james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Burrell Donkin" <robertburrelldon...@gmail.com>
Subject Re: LICENSE/NOTICE/policies/ASF/law (Was: [jsieve] Any more TODO before 0.2 release?)
Date Thu, 19 Jun 2008 17:39:03 GMT
On Thu, Jun 19, 2008 at 10:30 AM, Stefano Bagnara <apache@bago.org> wrote:
> Robert Burrell Donkin ha scritto:
>> On Wed, Jun 18, 2008 at 7:13 PM, Stefano Bagnara <apache@bago.org> wrote:
>> <snip>
>>> In most Licenses for product I use I read a lot of boilerplate that does
>>> not
>>> apply to the specific product I use, but the licensor simply use the same
>>> license for each product. Some term is clearly out of scope, but I don't
>>> this this make the license invalid. IMHO the same applies to our use
>>> case.
>> the subject of the discussion is not LICENSE but NOTICE
> I agree but I keep talking about the "tuple" because of this:
> http://markmail.org/message/ymvnlgsg4egfiijc
> My understanding of something that belongs to LICENSE ended up in NOTICE
> because Daniel Kulp and Me had different instructions or misunderstood Cliff
> "directives".

cliff tends towards sublety (too long talking to lawyers, i think).
categorical directives aren't his style.

> So, to avoid the issue of what belongs to NOTICE and what to LICENSE I keep
> talking about the tuple as a single thing. Moving stuff between the 2 will
> be easier than defining what they have to include and where they have to
> appear.

sounds reasonable

>>> You see I was in that thread too with many post about my opinions and
>>> doubt
>>> about mixing policies, legal requirements and personal preferences. I
>>> still
>>> have the same doubt I had before that thread.
>>> From my understand each one ended up keeping his previous opinion and we
>>> had
>>> no new board "rules" from that.
>> the board of the ASF set very few rules: the legal-affairs committee
>> are charged with legal stuff with approval by the membership
>>> I personally didn't reply to this:
>>> http://markmail.org/message/mrbob6xo7c42bqh3
>>> only because if it is true then I would resign from the PMC because I
>>> don't
>>> want to be liable for each commit made by others and we could skip the
>>> release vote process at all because our repository would be always
>>> releasable and we would need to vet each commit in RTC as a written rule
>>> by
>>> the board.
>> the vote is to ensure that a release is official. this offers a
>> measure of protection to release managers under most reasonable legal
>> systems
> I agree. But this would be nonsense

no: issuing a release is definitely an act of publication. in many
legal systems, this makes a big difference.

> if each PMC member is anyway responsible
> at any time for what is in SVN.

depends on what you mean by responsible. the PMC is charged with
oversight by the board so this is one responibility.

(perhaps you mean culpability)

> It does not make sense to -1 a release because of wrong NOTICE when the
> problem is the wrong NOTICE has been in svn for months.

personally speaking, i rarely -1 releases unless i consider that to
release would be positively dangerous

> Instead I believe there is a big difference between svn and a release and we
> should care of what we put in releases: if this is not true then we should
> make the svn *private* (maybe publish only the folders of the released
> tags?) and stop caring of the issue because we CTR does not protect me from
> having a NOTICE not appropriate for what there is in some deeper folder.
> Furthermore non-redistributable code that is cleaned-up after review will
> still be accessible FOREVER because of svn history/revisions.
> So, if SVN *is* an issue ASF should consider hiding it to the world and
> allow each PMC to decide what sources to make public. If instead svn content
> is not an issue then let's stop caring of it and let's talk about releases
> :-)

that's not the way the world works. the PMC owes the board, the
membership and and the public a reasonable duty of care. all that is
required is that we do take care.

