On Thu, Oct 20, 2011 at 9:01 PM, Rob Weir <[email protected]> wrote: > On Thu, Oct 20, 2011 at 9:06 AM, Robert Burrell Donkin
<snip> >> At Apache, a "source release" is (just) what's in version control when >> the release is cut, is canonical and mandatory. Other artifacts follow >> the "binary release" rules, are optional and secondary. >> > > OK. So obviously no "weak" copyleft source files in our source > release, i.e., in our source tarballs. +1 <snip> > The approach we currently have for these components, in OpenOffice, is: > > 1) The 3rd party components are stored in a separate repository, not > with the core product's SVN. So we reduce the opportunity for > contamination. > > 2) The build script downloads the source for these components and > compiles them. > > So we avoid the pre-req/provisioning issue. And we don't need to > include the MPL code in the source distribution. It comes down > automatically at build time, > > That may satisfy the letter of what I'm reading. But I'd be > interested to hear what you think, whether something like that had > been done at Apache before. Most projects use this sort of approach (though there is a strong minority view that thinks that they are wrong to do so) There has been historic resistance to hosting weak copyleft source at Apache but there's now a consensus that requirements to supply source in perpetuity mean that we'll have to host it sooner or later, most likely in a separate repository. > Maybe it would be better, for example, to allow two build modes, one > with and one without the copyleft components, and force the downstream > developer to explicitly enable the compilation with weak copyleft > components by changing a flag or something? Always a good idea to let developers know what's happening Some downstream consumers (in particular, packagers) want to compile against their own system dependencies so IMHO it'd be cleaner just to switch on or off dependency download, preferrably with fine control. Robert
