On 31 January 2012 10:10, Ate Douma <[email protected]> wrote: > On 01/31/2012 10:47 AM, Ross Gardler wrote: >> >> On 31 January 2012 08:42, Niels van Dijk<[email protected]> wrote: >>> >>> Hi Ate, >>> >>> In the Jira ticket you show the result of a scan that tested for >>> potential isssues. Is it also possible to let such a scan actually list >>> the files it thinks are in error? that would already be a lot less work >>> that browse trough all source code. >> >> >> See the attachment on the issue >> >> https://issues.apache.org/jira/secure/attachment/12512376/rat-scan-initial-rave-donations.txt >> >> All these files are in rave-donations and thus not part of any >> release. My recommendation would be simply to move the whole >> rave-donations tree to apache-extras-org and mark it as an archive >> project. > > > Hmm, that's rather a bold way of 'solving' the issue. And I'm not sure I > simply agree on this suggestion upfront without properly considering if your > statement above is correct, or without considering the possible > consequences.
Very wise. > First of all, it is true that *currently* none of the initial code donations > are part of any release (verbatim). And maybe they never will. But the > initial *intend* of these donations, and for which the donators went through > quite an effort, is that any or some part of these donation might be > (re)used later if so desired. Yes, but the ability to reuse is not lost by hosting them elsewhere. > By 'dumping' these code donations elsewhere (outside the ASF), we'll lose > the provenance of these code donations, and any future intend to (re)use > these will again require them to be re-evaluated. Why? There is an SLA on file, the original copyright remains with the donating institutions and they can move it back here whenever they like (assuming licence issues are addressed first) > For the record: AFAIK *all* these code donations originate from an already > open and available public repository, in which they probably have evolved > since, but that also means I see no additional benefit to move them yet > again somewhere else. If nobody cares anymore about these initial donations, > simply deleting would be just as good, actually even better. A new > 'abandoned' apache-extras project nobody cares for looking at doesn't surf > any purpose IMO. I seem to remember that at least one of the donations was not on a public repository. Even if they all were, some were institutional repositories and therefore provide no guarantee if still being available (true apache-extras could go too, but we have an SLA there with minimum notice periods). > If the rest of the PMC thinks this is a good idea, I will have no objections > either, but everybody please do consider this carefully. I guess it boils down to balancing the effort between resolving the IP issues here before graduation and the concerns you (rightly) express. Ross
