Noel J. Bergman wrote:
you get an ok on that from the board and/or the infrastructure team, and consensus across theAs you have seen from some of our exchange and Costin's comments, there are differing views on how to make use of the repository. Costin and I seem to be of the option that a significant portion of the value of the repository comes from sharing and centralizing the managment of ASF-acceptable third party jars.
community, and I'll be absolutely 100% behind any such plan.
uhm...no. I need a location where I can put avalon jars and the distribution version of jars used byAnd having an apache only repository is almost useless; even apache uses non-apache code.
gump, and I would really like to have this location mirrored into the existing maven @ ibiblio repo,
so that it becomes real easy to control what avalon jars are available that way. It's not useless at all!
the difference is in control, location and community. I want to be able to modify the jars in theThe current 'daedalus' repository seems to be duplicating what's already been done in maven."
avalon part of such a repository (control), the ASF wants the asf hardware to be the
primary distribution channel for asf software (location), and I want such a repository to
be usable and the de-facto standard across ant,maven,centipede,whatever (community). Technically,
I'm trying to exactly keep the difference to zero, and have exactly zero thought on how to do it, but
just use the existing practices.
the "no" is with regard to whether apache wants to get into redistributing JUnit, not with regardFWIW, Dion indicates that you are wrong about the "no" regarding JUnit licensing.
to whether it is okay to link to or provide as part of an asf project, or anything like that. IANAL.
Like I said the first time :D
sure. I know how much I've invested in it so far, and I have only very little knowledge and very littleLicensing policy is quite tricky and lots of things need to be done
before the ASF should even consider setting up a centralized easily
user-accessible distribution [of third party jars]
But that's the whole point, Leo. :-) Given the confusion and effort related to the approved use of third party jars, I see that as a primary benefit of the repository, not even a secondary one. Especially from the standpoint of the Board (and projects) being able to verify that all third party jars have clean license. I'm not sure if you have any idea of how many hours and hours Dion has invested in going through the Maven repository, and its licensing.
accomplishment in the matter, so he must have invested lots more :D. This is precisely why I'm doing
next to no thinking on my own, and just following his lead!
you absolutely do not need a repository as an authoritative statement of what is acceptable. WhatBy using the repository as the authoritative statement of what is acceptable, projects have both a known authority and a known procedure for securing approval to use another jar. This provides further protection to the ASF by ensuring that not only does each PMC make a conscious decision to use a new jar, but that people who are familar with licensing on a regular basis also get a chance to vett new uses of third party code.
you need for that is an authoritative statement. But yes, having a centralized repository of
acceptable third party jars does add an extremely convenient procedure for securing approval
of a particular jar.
http://nagoya.apache.org/wiki/apachewiki.cgi?Licensing should
be made into an authoritive source on www.apache.org that
unambiguously answers "yes" or "no"
And those would be the guiding principles used by the repository oversight committee to approve new contents.
you mean not "the guiding principles", but "the authoritive statement".
---
Look, I support the goal, but there's requirements to be satisfied. In order to place any non-asf
created third-party jar on www.apache.org, I think we need at a minimum:
1) an ok from the board on providing redistribution of these third party jars*
2) authoritative** confirmation that the redistribution of any such jar under a specific license and/or
copyright is in line with the ASL and the ASF licensing policy
3) authoritative** information on what requirements are placed on the redistribution of such a jar
so that all relevant licenses and license policies are satisfied,
4) a mechanism for ensuring the satisfaction of these requirements
5) an ok (ie majority vote) from the community on this provision (though consensus would be nice)
when (1)-(4) is satisfied you'll get my +1 on (5). I will also try and help out with satisfying (2)-(5) when (1)
has been satisfied. I don't really care what process is used to get these requirments satisfied; a committee
headed by Dion (sorry if I misspell here ;)) sounds just fine with me. But get (1) in place before spending
too much energy on (2)-(5). Certainly, I'm not going to spend more time convincing anyone that getting
these things in place is a good idea. By now, I think I've made myself as clear as possible.
* no idea whether it's a good idea to propose a resolution, just ask a question, or start a tv ad campaign;
not too important how, as long as everyone agrees that the magical "ok" has indeed been issued :D
** no idea when something is "authoritative". I get the feeling that actual "authoritative" is very expensive,
and that we instead just want a few people with lots of knowledge on this stuff (Roy comes to mind, I
dunno who else)
cheers,
- Leo
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