>>> No single person will convince me ( :-) ) that a NOTICE file in a random
>>> folder allow me to stop violating IP for a file in another random folder:
>>> either you link them someway or the NOTICE file is useless.
>>> The root folder of a redistributed package is clearly a special place, a
>>> random parent folder in the svn repository is not so special to make you
>>> liable or make you safe IMHO.
>> examples are so-called attribution licenses which require attribution
>> and movement of copyright notices on imported codebases
> I agree that attribution should be given, but I don't agree that a NOTICE
> file in a random unrelated folder that will not be seen downloading one file
> of the imported codebase will make any difference.

attribution licenses are so called because they require more or less
the above. yes, they are a PITA which is why they have become

> The ASF-ALv2 header tells people "see the NOTICE file distributed with this
> work": if you download a single file from svn there is no "work" (or there
> is no NOTICE in the "distribution").

the document is the work. subversion is the distribution mechanism.
(and yes apache spent years working through this and other matters
with lawyers)

>>> I would like to understand what kind of IP we violate bu having this file
>>> there:
>>> http://svn.apache.org/repos/asf/james/server/trunk/stage/javax.mail/jars/mail-1.4.1.jar
>>> if we removed this file:
>>> http://svn.apache.org/repos/asf/james/server/trunk/NOTICE.txt
>>> I doubt there is a law (in any country) telling people that if they
>>> obtain a
>>> file from an url then they have to try to request for the NOTICE.txt file
>>> in
>>> each parent folder:
>>> http://svn.apache.org/repos/asf/james/server/trunk/stage/javax.mail/jars/NOTICE.txt
>>> http://svn.apache.org/repos/asf/james/server/trunk/stage/javax.mail/NOTICE.txt
>>> http://svn.apache.org/repos/asf/james/server/trunk/stage/NOTICE.txt
>>> http://svn.apache.org/repos/asf/james/server/trunk/NOTICE.txt
>>> until you find one and then you have to take it for good.
>> don't mistake policy for law: apache asks that projects indicate this
>> information so that the public can more easily check and understand
>> the copyright characteristics of the work. happily, this requirement
>> also ensures that the requirements of attribution licenses and
>> relocated copyrights are correct implemented.
> I don't mistake policy for law: instead I keep telling people everyone mixes
> policies, legal issues and personal preferences. In particular people keep
> spreading personal preferences in the name of legal requirements. This is
> not good for the community: tell people they are preferences, tell people
> they are policies defined at ASF level, tell people they are policies
> defined at the PMC level, tell people that they are your personal
> preferences, but tell this!
> "apache asks that projects": who is "apache" in this sentence?
> Apache License? ASF members? ASF committers? ASF legal-affair? ASF board?

apache is the apache software foundation

i was just trying to explain the reasoning behind the policy (as i
understand it)

>>> BTW I am only one more troll in the repeating NOTICE/LICENSE flame. I
>>> would
>>> simply like to have the board publish clear RULES about what ASF
>>> committers
>>> HAVE TO do regarding releases and svn, and what behaviour/solutions are
>>> policies to be defined by single PMCs. I would keep my opinion on what is
>>> legally required or not, but I would for sure follow the board
>>> requirements.
>> apache believes in self-governing communities. this is why the board
>> does not impose rules from above. i've been involved in the legal side
>> at apache for several years now, and the sad truth of the matter is
>> that copyright and trademark law are not really suitable for a set of
>> simple rules to follow.
> Ok, but people take care to come here and tell what is wrong in our
> distribution, referring to what MUST BE done instead.

i'm not sure i'd put it quite as strongly as that

> I'm am in the JAMES PMC, so, if people tell the JAME PMC what MUST be done
> then I think there is something above the JAMES PMC: either it is some law
> for some jurisdiction I should care about or it is some entity in the ASF:
> if it is not the board then the board itself should tell us what is the
> entity entitled in telling us what we MUST do.
> BTW we know there is some "ASF wide"-policy: who define it, where are
> written and what is the process to discuss changes or disambiguate issues?
> Either the board define them, or there is a community/members process in
> place.

members appoints and oversees the board. the board appoints committees
from the membership to deal day to day with some matters. in this
case, the policy is set by infrastructure and legal-affairs
committers. changing policy means lobbying these committees who will
then consider proposals and take them to the membership. i'm a member
and on the legal-affairs committee but IIRC i haven't spoken with that
hat on in this forum.

please read http://www.apache.org and http://www.apache.org/dev for
more information

- robert

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message