On Mon, Mar 31, 2008 at 12:43 AM, Stefano Bagnara <[EMAIL PROTECTED]> wrote:
> I understood that we are not understanding each other, too! > > I'm sorry for the long messages, my poor english bring me to write the > same thing multiple time with the hope the message is transmitted. the english used in this area is particularly tough since it contains a lot of nuance but i'm not sure i can simplify without losing accuracy > I clearly understand that downloading an artifact from a website as part > of an automated process is DIFFERENT (for the US law, for many other > jurisdictions, for the ASF policies, and for everything else) from > redistributing the same artifact as part of another product. > > My point is that if you don't know what the license is I don't see why > downloading automatically is *THE* right choice. I understand that the > legal complications of redistributing are bigger than the one of > automatically download, but the fact is that we don't know the license, > so there are even minimal possibilities that also the automatic download > is not allowed by the license we don't know. ok i'm going to assume that we're talking about the automatic download which happen when maven builds the project. i am not concerned by the automatic download because i trust the maven team to act responsibly enough to allow me to use their application in good faith. though the public audit trail is not clear and so i cannot independently verify this faith, i am in a similar position with most of the software i use. maven is not tied to a single repository. if the people running the central repository end up having a problem with the IP of the documents they distribute then this is a problem for them and not me. apache does not run the repository and so i don't believe that this is an issue that need concern the members. i trust that the people who do run the central repository understand enough US law to ensure that they are not taking too many risky. IMHO this is not an unreasonable assumption. > The funny thing is that all of this thread is about a "stupid" pom that > even my father could write as is if I explain him the pom > semantic+syntax and I tell him to describe junit-3.8.1.jar. This is what > scare me: the fact that we don't have a clear way to rewrite this > f***ing xml from scratch and release jSPF-0.9.7. > > For the record the other funny thing is that I don't need a jSPF release > and I don't use jSPF in any of my projects. My involvement in jSPF > started mainly because I had problems releasing JAMES Server and need a > way to work together Norman to better understand his skills and try to > help him joining the JAMES project. note that i didn't -1 the release: if i thought that it posed a significant danger then i would have done so i audit a lot of releases and have my own policies. i will not +1 a release unless i am convinced that the IP is know and fully audited. this is different from -1ing a release that i consider to be actively dangerous. other people judge things differently. > I thank you for everything you wrote in reply to my messages: it is > always interesting to me to discuss corner cases. What I find > frustrating is that my english is not as good as my italian otherwise we > could have written much less and have a conclusion about what to do with > jSPF, now. +1 - robert --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
