Re: What is the legal basis for enforcing release policies at ASF?
On Fri, Aug 21, 2015 at 11:00 AM, Jim Jagielski j...@jagunet.com wrote: On Aug 20, 2015, at 10:23 AM, Benson Margulies bimargul...@gmail.com wrote: On Thu, Aug 20, 2015 at 9:52 AM, Jim Jagielski j...@jagunet.com wrote: Coming in late. A snapshot is not a release. Licenses kick in at distribution/ release. Are you sure? When you have a public source control repo, with a LICENSE file at the top, I would think that this counts as a legal 'publication' under the terms of the license. if not, just what is the legal status of source code snipped from our repositories? A file that exists on a public source repo, with an associated license is, of course, covered under that license. The issue is what is the combined, derivative work under? I can, for example, take a handful of ALv2 files, combine them as-is and license the WORK as GPLv3 for example. Furthermore, a release should have such things as a NOTICE file, etc, as required. Again, no idea if that is included in a snap-shot or not. A release is such that the release artifact is verified as compliant w/ the ALv2, and is an official action of the foundation; A snapshot may or not be verified but for sure is not an official action and the person providing the snapshot does so at their own risk. I was working from some significant miss-assumptions which I won't go into here, to avoid confusing other readers, not unless I understand things thoroughly. On Fri, Aug 21, 2015 at 10:51 AM, Jim Jagielski j...@jagunet.com wrote: I did NOT SAY that... holy moley. I said that licenses kick in at a release, but I not not say that they don't kick-in at other times; also, a release is guaranteed to be under ALv2 (it is our work) and there is no guarantee on said snapshot, depending on how it is created. Yes, I should have given your statement the benefit of the doubt. Whether your statement had been incomplete, outright wrong, or absolutely on point, my venting was inexcusable. On Fri, Aug 21, 2015 at 11:04 AM, Jim Jagielski j...@jagunet.com wrote: Cut it out. I apologize to you for my antagonistic tone. It was a combination of being several days deep into a head cold, and fundamentally misunderstanding the provenance of svn.
Re: What is the legal basis for enforcing release policies at ASF?
Roman Shaposhnik wrote: On the other hand, somebody taking said snapshot and releasing it under the name Project BOO, licensed under the ALv2. Is something that both the ALv2 license AND our trademark policy are totally fine with. What if (not a fictional example; a real case) the code is taken from a branch that comes from a recent code donation and source headers are still in the process of being updated to comply with the donation? Waiting for that code to be included in a formal release for sure solves the problem. But if one doesn't want to wait, I wouldn't know what to suggest. Regards, Andrea. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Fri, Aug 21, 2015 at 11:37 AM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: [Failing at dealing with this cross-posted and variously-branched discussion on two lists, so I am doing it too. Also OT with respect to Ross's declaration, but it has to do with the fact that release is not so well distinguished as one might hope.] Minor nit? #1: Generally, because of what is seen in the repository in terms of LICENSE and NOTICE placement, it appears to apply to everything at and below that point in the repository. A casual observer cannot tell that there is an important ceremonial distinction with regard to using the archived packaging of an approved Apache Release. I was thinking exactly that while reading the thread. Now, to be fair, most of the time statements made by both of these are correct. I actually haven't seen that much licensing issues with TLP during release cycles. Not-so-minor nit? #2: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file **distributed** with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the 'License') at the very top of many individual files in typical ASF Project repositories. Yup. That goes back to the clarification I've just requested from Ross. 'cuz I agree -- I can see it being interpreted in more than one way. Techno-legal nit? #3: From http://www.apache.org/licenses/icla.txt: You hereby grant to the Foundation and to recipients of software **distributed** by the Foundation a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works. ** emphasis mine in both places Great point. I haven't connected the dots with ICLAs myself, but it totally makes sense to talk about ICLA since it is the document that governs the ingest point of new contributions. Avoiding the nit-pickers by picking more nit? #4 A while back, because I was concerned that some user of a contribution of mine might be trapped in a hair splitting between distribution, non-distribution, and released I made a supplemental declaration. I provided a copy to the Secretary of the Foundation on 2013-03-08. This broader statement grants to **all parties obtaining** any past or future ASF **contribution** of mine effectively the same copyright license granted under the iCLA without the condition that it be distributed by the Foundation. You can see it in all of its glory at http://mail-archives.apache.org/mod_mbox/openoffice-dev/201303.mbox/%3c008801ce1c21$0deb3560$29c1a020$@apache.org%3e. This is not the same as an ALv2 license, but it basically gives to all of those parties the same terms as provided to the ASF under the iCLA (technically not an ALv2 license either). I have made a comparable declaration by any contribution I might make to LibreOffice. I have *not* provided LibreOffice with the dual MPL-LGPL license declaration they tend to request. (The receipt of that declaration has not been acknowledged, but I stand behind it.) Interesting! Thanks for the pointer. Thanks, Roman. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
Fascinating discussion, who started this thread? ;-) On a more serious note (actually, very serious one): On Fri, Aug 21, 2015 at 9:13 AM, Ross Gardler ross.gard...@microsoft.com wrote: Our policy is that the combined works are RELEASED under ALv2. That combined work is only licensed as such when the foundation formally approves it. So let me spell one thing explicitly here and see if we all agree. Here's what it is: even though from a purely licensing standpoint a content of a source code repo (a snapshot but NOT in a Maven sense) most of the time happens to be licensed under ALv2 (verification at the point of contribution) we, as a foundation, refuse the right to ANYBODY to call it a release of Apache FOO. We use our trademark power for that. It has nothing to do with the license itself. On the other hand, somebody taking said snapshot and releasing it under the name Project BOO, licensed under the ALv2. Is something that both the ALv2 license AND our trademark policy are totally fine with. Thanks, Roman. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Aug 21, 2015 1:54 AM, Greg Stein gst...@gmail.com wrote: On Thu, Aug 20, 2015 at 9:37 PM, Ross Gardler ross.gard...@microsoft.com wrote: ... So, in the strictest sense, distributions that make minor changes for their distribution should call it Bar powered by Apache Foo in order to differentiate it from an official release of the foundation. In the real world the question is, from a legal point of view, do we care? This is why Debian has Iceweasel instead of Firefox. A very useful point that Greg raises, where does the ASF want to draw that line? C.f. for a good narrative; https://en.m.wikipedia.org/wiki/Mozilla_Corporation_software_rebranded_by_the_Debian_project
Re: What is the legal basis for enforcing release policies at ASF?
