I'm not a board member. :)
On Fri, Jan 2, 2009 at 11:27 AM, Craig L Russell <[email protected]> wrote: > -1 Do not change JSecurity's name > > We had the discussion in early December on the legal mailing list and no > issues were raised contrary to Henri's comments. Henri is the only board > member who commented on the JSecurity name during the discussion. > > We will have at least three more votes where additional issues regarding the > name can be brought up: > > 1. The first release of JSecurity code from the incubator. > 2. The graduation vote of JSecurity taken by the incubator PMC. > 3. The acceptance of JSecurity by the Apache board after the incubator > votes. > > Craig > > > Dear JSecurity Team, > > There has been lengthy debate without consensus as to whether or JSecurity's > name should be changed to something else. So, there is need for a vote. > > Please vote on changing JSecurity's name to something else. This is ONLY a > vote of if we should change the name, NOT what any alternate name might be. > I'd like to leave this vote open for 7 days instead of the usual 3 to > account for time that people may not be able to respond due to the > holidays. Of course we can close the vote early if all binding votes are > accounted for prior to the 7 day limit. > > The vote is open for the next 7 days and only votes from the JSecurity > development team are binding. > > [ ] +1 Change JSecurity's name > [ ] -1 Do not change JSecurity's name > > On Dec 2, 2008, at 1:06 PM, Henri Yandell wrote: > >> Given that it's a name you've been using for 4 years, and it's very >> generic [jXxx being a common pattern in our space and Security being >> very generic]; I'm inclined to keep the current name; though by the >> same reasoning, it's a weak name as "Apache JSecurity" isn't very good >> branding. >> >> My tuppence of opinion. >> >> Hen >> >> On Mon, Dec 1, 2008 at 7:55 PM, Les Hazlewood <[email protected]> >> wrote: >>> >>> Hi ASF legal team, >>> >>> I'm writing this email in hopes of getting your feedback concerning a >>> discussion we've been having on the JSecurity email list (an Incubator >>> project). >>> >>> A few of our mentors have expressed concern that there might be a >>> possible naming conflict with our project name (JSecurity) and some >>> other references found through google and other search mechanisms. >>> >>> I'd like to point out that the JSecurity name, as an open source >>> project identity has been around for almost 4 years now, with zero >>> contact from any external entity claiming conflict with a proprietary >>> name or product. I know this isn't legal criteria for determining if >>> there is a name conflict, but I surface it only to put some context of >>> why the original JSecurity developers (and our well-established >>> communities) think we should keep the JSecurity name. There might be >>> older references to this name, unrelated to our project, but we don't >>> know for certain if they would constitute a risk in the name overlap. >>> >>> We'd like some feedback as to if the project name should be changed or >>> not. >>> >>> Here is what one of our mentors summarized after doing some research: >>> >>> <snip> >>> Now, looking a bit forward on google, here are some other references >>> to JSecurity : >>> >>> http://jwicglobal.com/Knowledge.htm <http://jwicglobal.com/Knowledge.htm> >>> "WIC GLOBAL has developed a comprehensive Information Security >>> Assessment service called JSecurity. Our JSecurity experts will >>> conduct a full information security risk assessment focusing on:" >>> >>> http://www.juniper.net/security/ <http://www.juniper.net/security/> >>> Seems like they have a service called J-Security. Be sure that >>> Juniper has a legal service who might perfectly well send some nicely >>> written "cease and desist" letter to the ASF about this name. Not sure >>> that our legals want to deal with that ... >>> >>> http://www.jegers.com/dnn/Products/JPortfolio/tabid/83/Default.aspx >>> <http://www.jegers.com/dnn/Products/JPortfolio/tabid/83/Default.aspx> >>> Another JSecurity... Seems to be around since 2/11/2005 (at least) >>> >>> >>> http://www.powerlogic.com.br/powerportal/ecp/files.do?evento=download&urlArqPlc=fld_jc_produc_ing_web2.pdf >>> >>> <http://www.powerlogic.com.br/powerportal/ecp/files.do?evento=download&urlArqPlc=fld_jc_produc_ing_web2.pdf> >>> This company has a product named JSecurity. Since when ? >>> >>> As much as I like the JSecurity name, I also think that we are un >>> potential jeopardy if we don't change its name. That's the main issue >>> we have : we can't afford any kind of legal action when we already >>> know that there are company out there which already use this name. >>> >>> Anyway, I can be wrong, I'm just trying to gather as much information >>> as possible. When you guys think you have set your mind about this >>> name, you will have to go to [email protected] >>> <mailto:[email protected]> with the selected name (be it JSecurity or >>> any other) to double check that it's ok or not (IFAIK). That is one of >>> the condition to exit from the incubator : >>> "Check of project name for trademark issues " >>> >>> (http://incubator.apache.org/incubation/Incubation_Policy.html#Minimum+Graduation+Requirements >>> >>> <http://incubator.apache.org/incubation/Incubation_Policy.html#Minimum+Graduation+Requirements>). >>> >>> </snip> >>> >>> Thanks for your review and feedback! >>> >>> Best, >>> >>> Les >>> >>> On Mon, Dec 1, 2008 at 10:18 PM, Les Hazlewood <[email protected]> >>> wrote: >>>> >>>> Adam, >>>> >>>> Thanks _very_ much for such a detailed and thoughtful opinion. I love >>>> to see people who aren't necessarily code contributors contribute to >>>> the project in other ways. This is very valuable to us. >>>> >>>> I am in total agreement with your sentiments thus far. It is my >>>> opinion that the name we have is great as it is and I'd only like to >>>> change the name if someone from legal puts pressure on us to do so. >>>> IANAL, so I'd have to trust their judgment. I'm going to post this to >>>> legal in just a few minutes asking their feedback. I'd like to hear >>>> what they say regardless of what we end up doing - I'm genuinely >>>> curious :) >>>> >>>> Thanks again very much for chiming in. Its nice to see that you (and >>>> others) are taking continued interest in the project. >>>> >>>> Best regards, >>>> >>>> Les >>>> >>>> On Mon, Dec 1, 2008 at 6:28 PM, adamtaft <[email protected]> wrote: >>>>> >>>>> Hi, >>>>> >>>>> I'm not really a contributor to the JSecurity project yet (though I >>>>> hope to >>>>> be in the future). However, this thread has caught my attention, and >>>>> so I >>>>> thought I'd give a couple of thoughts. >>>>> >>>>> I have an interest, call it a hobby, in name related issues for >>>>> software >>>>> projects, open source included. So, though I don't speak from any >>>>> official >>>>> background (I guess beyond a little professional), I would like to >>>>> point out >>>>> a few things about the name Alcatraz. >>>>> >>>>> First, as I believe has been mentioned, the term Alcatraz has been >>>>> associated with other software products already. So, this is bad news >>>>> with >>>>> regards to trademark related issues. Just because its a geographic >>>>> location >>>>> doesn't mean that it can't be trademarked. Thus, likely these other >>>>> software products are going to have problems with any related use of >>>>> the >>>>> term Alcatraz. >>>>> >>>>> Second, the connotation for JSecurity implies that the product is used >>>>> to >>>>> keep people out of the protected system. This is what the term >>>>> "security" >>>>> implies, right? Alcatraz is a prison. It was NOT meant to keep people >>>>> out, >>>>> it was meant to keep people in. The use is only quasi-related, and >>>>> even >>>>> confusing, for a product with your feature set. Alcatraz software >>>>> would be >>>>> a better name for a product which keeps workstation/network users >>>>> constrained in their internet use, like a firewall, or a web proxy, for >>>>> example. Or a child internet monitoring product. >>>>> >>>>> Don't underestimate the importance of this point. The name of a >>>>> software >>>>> should ideally be somewhat self describing, especially when starting >>>>> out. >>>>> Until the name becomes a core brand, having a self describing name can >>>>> make >>>>> a big difference. >>>>> >>>>> Third, I don't think you can underestimate how important it is that >>>>> people >>>>> can search the name of your product and find it through Google (and >>>>> friends). Clearly the term Alcatraz has a huge number of unrelated >>>>> hits, >>>>> and you would clearly be lost any search engine placement with the >>>>> name. >>>>> Much better to have a name for your software that is the only known >>>>> reference so that people can easily find you after having hear the >>>>> name. >>>>> This is why so many companies go crazy and conjure completely strange >>>>> and >>>>> nonsensical product names. >>>>> >>>>> Fourth, Alcatraz is a relatively difficult name to spell, which again >>>>> becomes problematic for the above search recognition reasons. >>>>> Alkitraz? >>>>> Some people simply won't know how to spell it immediately (though this >>>>> is a >>>>> minor point, admittedly). >>>>> >>>>> Fifth, it seems like you're making preparations for something that you >>>>> don't >>>>> even know to be a problem. Yes, the Apache legal team should be >>>>> consulted. >>>>> However, it seems like jumping the gun to just start changing package >>>>> names >>>>> with anticipation of a name change. You would be crazy to start >>>>> renaming >>>>> packages based on some unknown possibility that it has to happen in the >>>>> future. What value does this add to the software? >>>>> >>>>> Following the sigma-six and/or extreme programming world view, you >>>>> shouldn't >>>>> be making any change to your software until the change is actually >>>>> required >>>>> and value is added. Do you have a pending lawsuit? Has the Apache >>>>> council >>>>> suggested the change? Are you being blocked by the incubation process? >>>>> Why >>>>> even consider a change until it needs to be done. Energy could be >>>>> better >>>>> spent on other matters. >>>>> >>>>> Yes, it's a trivial thing to refactor a project from Eclipse. But, >>>>> that's >>>>> only a very small part of the bigger issue. Disruption, confusion, >>>>> support, >>>>> search engine optimization, etc. are what needs to be thought about >>>>> when >>>>> changing the name. >>>>> >>>>> Further, what if you decide to change the name to Alcatraz, and then >>>>> get >>>>> pressure from another software group? Ouch, time to rename the project >>>>> yet >>>>> again. >>>>> >>>>> I think you all are better just letting this thing ride until something >>>>> real >>>>> convicting suggests you need a change. JSecurity is a great product >>>>> name >>>>> which you should stick with until otherwise needed. And, if that day >>>>> comes, >>>>> Alcatraz is just simply the wrong name, in my humble opinion, for all >>>>> the >>>>> reasons mentioned above. >>>>> >>>>> Thanks, >>>>> >>>>> Adam >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Emmanuel Lecharny wrote: >>>>>> >>>>>> Alan D. Cabrera wrote: >>>>>>> >>>>>>> On Nov 30, 2008, at 2:32 PM, Emmanuel Lecharny wrote: >>>>>>> >>>>>>>> Alan D. Cabrera wrote: >>>>>>>>> >>>>>>>>> On Nov 26, 2008, at 9:51 AM, Les Hazlewood wrote: >>>>>>>>> >>>>>>>>>> On Tue, Nov 25, 2008 at 6:01 PM, Emmanuel Lecharny >>>>>>>>>> <[email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Post to [email protected], ask them, but give them the names we >>>>>>>>>>> have googled >>>>>>>>>>> too. >>>>>>>>>> >>>>>>>>>> I think this needs to be vetted, so I'm happy to post to >>>>>>>>>> legal-discuss. But, I can't easily find the thread with the >>>>>>>>>> googled >>>>>>>>>> names. Could you please forward them on so I can post them to the >>>>>>>>>> legal team? >>>>>>>>> >>>>>>>>> Let me suggest this. It seems to me that that alcatraz is the >>>>>>>>> clear >>>>>>>>> favorite, after jsecurity. Let's start setting up the 1.0 packages >>>>>>>>> to be alcatraz and when/if we get the go-ahead from legal and the >>>>>>>>> Incubator PMC we can change the packages to be jsecurity. >>>>>>>> >>>>>>>> Well, I think then it's better to stick with JSecurity (because it's >>>>>>>> already the name we use), ask to Legal, and move to alcatraz if >>>>>>>> needed (or any other name). >>>>>>>> >>>>>>>> So the first step, IMHO, is to ask Legal about the Jsecurity name >>>>>>>> (with all the infos we have already found about it), and also ask >>>>>>>> them in the same mail if Alcatraz is ok or not (same here : add some >>>>>>>> more infos related to this name, assuming that being a geographical >>>>>>>> location, it should not be such a problem). >>>>>>> >>>>>>> Legal is not a clearing house for project names. They can only give >>>>>>> advice if there's a potential conflict, i.e. JSecurity. So far as I >>>>>>> can tell, there is none for alcatraz. >>>>>>> >>>>>>> What I'm worried about is that the vetting effort for the JSecurity >>>>>>> name will have the same track record as the v0.9 release. If we >>>>>>> start >>>>>>> with alcatraz then we have one less thing impeding our incubation >>>>>>> process. >>>>>> >>>>>> Let's start with Alcratraz then, and we have quit some time to do some >>>>>> vetting before 1.0 (hopefully when the project exits from incubator). >>>>>> >>>>>> So my +1 for alcatraz and +1 for doing the renaming now. >>>>>> >>>>>> >>>>>> -- >>>>>> -- >>>>>> cordialement, regards, >>>>>> Emmanuel Lécharny >>>>>> www.iktek.com >>>>>> directory.apache.org >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> View this message in context: >>>>> http://n2.nabble.com/JSecurity%27s-new-name-tp1569003p1601248.html >>>>> Sent from the JSecurity Developer mailing list archive at Nabble.com. >>>>> >>>>> >>>> >>> >> >> --------------------------------------------------------------------- >> DISCLAIMER: Discussions on this list are informational and educational >> only. Statements made on this list are not privileged, do not >> constitute legal advice, and do not necessarily reflect the opinions >> and policies of the ASF. See <http://www.apache.org/licenses/> for >> official ASF policies and documents. >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > Craig L Russell > Architect, Sun Java Enterprise System http://db.apache.org/jdo > 408 276-5638 mailto:[email protected] > P.S. A good JDO? O, Gasp! > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
