On 01/31/2012 11:23 AM, Ross Gardler wrote:
On 31 January 2012 10:10, Ate Douma<[email protected]> wrote:
On 01/31/2012 10:47 AM, Ross Gardler wrote:
On 31 January 2012 08:42, Niels van Dijk<[email protected]> wrote:
Hi Ate,
In the Jira ticket you show the result of a scan that tested for
potential isssues. Is it also possible to let such a scan actually list
the files it thinks are in error? that would already be a lot less work
that browse trough all source code.
See the attachment on the issue
https://issues.apache.org/jira/secure/attachment/12512376/rat-scan-initial-rave-donations.txt
All these files are in rave-donations and thus not part of any
release. My recommendation would be simply to move the whole
rave-donations tree to apache-extras-org and mark it as an archive
project.
Hmm, that's rather a bold way of 'solving' the issue. And I'm not sure I
simply agree on this suggestion upfront without properly considering if your
statement above is correct, or without considering the possible
consequences.
Very wise.
First of all, it is true that *currently* none of the initial code donations
are part of any release (verbatim). And maybe they never will. But the
initial *intend* of these donations, and for which the donators went through
quite an effort, is that any or some part of these donation might be
(re)used later if so desired.
Yes, but the ability to reuse is not lost by hosting them elsewhere.
Sure, but the same could be said for reuse these code bases before it was
donated.
By 'dumping' these code donations elsewhere (outside the ASF), we'll lose
the provenance of these code donations, and any future intend to (re)use
these will again require them to be re-evaluated.
Why? There is an SLA on file, the original copyright remains with the
donating institutions and they can move it back here whenever they
like (assuming licence issues are addressed first)
Sure, but AFAIK once they need to be 'brought back', we'll have to go through
the same IP Clearance rounds again anyway, as because these no longer were
maintained (guarded) on ASF hardware, we cannot and will not assume them to be
the same (upfront) as te original donations.
That's all rather theoretical I agree, but nonetheless from a legal POV quite
critical.
For the record: AFAIK *all* these code donations originate from an already
open and available public repository, in which they probably have evolved
since, but that also means I see no additional benefit to move them yet
again somewhere else. If nobody cares anymore about these initial donations,
simply deleting would be just as good, actually even better. A new
'abandoned' apache-extras project nobody cares for looking at doesn't surf
any purpose IMO.
I seem to remember that at least one of the donations was not on a
public repository. Even if they all were, some were institutional
repositories and therefore provide no guarantee if still being
available (true apache-extras could go too, but we have an SLA there
with minimum notice periods).
If the rest of the PMC thinks this is a good idea, I will have no objections
either, but everybody please do consider this carefully.
I guess it boils down to balancing the effort between resolving the IP
issues here before graduation and the concerns you (rightly) express.
Sure.
The first question then probably should be: how much effort does it take to
resolve the remaining IP issues?
Although it might require some plumbing, I think the suggestions I gave earlier
in the JIRA issue aren't really difficult to implement, more or less are about
stripping down the donations to only the sources that matter and which can
(easily) be IP cleared.
Shouldn't take more than a few hours IMO for each donation.
But if that turns out not to be so simple, your suggestion might be valid
alternative to consider.
Ross