On Aug 20, 2015, at 11:19 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Thu, Aug 20, 2015 at 8:52 AM, Jim Jagielski j...@jagunet.com wrote: A snapshot is not a release. Licenses kick in at distribution/ release. Lets just imagine if Jim, VP Legal is actually correct in his interpretation, and that there are no AL 2.0 licenses applicable to our source code repositories, svn or git. I did NOT SAY that... holy moley. I said that licenses kick in at a release, but I not not say that they don't kick-in at other times; also, a release is guaranteed to be under ALv2 (it is our work) and there is no guarantee on said snapshot, depending on how it is created. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Aug 20, 2015, at 8:27 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Aug 20, 2015 08:52, Jim Jagielski j...@jagunet.com wrote: Coming in late. A snapshot is not a release. Licenses kick in at distribution/ release. I want to fix FUD before it infests the rafters and subfloor. I really have never read something so stupid or ill phrased... Every contributor committing code to any ASF project, or even contributing it to us in public forums (including our mailing lists, our bug trackers, etc) is committing that code under the AL or has designated explicitly what licence it came in under (commit message: forked from BSD-licensed code base at {URL}.) It is generally AL code all the time. I don't know where you invented a 'kick-in' concept, but unless the committers are violating their ICLA/CCLA, nothing could be further from the truth. There is also a trademark issue as well... only the ASF can declare something as a release. There we agree :) Please reread what was said... We are talking *releases* here. Making something publicly available is NOT A RELEASE. It may be under a license, but is IS NOT A RELEASE. For god's sake Bill, calm down. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Aug 20, 2015, at 10:23 AM, Benson Margulies bimargul...@gmail.com wrote: On Thu, Aug 20, 2015 at 9:52 AM, Jim Jagielski j...@jagunet.com wrote: Coming in late. A snapshot is not a release. Licenses kick in at distribution/ release. Are you sure? When you have a public source control repo, with a LICENSE file at the top, I would think that this counts as a legal 'publication' under the terms of the license. if not, just what is the legal status of source code snipped from our repositories? A file that exists on a public source repo, with an associated license is, of course, covered under that license. The issue is what is the combined, derivative work under? I can, for example, take a handful of ALv2 files, combine them as-is and license the WORK as GPLv3 for example. Furthermore, a release should have such things as a NOTICE file, etc, as required. Again, no idea if that is included in a snap-shot or not. A release is such that the release artifact is verified as compliant w/ the ALv2, and is an official action of the foundation; A snapshot may or not be verified but for sure is not an official action and the person providing the snapshot does so at their own risk. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
They do? This is the statement of the VP Legal, so whether it is right or wrong, here at the ASF we attempt to honor the 'spirit' of the policy of other licensors when we use their code, and we would hope others would honor the 'spirit' of our policies here. It that is the underlying assumption, that the code is not licensed by the ASF until a formal release occurs, then we need to revisit the many implications of that philosophy. I am no longer playing this game... - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Fri, Aug 21, 2015 at 10:41 AM, Jim Jagielski j...@jagunet.com wrote: On Aug 20, 2015, at 8:27 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Aug 20, 2015 08:52, Jim Jagielski j...@jagunet.com wrote: Coming in late. A snapshot is not a release. Licenses kick in at distribution/ release. I want to fix FUD before it infests the rafters and subfloor. I really have never read something so stupid or ill phrased... Every contributor committing code to any ASF project, or even contributing it to us in public forums (including our mailing lists, our bug trackers, etc) is committing that code under the AL or has designated explicitly what licence it came in under (commit message: forked from BSD-licensed code base at {URL}.) It is generally AL code all the time. I don't know where you invented a 'kick-in' concept, but unless the committers are violating their ICLA/CCLA, nothing could be further from the truth. There is also a trademark issue as well... only the ASF can declare something as a release. There we agree :) Please reread what was said... We are talking *releases* here. Making something publicly available is NOT A RELEASE. It may be under a license, but is IS NOT A RELEASE. I reread what you wrote, A snapshot is not a release. We know this and agree on this, and you just responded to the obvious but failed to address the second half of your statement. Licenses kick in at distribution/release. They do? This is the statement of the VP Legal, so whether it is right or wrong, here at the ASF we attempt to honor the 'spirit' of the policy of other licensors when we use their code, and we would hope others would honor the 'spirit' of our policies here. It that is the underlying assumption, that the code is not licensed by the ASF until a formal release occurs, then we need to revisit the many implications of that philosophy.
Re: What is the legal basis for enforcing release policies at ASF?
On Aug 20, 2015, at 10:16 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Thu, Aug 20, 2015 at 9:03 PM, Benson Margulies bimargul...@gmail.com wrote: This thread started as a discussion of Linux distros and trademarks. Perhaps I could try to return it there? If a distro takes a release of Apache X, compiles it with minimal changes that adapt it to the environment, and distributes it, I believe that it's a fine thing for them to call it simple Apache X, and acknowledge our marks. If a distro takes a release of Apache X, and make significant changes to it, and then distributes it, I believe that it's not OK with us for them to simply call it Apache X. I've seen some evidence that Gentoo Linux makes a regular habit of this, because their policies drive them to make some pretty scary changes in some cases. Others may not share my view. Further, if someone takes a snapshot (small 's') from source control and starts from that, with minimal changes, I think that this would also be trademark-acceptable, so long as they accurately describe what they did. The operative concept here, as Shane has taught it, is 'confusion in the marketplace.' If some third party behaves so as to cause confusion as to the identity of Apache X, there's a trademark issue. If not, not. You summed this up to the best of my understanding ... +1. If our legal VP agrees (and retracts earlier FUD) it appears we are entirely in agreement. What FUD?? Oh... you mean *your* FUD. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
RE: What is the legal basis for enforcing release policies at ASF?
Jim already addressed this in an overlapping email. I tried to address it but it seems quibbling over individual words describing process was more important than understanding the intended message. So let me try again, this time using the corrected words in my email and adding Jim's further clarifications. Our policy is that the combined works are RELEASED under ALv2. That combined work is only licensed as such when the foundation formally approves it. This happens when the PMC members indicate that, to the best of their knowledge, a specified combined work (a source package) conforms with the legal and policy expectations of ask source code included (both ours and upstream). Individual contributions in our source repository are under ALv2. These are approved as such, through a best effort analysis, at the point of contribution. However, this thread is not about individual contributions it is about releases. Therefore this point is not relevant to the question asked, only the previous paragraph concerning releases of combined works is important for the question in the subject line. Sent from my Windows Phone From: William A Rowe Jrmailto:wr...@rowe-clan.net Sent: 8/21/2015 9:01 AM To: ComDevmailto:d...@community.apache.org Cc: general@incubator.apache.orgmailto:general@incubator.apache.org Subject: Re: What is the legal basis for enforcing release policies at ASF? On Fri, Aug 21, 2015 at 10:41 AM, Jim Jagielski j...@jagunet.com wrote: On Aug 20, 2015, at 8:27 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Aug 20, 2015 08:52, Jim Jagielski j...@jagunet.com wrote: Coming in late. A snapshot is not a release. Licenses kick in at distribution/ release. I want to fix FUD before it infests the rafters and subfloor. I really have never read something so stupid or ill phrased... Every contributor committing code to any ASF project, or even contributing it to us in public forums (including our mailing lists, our bug trackers, etc) is committing that code under the AL or has designated explicitly what licence it came in under (commit message: forked from BSD-licensed code base at {URL}.) It is generally AL code all the time. I don't know where you invented a 'kick-in' concept, but unless the committers are violating their ICLA/CCLA, nothing could be further from the truth. There is also a trademark issue as well... only the ASF can declare something as a release. There we agree :) Please reread what was said... We are talking *releases* here. Making something publicly available is NOT A RELEASE. It may be under a license, but is IS NOT A RELEASE. I reread what you wrote, A snapshot is not a release. We know this and agree on this, and you just responded to the obvious but failed to address the second half of your statement. Licenses kick in at distribution/release. They do? This is the statement of the VP Legal, so whether it is right or wrong, here at the ASF we attempt to honor the 'spirit' of the policy of other licensors when we use their code, and we would hope others would honor the 'spirit' of our policies here. It that is the underlying assumption, that the code is not licensed by the ASF until a formal release occurs, then we need to revisit the many implications of that philosophy.
Re: What is the legal basis for enforcing release policies at ASF?
