www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: Developer Repository
Date Mon, 19 Jan 2004 23:23:48 GMT

On Mon, 19 Jan 2004, Mark R. Diggory wrote:

> Just to clarify, the maven repository at ibiblio is not just for apache,
> there is content within it that is not created by apache.

Sure - that is clear, and that is not the concern.

> www.ibiblio.org/maven is the "canonical" source for the maven repository
> specifically because it is an "organizationally neutral" location.

Clear - but ass explained before; neutral is exactly -not- what is
required for the authoritative copy or tools as under an ASF banner. On
the other hand if maven wants to be totally "organizationally neutral"
it should not be an shelter as an ASF project.

Again - if the Foundation, for whatever reason, needs to pull a file or
release; its own tools better follow suit as appropriate. In developer
terms: Sure, clients can override, there can be caching; but if we pull a
file, and some person, a week later can 'take a clean machine, fetch maven
from the asf, do a 'default' install' then it should not contain that
pulled file. If it does we have a problem. A lot of our protection relies
on not beeing an attractive target when infringing; i.e. we pull, we clean
- then analyse and put the file back or apologize as appropriate. As soon
as we loose that control it starts to border on will full infringement,
punitive damages and other things taking up developer energy.

This propblem can be solved in many ways; metadata is one; while still
using ibiblio and others for mirroring in a neutral fashion.

But as soon as we hardcode things to any third part in ASF released code
we better understand what relation we have with that party. Often that is
not an issue; but releases are one of the few areas where we do have
exposure. And no - having an MoU is propably not the right thing to do.


View raw message