On Tue, Sep 27, 2011 at 6:30 PM, Pedro F. Giffuni <[email protected]> wrote: > > > --- On Tue, 9/27/11, Rob Weir <[email protected]> wrote: > ... >> > Another point that Rob brought would be if we need a >> SGA >> > to add the Groovy (or other) extension. >> > >> > I would think an SGA is a rather extreme thing to >> require >> > for extensions: we wouldn't require that if we want >> to >> > include stuff like ucpp, bsh, or icu ... or dmake ;). >> > >> >> Again, this is a binary versus source code question. > > Not really, that was clarified already. The issue now is > how to bring code into the the SVN tree. >
Bringing it into SVN is easy. Making it into a release is another question. To do that requires going through the IP Clearance process. >> I thought the discussion was about bringing the groovy >> extension source code over, yes? > > Yes. > >> That would require taking it through the IP >> Clearance process. >> An SGA is the normal way to do this. >> > > The PMC can require signing an SGA, I don't discuss that. > As a Podling, the Incubation PMC needs to sign off on IP Clearance and releases as well. > There are other ways of doing it though: people that > have signed ICLAs can bring in code under an appropriate > license and register it in the NOTICE file, and that's > about to happen as we replace copyleft components with > less restricted software. > The iCLA is of zero value if you are checking in someone else's code. The iCLA is about code that you write. For third party code, you don't personally know the provenance of the code. And if it was not developed on the Apache servers, in our SVN, in our public, archived mailings lists, etc., then neither do we. This isn't to say the code is not good. It just means that we do not have the record of its development. That is why we need the SGA. I'm going through this right now, in another Apache project, the ODF Toolkit. Even though the code was written almost entirely by IBM and Oracle, and the committers all have iCLAs and CCLAs, and the code has been Apache 2.0 licensed from the start, IBM and Oracle are still submitting SGA's for this code. I'm willing to debate it for long-established, well-known, high-profile OSS projects that are being used everywhere, e..g, ICU. This is partially about risk management. That is why we should take this case by case. But I don't think the Groovy extension falls into that category. > You can't really expect opensource coders to go signing > SGAs for all the projects that want to use their code. > The IP cleanliness of the code is very important for Apache projects. That is why we take steps that other projects may not require, including requiring an iCLA for committers, a CCLA for corporate contributors, and an SGA for existing open source projects that are contributed to Apache. I don't expect that all outside open source developers will agree to this paperwork. But I do hope that this project will take these requirements seriously. We should not think of an SGA as being extreme or unreasonable. We should think of it as an opportunity to assure that the IP of the project is reassured. -Rob > cheers, > > Pedro. >