On Fri, Aug 21, 2015 at 10:51 AM, Jim Jagielski j...@jagunet.com wrote: On Aug 20, 2015, at 11:19 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Thu, Aug 20, 2015 at 8:52 AM, Jim Jagielski j...@jagunet.com wrote: A snapshot is not a release. Licenses kick in at distribution/ release. Lets just imagine if Jim, VP Legal is actually correct in his interpretation, and that there are no AL 2.0 licenses applicable to our source code repositories, svn or git. I did NOT SAY that... holy moley. I said that licenses kick in at a release, but I not not say that they don't kick-in at other times; also, a release is guaranteed to be under ALv2 (it is our work) and there is no guarantee on said snapshot, depending on how it is created. Ok, so a license applies to the release. A license applies to the sources in SVN, to the sources in snapshots, ad nasuem... A license also applies to the snapshot. I'd suggest that all snapshots/nightly builds etc, any of them distributing ASF code, have to carry the COPYRIGHT and NOTICE that any other distribution is required to have. They must be present in the source control tree. Leaving out the LICENSE and NOTICE from a non-release is no more correct than leaving them out of the release itself. But the kick in meme doesn't serve us well. Back to the top-post, enforcing that any releases from any packager correspond to what we've published as an ASF release, that authority comes from asserting our marks, and we spell out how we enforce this in AL 2.0 section 6. But the question of what is close enough to the ASF release and what is arguably confusing to users is really up to the individual PMC's because only they are familiar with their users expectations and what constitutes a fork, vs. a practical distribution of the source code they released. We offer reasonable leeway to distributors at the apr and httpd projects and haven't run into too much confusion... ...except in one case, we did have an external entity shipping pre-release-vote binaries without clarifying that these were not releases. They were asked to stop, and voila, that entity is now a much more respected member of the extended community, just because we asked and they obliged.
RE: What is the legal basis for enforcing release policies at ASF?
[Failing at dealing with this cross-posted and variously-branched discussion on two lists, so I am doing it too. Also OT with respect to Ross's declaration, but it has to do with the fact that release is not so well distinguished as one might hope.] Minor nit? #1: Generally, because of what is seen in the repository in terms of LICENSE and NOTICE placement, it appears to apply to everything at and below that point in the repository. A casual observer cannot tell that there is an important ceremonial distinction with regard to using the archived packaging of an approved Apache Release. Not-so-minor nit? #2: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file **distributed** with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the 'License') at the very top of many individual files in typical ASF Project repositories. Techno-legal nit? #3: From http://www.apache.org/licenses/icla.txt: You hereby grant to the Foundation and to recipients of software **distributed** by the Foundation a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works. ** emphasis mine in both places Avoiding the nit-pickers by picking more nit? #4 A while back, because I was concerned that some user of a contribution of mine might be trapped in a hair splitting between distribution, non-distribution, and released I made a supplemental declaration. I provided a copy to the Secretary of the Foundation on 2013-03-08. This broader statement grants to **all parties obtaining** any past or future ASF **contribution** of mine effectively the same copyright license granted under the iCLA without the condition that it be distributed by the Foundation. You can see it in all of its glory at http://mail-archives.apache.org/mod_mbox/openoffice-dev/201303.mbox/%3c008801ce1c21$0deb3560$29c1a020$@apache.org%3e. This is not the same as an ALv2 license, but it basically gives to all of those parties the same terms as provided to the ASF under the iCLA (technically not an ALv2 license either). I have made a comparable declaration by any contribution I might make to LibreOffice. I have *not* provided LibreOffice with the dual MPL-LGPL license declaration they tend to request. (The receipt of that declaration has not been acknowledged, but I stand behind it.) (Le sigh) - Dennis -Original Message- From: Ross Gardler [mailto:ross.gard...@microsoft.com] Sent: Friday, August 21, 2015 09:14 To: general@incubator.apache.org; ComDev d...@community.apache.org Subject: RE: What is the legal basis for enforcing release policies at ASF? [ ... ] Our policy is that the combined works are RELEASED under ALv2. That combined work is only licensed as such when the foundation formally approves it. This happens when the PMC members indicate that, to the best of their knowledge, a specified combined work (a source package) conforms with the legal and policy expectations of ask source code included (both ours and upstream). Individual contributions in our source repository are under ALv2. These are approved as such, through a best effort analysis, at the point of contribution. [ ... ] - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Thu, Aug 20, 2015 at 9:37 PM, Ross Gardler ross.gard...@microsoft.com wrote: ... So, in the strictest sense, distributions that make minor changes for their distribution should call it Bar powered by Apache Foo in order to differentiate it from an official release of the foundation. In the real world the question is, from a legal point of view, do we care? This is why Debian has Iceweasel instead of Firefox. ... Cheers, -g
Re: What is the legal basis for enforcing release policies at ASF?
On Thu, Aug 20, 2015 at 8:52 AM, Jim Jagielski j...@jagunet.com wrote: A snapshot is not a release. Licenses kick in at distribution/ release. Lets just imagine if Jim, VP Legal is actually correct in his interpretation, and that there are no AL 2.0 licenses applicable to our source code repositories, svn or git. Quoting http://apache.org/licenses/LICENSE-2.0 ... 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. No, you may not modify the sources or derive those that reside within version control of the ASF, until and upon the time when the project has blessed that project as a release. Patches to others' contributions to source code control are not within the scope of this imaginary non-license application. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. No, you may absolutely not test the code that has been committed to source control without a patent license, which you do not have, until that time when the ASF blesses the work and calls it a release. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form None of that, it's all straight out, none of it applies to your work at the ASF until the release is blessed. That includes passing off a patched fork of a security fix to a reporter who claimed there was a defect in the earlier release. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License Except when it isn't in Ross's and our VP Legal's own minds... 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. Which wasn't a right in the first place, so no change here under any interpretation... 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. Except that perhaps the ASF is liable, under our VP Legal's interpretation, for works which do reside in source control and were not, in fact, released to the general public? [Ad nauseam 8. and 9.] Let's just not go this direction, because it is plainly false. Jim, it would truly be helpful if you spoke up for or in contradiction to your earlier statements, here... Cheers, Bill
Re: What is the legal basis for enforcing release policies at ASF?
On Aug 20, 2015 08:52, Jim Jagielski j...@jagunet.com wrote: Coming in late. A snapshot is not a release. Licenses kick in at distribution/ release. I want to fix FUD before it infests the rafters and subfloor. I really have never read something so stupid or ill phrased... Every contributor committing code to any ASF project, or even contributing it to us in public forums (including our mailing lists, our bug trackers, etc) is committing that code under the AL or has designated explicitly what licence it came in under (commit message: forked from BSD-licensed code base at {URL}.) It is generally AL code all the time. I don't know where you invented a 'kick-in' concept, but unless the committers are violating their ICLA/CCLA, nothing could be further from the truth. There is also a trademark issue as well... only the ASF can declare something as a release. There we agree :)
Re: What is the legal basis for enforcing release policies at ASF?
On 8/20/15, 5:27 PM, William A Rowe Jr wr...@rowe-clan.net wrote: It is generally AL code all the time. I don't know where you invented a 'kick-in' concept, but unless the committers are violating their ICLA/CCLA, nothing could be further from the truth. Committers sometimes make mistakes. IIRC, Justin recently caught a mistake where some files accidentally got their non-AL headers replaced with AL headers. Large codebase contributions, especially initial podling code grants might be messy as well until scrubbed and approved for an official ASF release. I know from experience. -Alex
Re: What is the legal basis for enforcing release policies at ASF?
On Aug 20, 2015 8:19 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Aug 20, 2015 7:39 PM, Alex Harui aha...@adobe.com wrote: On 8/20/15, 5:27 PM, William A Rowe Jr wr...@rowe-clan.net wrote: It is generally AL code all the time. I don't know where you invented a 'kick-in' concept, but unless the committers are violating their ICLA/CCLA, nothing could be further from the truth. Committers sometimes make mistakes. IIRC, Justin recently caught a mistake where some files accidentally got their non-AL headers replaced with AL headers. Large codebase contributions, especially initial podling code grants might be messy as well until scrubbed and approved for an official ASF release. I know from experience. We don't disagree on this point. Sometimes, they are caught through the release process, or by peer review. Other times, we must retract the claim we offered. Nothing changes the fact that code is either offered under the AL 2.0 or another license, unless the author/licensor changes their license retroactively. Your comment also hones in on the logical fallacy our VP fell into... While it may be true that the ASF granted its own AL 2.0 license to the release package, the ASF is unable to change component licenses in incompatible ways. And the warranty the ASF offers on an inaccurate license claims is - nil - c.f. AL 2.0 However, if our repositories are under another license, that VP needs to make public this information, because I never got the memo, and I must notify friends and the many companies I advise and consult to that they all need to cease looking at the ASF's repositories, and let their respective legal departments each sort this all out, if those repositories are licensed with terms and conditions differing from the AL 2.0.
