overruled by the rest of the board, but in the absence of such i'm breaking new ground with a tentative prototype policy. it's all open to discussion and refinement, but it's semi-official. it's just my take on things at the moment, but it's a stake in the ground. now, then. the (at least!) two things we need to keep in mind are: 1. no asf package (or asf contributor acting ex officio being an apache contributor) may deliberately violate the terms of any licence. 2. no code nor activity is permitted that will virally infect any of the asf's assets, or those of any user of asf packages. those are pretty much non-negociable; any inadvertent violation needs to be corrected AT ONCE as soon as it is identified. violating a licence because 'everyone else is doing it' or 'the licence-owner has never gone after anyone' are not on; we need to do the Right Thing, not the cop-out or expedient one. if, for instance, we violated one of microsoft's licence terms just because everyone else does, the potential harm to the asf is enormous: not only massive monetary liability, but severe damage to our reputation for integrity. so we must not distribute any 3p (third-party) packages from asf systems if it is not permitted by their licences. nor may any of our code automatically go off and fetch such packages and start using them on the user's system if the packages' licences require *any* sort of acknowledgement by the user. that is, if the licence for package 'x' says the user must stand on its head and send a paypal donation before using 'x', none of our code may automatically download 'x' to the user's system. if it's *already* on the user's system, we can use it -- but we can't get into any position in which we are essentially responsible for transmitting someone else's licence terms to the user, and assuming they've agreed to comply with them. (i.e., for now i'm ruling click-through licences as not permissible for our stuff to present.) as far as sun-bin licensed stuff on ibiblio -- it's not an asf system, so the asf is neither liable nor responsible. *if* some asf package requires sun-bin stuff, and silently goes off to ibiblio to download it, though.. that's not allowed. telling the user it needs to download the sun-bin stuff is fine; telling it the stuff can be found on ibiblio.. well, i *think* that's okey, but it's kinda grey. if someone is using an asf package that does *not*, itself, require such stuff, but is using the asf package to build something that does, i think we're pretty much okey there too, since the user needs to explicitly state the dependency. i think it's possible to consider stating the dependency as equivalent to having the stuff already on the system -- but again it's a grey area, and i hope roy can shed some light in this darkness. again, autofetching it by default from a known location -- such as ibiblio or sun -- once the dependency has been stated by the user *should* be okey. i think. i'm not even going to touch the infection issue at this point; it always makes my cephalic nodule hurt horribly. let's just say that we can't do anything that will trigger an infection of the asf's assets -- or those of someone using asf packages. if a licence permits *linking* against a library, there's no prohibition on our packages requiring the library in order to run properly. if a licence allows us to include the library, as a general rule we can package it with our stuff. if by linking with it or including it in our distributions we trigger a clause in its licence that either overrides the asf licence on our stuff, or forces the user to comply with rules more restrictive than the asf licence.. then we mustn't do that. i hope this all makes sense, to some degree. please follow up to [EMAIL PROTECTED] and because recording incremental advances before a final policy is published seems like an appropriate use, i've set up http://nagoya.apache.org/wiki/apachewiki.cgi?Licensing as a work area where we can distill the rules before they get finalised and formally published on www.apache.org. i need to stress that the wiki page is for *recording*, not discussing. if someone wants to take a look at the current state of things, the wiki is good method -- but hammering out the details needs to happen on the mailing list. long message.. thanks for your patience! -- #ken P-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "Millennium hand and shrimp!" --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
