Sam Ruby wrote:
Sam,
It is your responsibility to enforce that policy. Not maven and not the ASF's. When you integrate JAR or any resource into your project you are doing so delibrately. You should know where that jar originally comes from. If you don't, ask on the developers or user's list. Someone will gladly help. Even better, search google, I'm sure something will turn up.
- Dan Diephouse
People should have a resonable expectation that building an ASF project should not involve the download of materials in violation of their licenses or the incurring of any additional obligations. Enforcement of this policy via Maven or simply by peer review of POMs are acceptable way of achieving this goal.
- Sam Ruby
Now I am honestly confused. Everyone (not just on the list, but those on irc that I have talked to also) seems confused. I just want to clarify if we are debating the following points and what are the answers. I'll put what I think are the answers down and people can correct as needed.
1. Can GPL/LGPL jars be hosed on ibiblio?
Yes, they seem to be very ok with that.
2. Can ASF Projects use GPL/LGPL Projects?
Yes. But, they cannot distribute them.
3. Does the ibiblio repository count as the ASF distributing GPL/LGP/etc?
No, because it is hosted by a third party.
4. Can ASF Projects use Sun BCL licensed products?
Yes, but ASF can't distribute them.
5. Can ibiblio put Sun licensed jars on their repository?
Yes, but see the answer to the next question.
6. If ibiblio has Sun jars on their repository can Maven still use the repository?
No, because then it would be party to illegal activity.
7. Can maven pull down GPL/LGPL jars from the repository when a user is using it to build their project? Or, is maven responsible to make sure that users use the it to only pull down licenses which they agree to when building their project?
No. It is ultimately the user's responsiblity. But, it would be a very nice feature if it did that.
8. Can maven as part of its own build system pull down GPL/LGPL jars when building itself?
Sam you said, "People should have a resonable expectation that building an ASF project should not involve the download of materials in violation of their licenses or the incurring of any additional obligations." Is this what situation you meant to apply it to?
I would believe that Maven can depend on LGPL/GPL jars and pull them down when needed to build itself. Can you clarify?
Cheers,
Dan Diephouse
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