Re: What is the legal basis for enforcing release policies at ASF?
This thread started as a discussion of Linux distros and trademarks. Perhaps I could try to return it there? If a distro takes a release of Apache X, compiles it with minimal changes that adapt it to the environment, and distributes it, I believe that it's a fine thing for them to call it simple Apache X, and acknowledge our marks. If a distro takes a release of Apache X, and make significant changes to it, and then distributes it, I believe that it's not OK with us for them to simply call it Apache X. I've seen some evidence that Gentoo Linux makes a regular habit of this, because their policies drive them to make some pretty scary changes in some cases. Others may not share my view. Further, if someone takes a snapshot (small 's') from source control and starts from that, with minimal changes, I think that this would also be trademark-acceptable, so long as they accurately describe what they did. The operative concept here, as Shane has taught it, is 'confusion in the marketplace.' If some third party behaves so as to cause confusion as to the identity of Apache X, there's a trademark issue. If not, not.
Re: What is the legal basis for enforcing release policies at ASF?
On Thu, Aug 20, 2015 at 9:37 PM, Ross Gardler ross.gard...@microsoft.com wrote: I do not agree with this interpretation when viewed from a legal angle (though I do agree from a trademark angle). I have a feeling that the root of my disagreement is the same as the root of Jim's earlier statement (though I may be mistaken). You've lost me already, but let's unwind this... There are two points of IP due diligence in an Apache project: At the point of contribution where the IP is validated by the committer and zero or more people who review the patch. The second phase of IP validation is at the point of release, where 3 our more PMC members validate that the foundation can legally release the code. No, 3 or more PMC members make a best-effort that the code meets our qualifications for release. Not being copyright and patent atty's, we presume they did not cast their votes based on a legal definition of due diligence. This means that taking a snapshot and building a release is *not* trademark-acceptable since the foundation, through the project PMC has not approved the release, therefore it is not an Apache release. That much we agree on... Only the ASF gets to say what is an ASF release and to do so requires a vote of the PMC. It has nothing to do with the number of changes made to what is in our repositories. It has everything to do with whether it's a release of the foundation. Accurate... So, in the strictest sense, distributions that make minor changes for their distribution should call it Bar powered by Apache Foo in order to differentiate it from an official release of the foundation. In the real world the question is, from a legal point of view, do we care? Here is where there is some room for interpretation, the httpd project can probably be built more than 10^9 different ways (I extrapolate this from a Chipotle drink cup that claimed the number of permutations of their quick-service faux-tex-mex menu) (lets ignore the fact that some people vote on releases without doing proper validation, that's why we require 3 +1 votes, the assumption is that at least one of them did the job properly) Define Proper, I haven't read that http://www.apache.org/dev/release/proper.html page yet. You still didn't comment on the license under which the repository is licensed, so this wasn't a terribly helpful post. From: William A Rowe Jrmailto:wr...@rowe-clan.net Sent: 8/20/2015 7:17 PM To: general@incubator.apache.orgmailto:general@incubator.apache.org Subject: Re: What is the legal basis for enforcing release policies at ASF? On Thu, Aug 20, 2015 at 9:03 PM, Benson Margulies bimargul...@gmail.com wrote: This thread started as a discussion of Linux distros and trademarks. Perhaps I could try to return it there? If a distro takes a release of Apache X, compiles it with minimal changes that adapt it to the environment, and distributes it, I believe that it's a fine thing for them to call it simple Apache X, and acknowledge our marks. If a distro takes a release of Apache X, and make significant changes to it, and then distributes it, I believe that it's not OK with us for them to simply call it Apache X. I've seen some evidence that Gentoo Linux makes a regular habit of this, because their policies drive them to make some pretty scary changes in some cases. Others may not share my view. Further, if someone takes a snapshot (small 's') from source control and starts from that, with minimal changes, I think that this would also be trademark-acceptable, so long as they accurately describe what they did. The operative concept here, as Shane has taught it, is 'confusion in the marketplace.' If some third party behaves so as to cause confusion as to the identity of Apache X, there's a trademark issue. If not, not. You summed this up to the best of my understanding ... +1. If our legal VP agrees (and retracts earlier FUD) it appears we are entirely in agreement.
Re: What is the legal basis for enforcing release policies at ASF?
I think it is somewhat amusing, that this is actually discussed ~20years after Apache group is formed. A newcomer must be flabbergasted that this isn't clear cut by now... ;-) // Niclas On Fri, Aug 21, 2015 at 10:37 AM, Ross Gardler ross.gard...@microsoft.com wrote: I do not agree with this interpretation when viewed from a legal angle (though I do agree from a trademark angle). I have a feeling that the root of my disagreement is the same as the root of Jim's earlier statement (though I may be mistaken). There are two points of IP due diligence in an Apache project: At the point of contribution where the IP is validated by the committer and zero or more people who review the patch. The second phase of IP validation is at the point of release, where 3 our more PMC members validate that the foundation can legally release the code. This means that taking a snapshot and building a release is *not* trademark-acceptable since the foundation, through the project PMC has not approved the release, therefore it is not an Apache release. Only the ASF gets to say what is an ASF release and to do so requires a vote of the PMC. It has nothing to do with the number of changes made to what is in our repositories. It has everything to do with whether it's a release of the foundation. So, in the strictest sense, distributions that make minor changes for their distribution should call it Bar powered by Apache Foo in order to differentiate it from an official release of the foundation. In the real world the question is, from a legal point of view, do we care? (lets ignore the fact that some people vote on releases without doing proper validation, that's why we require 3 +1 votes, the assumption is that at least one of them did the job properly) Sent from my Windows Phone From: William A Rowe Jrmailto:wr...@rowe-clan.net Sent: 8/20/2015 7:17 PM To: general@incubator.apache.orgmailto:general@incubator.apache.org Subject: Re: What is the legal basis for enforcing release policies at ASF? On Thu, Aug 20, 2015 at 9:03 PM, Benson Margulies bimargul...@gmail.com wrote: This thread started as a discussion of Linux distros and trademarks. Perhaps I could try to return it there? If a distro takes a release of Apache X, compiles it with minimal changes that adapt it to the environment, and distributes it, I believe that it's a fine thing for them to call it simple Apache X, and acknowledge our marks. If a distro takes a release of Apache X, and make significant changes to it, and then distributes it, I believe that it's not OK with us for them to simply call it Apache X. I've seen some evidence that Gentoo Linux makes a regular habit of this, because their policies drive them to make some pretty scary changes in some cases. Others may not share my view. Further, if someone takes a snapshot (small 's') from source control and starts from that, with minimal changes, I think that this would also be trademark-acceptable, so long as they accurately describe what they did. The operative concept here, as Shane has taught it, is 'confusion in the marketplace.' If some third party behaves so as to cause confusion as to the identity of Apache X, there's a trademark issue. If not, not. You summed this up to the best of my understanding ... +1. If our legal VP agrees (and retracts earlier FUD) it appears we are entirely in agreement. -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java
Re: What is the legal basis for enforcing release policies at ASF?
