Robert Burrell Donkin ha scritto:
On Sun, Mar 30, 2008 at 4:56 PM, Robert Burrell Donkin
<[EMAIL PROTECTED]> wrote:
On Sun, Mar 30, 2008 at 4:09 PM, Stefano Bagnara <[EMAIL PROTECTED]> wrote:
>
> Robert Burrell Donkin ha scritto:
> > On Sat, Mar 29, 2008 at 5:25 PM, Stefano Bagnara <[EMAIL PROTECTED]>
wrote:
> >> Robert Burrell Donkin ha scritto:
> >> > On Sat, Mar 29, 2008 at 1:40 PM, Stefano Bagnara <[EMAIL PROTECTED]>
wrote:
> >> >> Robert Burrell Donkin ha scritto:
> >> >> > On Fri, Mar 28, 2008 at 11:07 AM, Stefano Bagnara <[EMAIL
PROTECTED]> wrote:
> >> >>
> >> >>>> I checked MAVENUPLOAD and the first reference about junit is:
> >> >> >> http://jira.codehaus.org/browse/MAVENUPLOAD-1168
> >> >> >> And it is about junit 4.1: the submitter say he took the pom
from 4.0
> >> >> >> and updated it.. so this doesn't help for now. IF the original
junit pom
> >> >> >> was under the CPL then probably that user was not entitled in
altering
> >> >> >> the content and submit it to the ASF and the ASF should not have
> >> >> >> uploaded it to central (is this right?).
> >> >> >
> >> >> > codehaus is not apache. any source use from codehaus needs to
come in
> >> >> > via the incubator IP clearance.
> >> >> >
> >> >> > - robert
> >> >>
> >> >> Hey... MAVENUPLOAD at codehaus is *THE* *WAY* artifacts use to be
placed
> >> >> in central by the ASF ;-) . Or at least this is what maven tells to
the
> >> >> world:
> >> >>
http://maven.apache.org/guides/mini/guide-central-repository-upload.html
> >> >>
> >> >> I can also confirm that I have successfully created a pom for
dnsjava,
> >> >> uploaded it to codehaus MAVENUPLOAD JIRA and someone published it
to the
> >> >> maven central repository.
> >> >>
> >> >> I just repeat that MOST projects in ASF are using the poms included
in
> >> >> central and this is a big issue that is being mostly ignored,
> >> >> unfortunately. That is why I think the PPMC are not being diligent
and
> >> >> the board should help spreading this issue and coordinate all the
PPMCs
> >> >> to find a common solution to this issue.
> >> >
> >> > using artifacts from the maven repository does not worry me:
> >> > distributing artifacts does
> >> >
> >> > - robert
> >>
> >> I understand this, but I didn't understand why.
> >> If that file is under an acceptable license then we can use and
> >> redistribute it, otherwise we can't use and redistribute it IMO.
> >
> > you can opinion all you like but you're wrong
> >
> > use and distribution are two distinct and different concepts and
> > rights under copyright law. it is perfectly possible to create
> > licenses which allow use but not distribution and vice versa.
> >
> > - robert
>
> Sorry. I can accept your opinion but I don't think I'm wrong and you're
> right ;-)
if you're interested in open source and the law then you really should
try to get to more conferences: you might learn something
> What I say is that if you DON'T KNOW THE LICENSE the ALL RIGHTS ARE
> RESERVED. This means you can't redistribute it and you can't
> automatically download it as part of an automated process.
no: you're wrong
if you don't knowingly possess an explicit license then this means
exactly and only that: you don't knowingly possess an explicit
license. you may still have rights to use or distribute that artifact:
you may have an implied license, the artifact might contain an
embedded license, a public license may be available (which you don't
know about or that you haven't bothered to download) or your legal
system may grant fair use rights. AIUI there are some jurisdictions
(for example, the UK) which may in theory imply that you need to
possess an actual license but in practice this is unenforcable.
apologies, re-reading this thread i see that i've become a little
personal. i just find it very frustrating and this is a very long
thread that seems to be going nowhere. i've tried to explain where
there are big differences between distribution and use under copyright
law and in apache policy but i haven't really succeeded.
- robert
ops, sorry.. I read this message after the previous reply.
I understood that we are not understanding each other, too!
I'm sorry for the long messages, my poor english bring me to write the
same thing multiple time with the hope the message is transmitted.
I clearly understand that downloading an artifact from a website as part
of an automated process is DIFFERENT (for the US law, for many other
jurisdictions, for the ASF policies, and for everything else) from
redistributing the same artifact as part of another product.
My point is that if you don't know what the license is I don't see why
downloading automatically is *THE* right choice. I understand that the
legal complications of redistributing are bigger than the one of
automatically download, but the fact is that we don't know the license,
so there are even minimal possibilities that also the automatic download
is not allowed by the license we don't know.
The funny thing is that all of this thread is about a "stupid" pom that
even my father could write as is if I explain him the pom
semantic+syntax and I tell him to describe junit-3.8.1.jar. This is what
scare me: the fact that we don't have a clear way to rewrite this
f***ing xml from scratch and release jSPF-0.9.7.
For the record the other funny thing is that I don't need a jSPF release
and I don't use jSPF in any of my projects. My involvement in jSPF
started mainly because I had problems releasing JAMES Server and need a
way to work together Norman to better understand his skills and try to
help him joining the JAMES project.
I thank you for everything you wrote in reply to my messages: it is
always interesting to me to discuss corner cases. What I find
frustrating is that my english is not as good as my italian otherwise we
could have written much less and have a conclusion about what to do with
jSPF, now.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
