On Fri, Mar 28, 2008 at 11:40 AM, Stefano Bagnara <[EMAIL PROTECTED]> wrote: > Robert Burrell Donkin ha scritto: > > > apache has access to lawyers but the question needs to be clear and > > one of legality not policy > > Here is the summary I wrote to legal-discuss and repository lists the > past october. I already referenced it in previous mail but maybe a > copy&paste is more explicit: > > -------------------------------------------------------------- > "legal issues" summary is: > > 1) Are the "simplest" pom.xml (artifactId+groupId+license > information+dependencies) copyrightable?
this is a poor question: too broad and open ended. the correct answer is it depends under US copyright, IMHO many simple pom.xml cannot be copyrightable. however, the only way to be sure would be to test it in court. avoiding court is a major apache aim. > 2) What licenses should we allow for pom.xml in order to make *legal* > the current use of the central maven repository? again, this question is too broad and open ended: any number of licenses could be created to achieve this goal. apache policy is clear on this point: artifacts distributed from apache should be under the apache license. > 3) Can the license for the pom.xml be described in the xml itself or we > need the whole license header like the one we would prepend to any other > xml file? The pom.xml is often a redistributable "as is", without being > included in a package: does this need a special "license header" ? again, too broad and open ended a license header is just legal boiler plate that effectively describes the license for the document > The technical/procedural issues for the repository management are: > > A) How to tweak the current procedures to avoid publishing of new > pom.xml without a license or without an acceptable license (BSD, MIT, > ASL, W3C..., depending on answers about #2 above) upload to the apache maven repository should be reasonably covered by CCLAs, CLAs and JIRA but the audit trial is lacking and so it is impossible to demonstrate that it's covered IMO the maven [EMAIL PROTECTED] should be under version control > B) How to deal with the current poms not having a license. IMO asking uploaders to add a license header would not be unreasonable > C) What to do when a pom is already published in a 3rd party repository > under an incompatible license: we cannot copy it, and probably is not a > good practice to create another pom with the same artifactId/groupId but > with different informations. either create a new clean pom or accept that we can't ship a pom for that artifact > D) How to "evangelize" projects to make sure that future pom.xml (and > other resources like site.xml) includes the license header (e.g: make > sure maven plugins bugs are solved ASAP and high priority) step up and code the required changes...? - robert --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