On Thu, Aug 20, 2015 at 9:03 PM, Benson Margulies bimargul...@gmail.com wrote: This thread started as a discussion of Linux distros and trademarks. Perhaps I could try to return it there? If a distro takes a release of Apache X, compiles it with minimal changes that adapt it to the environment, and distributes it, I believe that it's a fine thing for them to call it simple Apache X, and acknowledge our marks. If a distro takes a release of Apache X, and make significant changes to it, and then distributes it, I believe that it's not OK with us for them to simply call it Apache X. I've seen some evidence that Gentoo Linux makes a regular habit of this, because their policies drive them to make some pretty scary changes in some cases. Others may not share my view. Further, if someone takes a snapshot (small 's') from source control and starts from that, with minimal changes, I think that this would also be trademark-acceptable, so long as they accurately describe what they did. The operative concept here, as Shane has taught it, is 'confusion in the marketplace.' If some third party behaves so as to cause confusion as to the identity of Apache X, there's a trademark issue. If not, not. You summed this up to the best of my understanding ... +1. If our legal VP agrees (and retracts earlier FUD) it appears we are entirely in agreement.
Re: What is the legal basis for enforcing release policies at ASF?
On Thu, Aug 20, 2015 at 9:11 PM, Christopher ctubb...@apache.org wrote: It sounds to me like you're saying that the license under which code is offered (to anybody who encounters it) is independent of the license declaration attached to the project. No, the license is that which was granted by the author, and I think you missed my followup by a few minutes, so I will quote myself here... Your comment also hones in on the logical fallacy our VP fell into... While it may be true that the ASF granted its own AL 2.0 license to the release package, the ASF is unable to change component licenses in incompatible ways. And the warranty the ASF offers on an inaccurate license claims is - nil - c.f. AL 2.0 However, if our repositories are under another license, that VP needs to make public this information, because I never got the memo, and I must notify friends and the many companies I advise and consult to that they all need to cease looking at the ASF's repositories, and let their respective legal departments each sort this all out, if those repositories are licensed with terms and conditions differing from the AL 2.0. Obviously, I think our VP Legal isn't taking his job seriously of advising the community on the specific legal particularities of the software we create, which is why I'm going to stand pat until someone offers up a compelling argument over why anyone is not able to take any of the AL 2.0 code out of ASF repositories, released or not, and re-purpose it for whatever they desire. But don't name it by Apache {foo} unless {foo} PMC sanctioned the release of the code. It's entirely in trademark law, and our license and copyright law gives them everything they need to utilize the code, released or not.
Re: What is the legal basis for enforcing release policies at ASF?
It sounds to me like you're saying that the license under which code is offered (to anybody who encounters it) is independent of the license declaration attached to the project. This makes sense to me, presuming that we still agree that the license declaration (header or license file) is the best way to communicate the license under which the code is offered. It seems to follow, then, that were saying that there are sometimes errors in the declaration, where it doesn't reflect what license the code is actually offered under (if any). Further, we're saying that this is hopefully less likely in a release, which has been vetted with greater scrutiny. Is that right? If so, then it seems to me that the question really becomes: is it sufficiently communicated by the very fact of being a snapshot (any state of the code other than in a release), that errors are possible in the license? I would think the answer is yes, personally. However, I'm not sure it really means much, because it's still reasonable for people to assume the license declaration is correct, until shown otherwise. It seems to me that the very fact that any license declaration is attached to the code at all, regardless of its state as a release or snapshot, shifts the burden of responsibility to actually demonstrate that the license does not apply. This is the reverse of the case when no obvious license declaration is made. The burden in that case is to show that the license does apply. Isn't that why we explicitly put headers on each file, in addition to the LICENSE file? To explicitly shift this burden to us in order to encourage free use of our software by others? On Thu, Aug 20, 2015, 21:19 William A Rowe Jr wr...@rowe-clan.net wrote: On Aug 20, 2015 7:39 PM, Alex Harui aha...@adobe.com wrote: On 8/20/15, 5:27 PM, William A Rowe Jr wr...@rowe-clan.net wrote: It is generally AL code all the time. I don't know where you invented a 'kick-in' concept, but unless the committers are violating their ICLA/CCLA, nothing could be further from the truth. Committers sometimes make mistakes. IIRC, Justin recently caught a mistake where some files accidentally got their non-AL headers replaced with AL headers. Large codebase contributions, especially initial podling code grants might be messy as well until scrubbed and approved for an official ASF release. I know from experience. We don't disagree on this point. Sometimes, they are caught through the release process, or by peer review. Other times, we must retract the claim we offered. Nothing changes the fact that code is either offered under the AL 2.0 or another license, unless the author/licensor changes their license retroactively.
Re: What is the legal basis for enforcing release policies at ASF?
AFAIK a SNAPSHOT has not been voted on and is therefore not a formal ASF release. So for example this would cover CI builds that deploy jars to the ASF Maven SNAPSHOT repo. On 20 August 2015 at 23:33, Mike Kienenberger mkien...@gmail.com wrote: On Thu, Aug 20, 2015 at 6:23 PM, Gavin McDonald ga...@16degrees.com.au wrote: So what do we do about all the rc1|rc2|rcx ,alphas, betas and Milestone ‘releases’ that are on our official mirrors right now? (Because they would have been voted on as a ‘’release’’ for the projects to put them there in the first place) Release means different things in different contexts. An ASF release is a product that a PMC has vetted to meet ASF release standards (builds from source, APL2 licensed) and has made available to end-users in our download services. This use of release deals with legal and can-be-modified promises made to the end-user. Various ASF projects also use release to mean something different -- a community-approved product that has a certain API and typically has no known issues. This use of release generally deals with technical aspects of the project, such as stability and reliability. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Aug 20, 2015 7:39 PM, Alex Harui aha...@adobe.com wrote: On 8/20/15, 5:27 PM, William A Rowe Jr wr...@rowe-clan.net wrote: It is generally AL code all the time. I don't know where you invented a 'kick-in' concept, but unless the committers are violating their ICLA/CCLA, nothing could be further from the truth. Committers sometimes make mistakes. IIRC, Justin recently caught a mistake where some files accidentally got their non-AL headers replaced with AL headers. Large codebase contributions, especially initial podling code grants might be messy as well until scrubbed and approved for an official ASF release. I know from experience. We don't disagree on this point. Sometimes, they are caught through the release process, or by peer review. Other times, we must retract the claim we offered. Nothing changes the fact that code is either offered under the AL 2.0 or another license, unless the author/licensor changes their license retroactively.
RE: What is the legal basis for enforcing release policies at ASF?
I do not agree with this interpretation when viewed from a legal angle (though I do agree from a trademark angle). I have a feeling that the root of my disagreement is the same as the root of Jim's earlier statement (though I may be mistaken). There are two points of IP due diligence in an Apache project: At the point of contribution where the IP is validated by the committer and zero or more people who review the patch. The second phase of IP validation is at the point of release, where 3 our more PMC members validate that the foundation can legally release the code. This means that taking a snapshot and building a release is *not* trademark-acceptable since the foundation, through the project PMC has not approved the release, therefore it is not an Apache release. Only the ASF gets to say what is an ASF release and to do so requires a vote of the PMC. It has nothing to do with the number of changes made to what is in our repositories. It has everything to do with whether it's a release of the foundation. So, in the strictest sense, distributions that make minor changes for their distribution should call it Bar powered by Apache Foo in order to differentiate it from an official release of the foundation. In the real world the question is, from a legal point of view, do we care? (lets ignore the fact that some people vote on releases without doing proper validation, that's why we require 3 +1 votes, the assumption is that at least one of them did the job properly) Sent from my Windows Phone From: William A Rowe Jrmailto:wr...@rowe-clan.net Sent: 8/20/2015 7:17 PM To: general@incubator.apache.orgmailto:general@incubator.apache.org Subject: Re: What is the legal basis for enforcing release policies at ASF? On Thu, Aug 20, 2015 at 9:03 PM, Benson Margulies bimargul...@gmail.com wrote: This thread started as a discussion of Linux distros and trademarks. Perhaps I could try to return it there? If a distro takes a release of Apache X, compiles it with minimal changes that adapt it to the environment, and distributes it, I believe that it's a fine thing for them to call it simple Apache X, and acknowledge our marks. If a distro takes a release of Apache X, and make significant changes to it, and then distributes it, I believe that it's not OK with us for them to simply call it Apache X. I've seen some evidence that Gentoo Linux makes a regular habit of this, because their policies drive them to make some pretty scary changes in some cases. Others may not share my view. Further, if someone takes a snapshot (small 's') from source control and starts from that, with minimal changes, I think that this would also be trademark-acceptable, so long as they accurately describe what they did. The operative concept here, as Shane has taught it, is 'confusion in the marketplace.' If some third party behaves so as to cause confusion as to the identity of Apache X, there's a trademark issue. If not, not. You summed this up to the best of my understanding ... +1. If our legal VP agrees (and retracts earlier FUD) it appears we are entirely in agreement.
