Sent from my mobile device, please forgive errors and brevity. On Oct 20, 2011 9:40 PM, "Robert Burrell Donkin" < [email protected]> wrote: > > On Thu, Oct 20, 2011 at 9:01 PM, Rob Weir <[email protected]> wrote: > > On Thu, Oct 20, 2011 at 9:06 AM, Robert Burrell Donkin > > <snip> > > >> At Apache, a "source release" is (just) what's in version control when > >> the release is cut, is canonical and mandatory. Other artifacts follow > >> the "binary release" rules, are optional and secondary. > >> > > > > OK. So obviously no "weak" copyleft source files in our source > > release, i.e., in our source tarballs. > > +1 > > <snip> > > > The approach we currently have for these components, in OpenOffice, is: > > > > 1) The 3rd party components are stored in a separate repository, not > > with the core product's SVN. So we reduce the opportunity for > > contamination. > > > > 2) The build script downloads the source for these components and > > compiles them. > > > > So we avoid the pre-req/provisioning issue. And we don't need to > > include the MPL code in the source distribution. It comes down > > automatically at build time, > > > > That may satisfy the letter of what I'm reading. But I'd be > > interested to hear what you think, whether something like that had > > been done at Apache before. > > Most projects use this sort of approach (though there is a strong > minority view that thinks that they are wrong to do so)
That is not my understanding. As far as I am aware automated downloading of incompatible licensed coffee is not acceptable. Providing a separate convenience script that prepares the tree might be acceptable (need to check with legal-discuss). The difference is th at there I'd an opportunity to inform the downstream. Ross > > There has been historic resistance to hosting weak copyleft source at > Apache but there's now a consensus that requirements to supply source > in perpetuity mean that we'll have to host it sooner or later, most > likely in a separate repository. > > > Maybe it would be better, for example, to allow two build modes, one > > with and one without the copyleft components, and force the downstream > > developer to explicitly enable the compilation with weak copyleft > > components by changing a flag or something? > > Always a good idea to let developers know what's happening > > Some downstream consumers (in particular, packagers) want to compile > against their own system dependencies so IMHO it'd be cleaner just to > switch on or off dependency download, preferrably with fine control. > > Robert
