Leo, As you have seen from some of our exchange and Costin's comments, there are differing views on how to make use of the repository. Costin and I seem to be of the option that a significant portion of the value of the repository comes from sharing and centralizing the managment of ASF-acceptable third party jars.
For what it is worth, I discussed this with Dion Gillard yesterday. He indicated that he didn't have time to respond on the thread, but that I should reply in proxy, so I will quote him: "People *must* know that the maven team decided a whole lot of things about repositories. And having an apache only repository is almost useless; even apache uses non-apache code. The current 'daedalus' repository seems to be duplicating what's already been done in maven." I don't know that I entirely agree with him about the repository duplicating what is done by Maven, because I do believe that the ASF would want to have oversight on what it does accept for use, and the ibiblio repository would be a mirror or a superset of what the ASF site declares as official (for the ASF). Dion does agree, as I think should everyone, with your rules for publication: a) policy b) desire c) approval for the ASF to redistribute Not sure that (a) and (c) aren't redundant, but that depends upon how you define policy. FWIW, Dion indicates that you are wrong about the "no" regarding JUnit licensing. > Licensing policy is quite tricky and lots of things need to be done > before the ASF should even consider setting up a centralized easily > user-accessible distribution [of third party jars] But that's the whole point, Leo. :-) Given the confusion and effort related to the approved use of third party jars, I see that as a primary benefit of the repository, not even a secondary one. Especially from the standpoint of the Board (and projects) being able to verify that all third party jars have clean license. I'm not sure if you have any idea of how many hours and hours Dion has invested in going through the Maven repository, and its licensing. By using the repository as the authoritative statement of what is acceptable, projects have both a known authority and a known procedure for securing approval to use another jar. This provides further protection to the ASF by ensuring that not only does each PMC make a conscious decision to use a new jar, but that people who are familar with licensing on a regular basis also get a chance to vett new uses of third party code. > http://nagoya.apache.org/wiki/apachewiki.cgi?Licensing should > be made into an authoritive source on www.apache.org that > unambiguously answers "yes" or "no" And those would be the guiding principles used by the repository oversight committee to approve new contents. By centralizing it, if there are any issues that need to go back to the Board, there is a controlled mechanism so that it doesn't become a lot of noise at their level. And as the approved list grows, projects can spend less time worrying over licening, and just use approved jars. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