Re: What is the legal basis for enforcing release policies at ASF?
On Thu, Aug 20, 2015 at 9:52 AM, Jim Jagielski j...@jagunet.com wrote: Coming in late. A snapshot is not a release. Licenses kick in at distribution/ release. Are you sure? When you have a public source control repo, with a LICENSE file at the top, I would think that this counts as a legal 'publication' under the terms of the license. if not, just what is the legal status of source code snipped from our repositories? There is also a trademark issue as well... only the ASF can declare something as a release. On Aug 6, 2015, at 8:50 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Thanks, Roman. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
Coming in late. A snapshot is not a release. Licenses kick in at distribution/ release. There is also a trademark issue as well... only the ASF can declare something as a release. On Aug 6, 2015, at 8:50 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Thanks, Roman. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Thu, Aug 20, 2015 at 7:23 AM, Benson Margulies bimargul...@gmail.com wrote: On Thu, Aug 20, 2015 at 9:52 AM, Jim Jagielski j...@jagunet.com wrote: Coming in late. A snapshot is not a release. Licenses kick in at distribution/ release. Are you sure? When you have a public source control repo, with a LICENSE file at the top, I would think that this counts as a legal 'publication' under the terms of the license. if not, just what is the legal status of source code snipped from our repositories? I agree with Jim that a snapshot is not a release. I also agree with him that licenses kick in at distribution. As to whether they kick in at distribution/release, I think that's a weird bit of wording, and I would be surprised if we are not all in agreement here. There were long threads on this topic back in 2007-2009 on legal-discuss@apache. http://markmail.org/message/jangmpbssvvd73az http://s.apache.org/6Wm http://markmail.org/message/xietapwmthvvknex http://s.apache.org/H6o Here's are a couple germane points from Roy: http://markmail.org/message/vbfjep4r2npkwufa http://s.apache.org/aXK Copyright law has no concept of software development. So, when a lawyer looks at http://svn.apache.org/repos/asf/httpd/httpd/trunk/ what the lawyer (or even layperson) sees is a website. http://markmail.org/message/44ezdre3se3ov5nu http://s.apache.org/MEC SVN is not a distribution point. Of course it is a distribution point. Distribution == copy to someone else. It isn't a release (an editorial decision by the ASF). Marvin Humphrey - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On 20 Aug 2015, at 2:52 pm, Jim Jagielski j...@jagunet.com wrote: Coming in late. A snapshot is not a release. Licenses kick in at distribution/ release. Interesting. So what do we do about all the rc1|rc2|rcx ,alphas, betas and Milestone ‘releases’ that are on our official mirrors right now? (Because they would have been voted on as a ‘’release’’ for the projects to put them there in the first place) (Or are all those different to Snapshots somehow?) Gav… There is also a trademark issue as well... only the ASF can declare something as a release. On Aug 6, 2015, at 8:50 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Thanks, Roman. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org Gav... (( ( ( )\ ) )\ ) )\ ) ( )) )\(()/((()/( (()/( )\ ) ( ) ( /( ( (( /( ( ( ( _)( /(_))/(_)) /(_)) ( (()/( )( ( /( ( )\()))())\ ( )\()) ))\ )())\ )\ _ )\ (_)) (_))_| (_)) )\ ) /(_))(()\ )(_)) )\ (_))/(()\ /((_) )\ (_))/ /((_)(()\ /((_) (_)_\(_)/ __|| |_ |_ _| _(_/((_) _| ((_)((_)_ ((_)| |_ ((_)(_))( ((_)| |_ (_))( ((_)(_)) / _ \ \__ \| __| | | | ' \))| _|| '_|/ _` |(_-| _|| '_|| || |/ _| | _|| || || '_|/ -_) /_/ \_\ |___/|_||___||_||_| |_| |_| \__,_|/__/ \__||_| \_,_|\__| \__| \_,_||_| \___|
Re: What is the legal basis for enforcing release policies at ASF?
On Thu, Aug 20, 2015 at 6:23 PM, Gavin McDonald ga...@16degrees.com.au wrote: So what do we do about all the rc1|rc2|rcx ,alphas, betas and Milestone ‘releases’ that are on our official mirrors right now? (Because they would have been voted on as a ‘’release’’ for the projects to put them there in the first place) Release means different things in different contexts. An ASF release is a product that a PMC has vetted to meet ASF release standards (builds from source, APL2 licensed) and has made available to end-users in our download services. This use of release deals with legal and can-be-modified promises made to the end-user. Various ASF projects also use release to mean something different -- a community-approved product that has a certain API and typically has no known issues. This use of release generally deals with technical aspects of the project, such as stability and reliability. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Mon, Aug 17, 2015 at 8:48 AM, Shane Curcuru a...@shanecurcuru.org wrote: On 8/16/15 4:25 PM, Roman Shaposhnik wrote: On Fri, Aug 14, 2015 at 3:59 PM, Shane Curcuru a...@shanecurcuru.org wrote: On 8/7/15 7:53 AM, Niclas Hedhman wrote: Bill, So I can release Niclas Hadoop platform, based on Apache Hadoop ?? I thought the discussion a few years ago was that this was misleading... No, you cannot. See our actual trademark policy: https://www.apache.org/foundation/marks/faq/#products Our release policy, as Roman originally asked about, applies only to ASF projects, and has no bearing on third parties. However our trademark policy, and trademark law, prevents third parties from publicly providing software using our trademarks. Our operational policies only apply to our projects, just like any other corporation. Some policies, like our license itself and our formal trademark policy, inform the rest of the world how they are allowed to use our websites, software code, and brands. Make sense? It does, but our relationships with downstream Linux vendors (just to take the most obvious example) set a very confusing precedent. Shane, if would be super helpful if you took a look at: http://pkgs.org/search/hadoop http://pkgs.org/search/maven http://pkgs.org/search/subversion and pubished your narrative of how the ASF branding policies apply in both cases. The 3 projects I'm picking represent a pretty diverse set of cases of how PMCs are conducting themselves. OK, that will take some time. It would help if we can setup a call or get someone to writeup a description of what those pages mean from the larger perspective: Understood. And perhaps this could be considered important enough so that we start a dedicated thread. Let me know if you'd also suggest moving to a more appropriate mailing list. Trademarks are about preventing consumer confusion as to the source of goods. So we need to consider this from the point of view of an experienced software developer in the general sense - someone who is *not* an Apache committer and not experienced with our products in specific, but someone who is an experienced software developer, systems architect, or devops type who's trying to evaluate a bunch of software for their company. Fully agree with the goals. The issue is I don't use pkgs.org (I use homebrew, but only for more end-user applications recently), so I'm trying to translate to the experience of an actual developer consumer who'd be trying to find and use these products. pkgs.org is not actually a packaging system, but rather an index of almost all packages available on various Linux distributions. Think of it as Yellow Pages for ALL possible Linux packages. It is a good place to quickly get a sense of how ASF software gets represented in very different Linux distros. The problem is that trademark analyses are much easier to do for consumer products, and for physical goods. Software is inherently different in that marketing brochures or store signs or packaging is very different, and widely varied on a whole bunch of web pages. Plus, most of our products are highly technical: very few computer end users are downloading Hadoop or Maven - it's software developers who are looking for these. So understanding the common software developer perspective on how they see *where* these named downloadable software products are being displayed matters. Makes total sense to me! [*] Thanks, Roman. [*] it is also, coincidentally, what I get so worked up when 'general public' in our release policy gets [mis]interpreted as mostly related to 'end users'. But that's a pet peeve for a different thread ;-) - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On 8/16/15 4:25 PM, Roman Shaposhnik wrote: On Fri, Aug 14, 2015 at 3:59 PM, Shane Curcuru a...