--- On Mon, 8/18/08, Craig L Russell <[EMAIL PROTECTED]> wrote:
>
> This is a question for infra, not just for the jsecurity
> team.
>
> I'm copying infra on this thread so they can offer
> their opinions.
>
> The web site is part of Apache, but it's not a
> "release" of Apache
> code the way a downloadable source or binary release is a
> "release" of
> Apache code.
>
> I believe that if you propose to use some LGPL code to make
> the web
> site easier to use, there will not be any objection, but
> it's best to
> ask in case there are any questions by the infra team whose
>
> responsibility is to keep Apache running. Infra might have
> some
> questions about the code that go beyond the license.
>
The license wouldn't be infra's concern here, since LGPL is perfectly
redistributable. What sort of product advertising the code does
would be PRC's concern (another issue to consider). My concern would
be that since the codebase is broken into javascript modules, can
the code loader be tricked into downloading those modules from a third
party? There may be other issues particular to javascript that I'm
overlooking, but my first instinct would be to scrutinize
whatever part of the code downloads those additional modules.
