Steve Downey wrote:
It is your responsibility to enforce that policy. Not maven and not the ASF's. When you integrate JAR or any resource into your project you are doing so delibrately. You should know where that jar originally comes from. If you don't, ask on the developers or user's list. Someone will gladly help. Even better, search google, I'm sure something will turn up.From: <[EMAIL PROTECTED]> To: "Jakarta General List" <[EMAIL PROTECTED]> Sent: Thursday, February 06, 2003 8:07 PM Subject: Re: [Fwd: Maven as a top-level apache project]BTW, given the license discussions it seems unlikely a solution that includes all the jars in the same place will work. So the "repository" will be not only a storage for jars, but a set of tools to deal with downloading from different locations with different methods ( and mirror lists, etc ). Again - I think this part can only be apache-wide.Sure, but let's not lose focus of what this is for. Distribution? Building? A company/individual can set up their own repository of jars (we all do) that they've accepted licenses for. The 'tools' should be able to work with that set up, similar to how Maven does today.One thing that has annoyed me is that Maven will download jars from the ibiblio repository with no regard to the license of them. It's an easy way for jars to come into a build without formal review and acceptance of the license. My company's policy is to use only BSD, ASF, or similar licenses. No GPL. And based on recent discussions here, we may prohibit LGPL. We do also use commercially licensed software, and review carefully the redistribution clauses. It's particularly troubling that the jars show up without supporting documentation.
- Dan Diephouse
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
