james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Bagnara <apa...@bago.org>
Subject LICENSE/NOTICE/policies/ASF/law (Was: [jsieve] Any more TODO before 0.2 release?)
Date Thu, 19 Jun 2008 09:30:39 GMT
Robert Burrell Donkin ha scritto:
> On Wed, Jun 18, 2008 at 7:13 PM, Stefano Bagnara <apache@bago.org> wrote:
> <snip>
>> In most Licenses for product I use I read a lot of boilerplate that does not
>> apply to the specific product I use, but the licensor simply use the same
>> license for each product. Some term is clearly out of scope, but I don't
>> this this make the license invalid. IMHO the same applies to our use case.
> the subject of the discussion is not LICENSE but NOTICE

I agree but I keep talking about the "tuple" because of this:

My understanding of something that belongs to LICENSE ended up in NOTICE 
because Daniel Kulp and Me had different instructions or misunderstood 
Cliff "directives".

So, to avoid the issue of what belongs to NOTICE and what to LICENSE I 
keep talking about the tuple as a single thing. Moving stuff between the 
2 will be easier than defining what they have to include and where they 
have to appear.

>> You see I was in that thread too with many post about my opinions and doubt
>> about mixing policies, legal requirements and personal preferences. I still
>> have the same doubt I had before that thread.
>> From my understand each one ended up keeping his previous opinion and we had
>> no new board "rules" from that.
> the board of the ASF set very few rules: the legal-affairs committee
> are charged with legal stuff with approval by the membership
>> I personally didn't reply to this:
>> http://markmail.org/message/mrbob6xo7c42bqh3
>> only because if it is true then I would resign from the PMC because I don't
>> want to be liable for each commit made by others and we could skip the
>> release vote process at all because our repository would be always
>> releasable and we would need to vet each commit in RTC as a written rule by
>> the board.
> the vote is to ensure that a release is official. this offers a
> measure of protection to release managers under most reasonable legal
> systems

I agree. But this would be nonsense if each PMC member is anyway 
responsible at any time for what is in SVN.
It does not make sense to -1 a release because of wrong NOTICE when the 
problem is the wrong NOTICE has been in svn for months.
Instead I believe there is a big difference between svn and a release 
and we should care of what we put in releases: if this is not true then 
we should make the svn *private* (maybe publish only the folders of the 
released tags?) and stop caring of the issue because we CTR does not 
protect me from having a NOTICE not appropriate for what there is in 
some deeper folder.
Furthermore non-redistributable code that is cleaned-up after review 
will still be accessible FOREVER because of svn history/revisions.

So, if SVN *is* an issue ASF should consider hiding it to the world and 
allow each PMC to decide what sources to make public. If instead svn 
content is not an issue then let's stop caring of it and let's talk 
about releases :-)

>> No single person will convince me ( :-) ) that a NOTICE file in a random
>> folder allow me to stop violating IP for a file in another random folder:
>> either you link them someway or the NOTICE file is useless.
>> The root folder of a redistributed package is clearly a special place, a
>> random parent folder in the svn repository is not so special to make you
>> liable or make you safe IMHO.
> examples are so-called attribution licenses which require attribution
> and movement of copyright notices on imported codebases

I agree that attribution should be given, but I don't agree that a 
NOTICE file in a random unrelated folder that will not be seen 
downloading one file of the imported codebase will make any difference.

The ASF-ALv2 header tells people "see the NOTICE file distributed with 
this work": if you download a single file from svn there is no "work" 
(or there is no NOTICE in the "distribution").

>> I would like to understand what kind of IP we violate bu having this file
>> there:
>> http://svn.apache.org/repos/asf/james/server/trunk/stage/javax.mail/jars/mail-1.4.1.jar
>> if we removed this file:
>> http://svn.apache.org/repos/asf/james/server/trunk/NOTICE.txt
>> I doubt there is a law (in any country) telling people that if they obtain a
>> file from an url then they have to try to request for the NOTICE.txt file in
>> each parent folder:
>> http://svn.apache.org/repos/asf/james/server/trunk/stage/javax.mail/jars/NOTICE.txt
>> http://svn.apache.org/repos/asf/james/server/trunk/stage/javax.mail/NOTICE.txt
>> http://svn.apache.org/repos/asf/james/server/trunk/stage/NOTICE.txt
>> http://svn.apache.org/repos/asf/james/server/trunk/NOTICE.txt
>> until you find one and then you have to take it for good.
> don't mistake policy for law: apache asks that projects indicate this
> information so that the public can more easily check and understand
> the copyright characteristics of the work. happily, this requirement
> also ensures that the requirements of attribution licenses and
> relocated copyrights are correct implemented.

I don't mistake policy for law: instead I keep telling people everyone 
mixes policies, legal issues and personal preferences. In particular 
people keep spreading personal preferences in the name of legal 
requirements. This is not good for the community: tell people they are 
preferences, tell people they are policies defined at ASF level, tell 
people they are policies defined at the PMC level, tell people that they 
are your personal preferences, but tell this!

"apache asks that projects": who is "apache" in this sentence?
Apache License? ASF members? ASF committers? ASF legal-affair? ASF board?

>> BTW I am only one more troll in the repeating NOTICE/LICENSE flame. I would
>> simply like to have the board publish clear RULES about what ASF committers
>> HAVE TO do regarding releases and svn, and what behaviour/solutions are
>> policies to be defined by single PMCs. I would keep my opinion on what is
>> legally required or not, but I would for sure follow the board requirements.
> apache believes in self-governing communities. this is why the board
> does not impose rules from above. i've been involved in the legal side
> at apache for several years now, and the sad truth of the matter is
> that copyright and trademark law are not really suitable for a set of
> simple rules to follow.

Ok, but people take care to come here and tell what is wrong in our 
distribution, referring to what MUST BE done instead.

I'm am in the JAMES PMC, so, if people tell the JAME PMC what MUST be 
done then I think there is something above the JAMES PMC: either it is 
some law for some jurisdiction I should care about or it is some entity 
in the ASF: if it is not the board then the board itself should tell us 
what is the entity entitled in telling us what we MUST do.

BTW we know there is some "ASF wide"-policy: who define it, where are 
written and what is the process to discuss changes or disambiguate 
issues? Either the board define them, or there is a community/members 
process in place.


To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message