@shanecurcuru.org wrote: On 8/7/15 7:53 AM, Niclas Hedhman wrote: Bill, So I can release Niclas Hadoop platform, based on Apache Hadoop ?? I thought the discussion a few years ago was that this was misleading... No, you cannot. See our actual trademark policy: https://www.apache.org/foundation/marks/faq/#products Our release policy, as Roman originally asked about, applies only to ASF projects, and has no bearing on third parties. However our trademark policy, and trademark law, prevents third parties from publicly providing software using our trademarks. Our operational policies only apply to our projects, just like any other corporation. Some policies, like our license itself and our formal trademark policy, inform the rest of the world how they are allowed to use our websites, software code, and brands. Make sense? It does, but our relationships with downstream Linux vendors (just to take the most obvious example) set a very confusing precedent. Shane, if would be super helpful if you took a look at: http://pkgs.org/search/hadoop http://pkgs.org/search/maven http://pkgs.org/search/subversion and pubished your narrative of how the ASF branding policies apply in both cases. The 3 projects I'm picking represent a pretty diverse set of cases of how PMCs are conducting themselves. OK, that will take some time. It would help if we can setup a call or get someone to writeup a description of what those pages mean from the larger perspective: Trademarks are about preventing consumer confusion as to the source of goods. So we need to consider this from the point of view of an experienced software developer in the general sense - someone who is *not* an Apache committer and not experienced with our products in specific, but someone who is an experienced software developer, systems architect, or devops type who's trying to evaluate a bunch of software for their company. The issue is I don't use pkgs.org (I use homebrew, but only for more end-user applications recently), so I'm trying to translate to the experience of an actual developer consumer who'd be trying to find and use these products. The problem is that trademark analyses are much easier to do for consumer products, and for physical goods. Software is inherently different in that marketing brochures or store signs or packaging is very different, and widely varied on a whole bunch of web pages. Plus, most of our products are highly technical: very few computer end users are downloading Hadoop or Maven - it's software developers who are looking for these. So understanding the common software developer perspective on how they see *where* these named downloadable software products are being displayed matters. - Shane - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Fri, Aug 14, 2015 at 3:59 PM, Shane Curcuru a...@shanecurcuru.org wrote: On 8/7/15 7:53 AM, Niclas Hedhman wrote: Bill, So I can release Niclas Hadoop platform, based on Apache Hadoop ?? I thought the discussion a few years ago was that this was misleading... No, you cannot. See our actual trademark policy: https://www.apache.org/foundation/marks/faq/#products Our release policy, as Roman originally asked about, applies only to ASF projects, and has no bearing on third parties. However our trademark policy, and trademark law, prevents third parties from publicly providing software using our trademarks. Our operational policies only apply to our projects, just like any other corporation. Some policies, like our license itself and our formal trademark policy, inform the rest of the world how they are allowed to use our websites, software code, and brands. Make sense? It does, but our relationships with downstream Linux vendors (just to take the most obvious example) set a very confusing precedent. Shane, if would be super helpful if you took a look at: http://pkgs.org/search/hadoop http://pkgs.org/search/maven http://pkgs.org/search/subversion and pubished your narrative of how the ASF branding policies apply in both cases. The 3 projects I'm picking represent a pretty diverse set of cases of how PMCs are conducting themselves. Thanks, Roman. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On 8/7/15 7:53 AM, Niclas Hedhman wrote: Bill, So I can release Niclas Hadoop platform, based on Apache Hadoop ?? I thought the discussion a few years ago was that this was misleading... No, you cannot. See our actual trademark policy: https://www.apache.org/foundation/marks/faq/#products Our release policy, as Roman originally asked about, applies only to ASF projects, and has no bearing on third parties. However our trademark policy, and trademark law, prevents third parties from publicly providing software using our trademarks. Our operational policies only apply to our projects, just like any other corporation. Some policies, like our license itself and our formal trademark policy, inform the rest of the world how they are allowed to use our websites, software code, and brands. Make sense? - Shane On Fri, Aug 7, 2015 at 12:30 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Thu, Aug 6, 2015 at 7:50 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Nothing other than the Trademarks. If someone wants to call httpd trunk 3.0.1-GA, they cannot do this as Apache httpd 3.0.1-GA or Apache HTTP Server 3.0.1-GA. They can certainly release trunk under the AL license and call it Kindred Http Server 3.0.1-GA, based on Apache HTTP Server. That is a statement of fact and not an abuse of the mark, IMHO. (If it was not actually based on Apache HTTP Server, then that would similarly be a Trademark infringement as it is a false use of the mark.) There are no less than two marks, one is the name of the foundation itself in conjunction with Open Source Software, and the other is the specific project name. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Fri, Aug 7, 2015 at 12:08 PM, Gregory Chase gch...@pivotal.io wrote: Does ...based on Apache Hadoop require a clear dependency notation as to which versions of Apache component releases are part of the commercial distribution? No, it cannot. Trademark law is not a matter of such distinctions, and our very own Apache License imposes no such complexity. On Fri, Aug 7, 2015 at 5:39 AM, Sam Ruby ru...@intertwingly.net wrote: On Fri, Aug 7, 2015 at 7:53 AM, Niclas Hedhman nic...@hedhman.org wrote: Bill, So I can release Niclas Hadoop platform, based on Apache Hadoop ?? I thought the discussion a few years ago was that this was misleading... Things in law are rarely binary except at the edges or after an actual court ruling. Releasing a Niclas George platform powered by Apache Hadoop conforms with our branding requirements, so would likely be OK. The further you go away from that, the less clear that what you are doing would be OK. Hadoop would be a especially problematic case for you, as Apache Hadoop, Hadoop, Apache, the Apache feather logo, and the Apache Hadoop project logo are either registered trademarks or trademarks of the Apache Software Foundation in the United States and other countries. -- https://hadoop.apache.org/ http is a more generic term, so including variants of it in your name (including httpd) would be less problematic than incorporating a name like Hadoop. - Sam Ruby On Fri, Aug 7, 2015 at 12:30 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Thu, Aug 6, 2015 at 7:50 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Nothing other than the Trademarks. If someone wants to call httpd trunk 3.0.1-GA, they cannot do this as Apache httpd 3.0.1-GA or Apache HTTP Server 3.0.1-GA. They can certainly release trunk under the AL license and call it Kindred Http Server 3.0.1-GA, based on Apache HTTP Server. That is a statement of fact and not an abuse of the mark, IMHO. (If it was not actually based on Apache HTTP Server, then that would similarly be a Trademark infringement as it is a false use of the mark.) There are no less than two marks, one is the name of the foundation itself in conjunction with Open Source Software, and the other is the specific project name. -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org -- Greg Chase Director of Big Data Communities http://www.pivotal.io/big-data Pivotal Software http://www.pivotal.io/ 650-215-0477 @GregChase Blog: http://geekmarketing.biz/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
Why not? So *everything * in your world is forbidden? Join the world of freedom. Am 07.08.2015 13:55 schrieb Niclas Hedhman nic...@hedhman.org: Bill, So I can release Niclas Hadoop platform, based on Apache Hadoop ?? I thought the discussion a few years ago was that this was misleading... On Fri, Aug 7, 2015 at 12:30 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Thu, Aug 6, 2015 at 7:50 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Nothing other than the Trademarks. If someone wants to call httpd trunk 3.0.1-GA, they cannot do this as Apache httpd 3.0.1-GA or Apache HTTP Server 3.0.1-GA. They can certainly release trunk under the AL license and call it Kindred Http Server 3.0.1-GA, based on Apache HTTP Server. That is a statement of fact and not an abuse of the mark, IMHO. (If it was not actually based on Apache HTTP Server, then that would similarly be a Trademark infringement as it is a false use of the mark.) There are no less than two marks, one is the name of the foundation itself in conjunction with Open Source Software, and the other is the specific project name. -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java
Re: What is the legal basis for enforcing release policies at ASF?
Does ...based on Apache Hadoop require a clear dependency notation as to which versions of Apache component releases are part of the commercial distribution? On Fri, Aug 7, 2015 at 5:39 AM, Sam Ruby ru...@intertwingly.net wrote: On Fri, Aug 7, 2015 at 7:53 AM, Niclas Hedhman nic...@hedhman.org wrote: Bill, So I can release Niclas Hadoop platform, based on Apache Hadoop ?? I thought the discussion a few years ago was that this was misleading... Things in law are rarely binary except at the edges or after an actual court ruling. Releasing a Niclas George platform powered by Apache Hadoop conforms with our branding requirements, so would likely be OK. The further you go away from that, the less clear that what you are doing would be OK. Hadoop would be a especially problematic case for you, as Apache Hadoop, Hadoop, Apache, the Apache feather logo, and the Apache Hadoop project logo are either registered trademarks or trademarks of the Apache Software Foundation in the United States and other countries. -- https://hadoop.apache.org/ http is a more generic term, so including variants of it in your name (including httpd) would be less problematic than incorporating a name like Hadoop. - Sam Ruby On Fri, Aug 7, 2015 at 12:30 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Thu, Aug 6, 2015 at 7:50 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Nothing other than the Trademarks. If someone wants to call httpd trunk 3.0.1-GA, they cannot do this as Apache httpd 3.0.1-GA or Apache HTTP Server 3.0.1-GA. They can certainly release trunk under the AL license and call it Kindred Http Server 3.0.1-GA, based on Apache HTTP Server. That is a statement of fact and not an abuse of the mark, IMHO. (If it was not actually based on Apache HTTP Server, then that would similarly be a Trademark infringement as it is a false use of the mark.) There are no less than two marks, one is the name of the foundation itself in conjunction with Open Source Software, and the other is the specific project name. -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org -- Greg Chase Director of Big Data Communities http://www.pivotal.io/big-data Pivotal Software http://www.pivotal.io/ 650-215-0477 @GregChase Blog: http://geekmarketing.biz/
Re: What is the legal basis for enforcing release policies at ASF?
Bill, So I can release Niclas Hadoop platform, based on Apache Hadoop ?? I thought the discussion a few years ago was that this was misleading... On Fri, Aug 7, 2015 at 12:30 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Thu, Aug 6, 2015 at 7:50 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Nothing other than the Trademarks. If someone wants to call httpd trunk 3.0.1-GA, they cannot do this as Apache httpd 3.0.1-GA or Apache HTTP Server 3.0.1-GA. They can certainly release trunk under the AL license and call it Kindred Http Server 3.0.1-GA, based on Apache HTTP Server. That is a statement of fact and not an abuse of the mark, IMHO. (If it was not actually based on Apache HTTP Server, then that would similarly be a Trademark infringement as it is a false use of the mark.) There are no less than two marks, one is the name of the foundation itself in conjunction with Open Source Software, and the other is the specific project name. -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java
Re: What is the legal basis for enforcing release policies at ASF?
On Fri, Aug 7, 2015 at 7:53 AM, Niclas Hedhman nic...@hedhman.org wrote: Bill, So I can release Niclas Hadoop platform, based on Apache Hadoop ?? I thought the discussion a few years ago was that this was misleading... Things in law are rarely binary except at the edges or after an actual court ruling. Releasing a Niclas George platform powered by Apache Hadoop conforms with our branding requirements, so would likely be OK. The further you go away from that, the less clear that what you are doing would be OK. Hadoop would be a especially problematic case for you, as Apache Hadoop, Hadoop, Apache, the Apache feather logo, and the Apache Hadoop project logo are either registered trademarks or trademarks of the Apache Software Foundation in the United States and other countries. -- https://hadoop.apache.org/ http is a more generic term, so including variants of it in your name (including httpd) would be less problematic than incorporating a name like Hadoop. - Sam Ruby On Fri, Aug 7, 2015 at 12:30 PM, William A Rowe Jr wr...@rowe-clan.net wrote: On Thu, Aug 6, 2015 at 7:50 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Nothing other than the Trademarks. If someone wants to call httpd trunk 3.0.1-GA, they cannot do this as Apache httpd 3.0.1-GA or Apache HTTP Server 3.0.1-GA. They can certainly release trunk under the AL license and call it Kindred Http Server 3.0.1-GA, based on Apache HTTP Server. That is a statement of fact and not an abuse of the mark, IMHO. (If it was not actually based on Apache HTTP Server, then that would similarly be a Trademark infringement as it is a false use of the mark.) There are no less than two marks, one is the name of the foundation itself in conjunction with Open Source Software, and the other is the specific project name. -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the legal basis for enforcing release policies at ASF?
On Aug 7, 2015 3:20 PM, Benson Margulies bimargul...@gmail.com wrote: On Fri, Aug 7, 2015 at 12:08 PM, Gregory Chase gch...@pivotal.io wrote: Does ...based on Apache Hadoop require a clear dependency notation as to which versions of Apache component releases are part of the commercial distribution? No, it cannot. Trademark law is not a matter of such distinctions, and our very own Apache License imposes no such complexity. Correct, and I don't expect we would ever enforce such a covenant on the use of an ASF mark. However, in the context of offering ASF software in the commercial or noncommercial spaces, providing that information in some manner is just good form and helpful to all end users. Please never claim it is based on an unreleased version number. Many projects refer to foo 1.5.2-dev until 1.5.2 is released. But if it is based on 1.5.2-dev, this probably corresponds to 1.5.1+ patches, not the actual 1.5.2 that will ship in the future. Note that in the case of these projects here, it is important to note that the code base is incubating (phrased as Apache Incubator Project Foo or Apache Foo, incubating). This isn't a concern for bundling TLP project sources.
Re: What is the legal basis for enforcing release policies at ASF?
On Thu, Aug 6, 2015 at 7:50 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Nothing other than the Trademarks. If someone wants to call httpd trunk 3.0.1-GA, they cannot do this as Apache httpd 3.0.1-GA or Apache HTTP Server 3.0.1-GA. They can certainly release trunk under the AL license and call it Kindred Http Server 3.0.1-GA, based on Apache HTTP Server. That is a statement of fact and not an abuse of the mark, IMHO. (If it was not actually based on Apache HTTP Server, then that would similarly be a Trademark infringement as it is a false use of the mark.) There are no less than two marks, one is the name of the foundation itself in conjunction with Open Source Software, and the other is the specific project name.
What is the legal basis for enforcing release policies at ASF?
Hi! while answering a question on release policies and ALv2 I've suddenly realized that I really don't know what is the legal basis for enforcing release policies we've got documented over here: http://www.apache.org/dev/release.html For example, what would be the legal basis for stopping a 3d party from releasing a snapshot of ASF's project source tree and claim it to be a release X.Y.Z of said project? Thanks, Roman. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org