Re: apache binary distributions
I was indeed talking of publishing the original material, released properly from Apache but with some minor changes to fit into the "Steve&Nick Platform" (whatever that might be). I think that is analogous... So, if we agree that is all the same... minor alterations of official releases That said, I think/suspect that if "Cloudera Hadoop" or "Hortonworks Hadopo" is published in this manner (official releases with minor changes to fit their bigger picture), there might be quite a lot of noise... Just asking... I have no strong opinion in either way, other than I would like to see consistency. Cheers Niclas On Wed, Aug 19, 2015 at 1:15 PM, Marvin Humphrey wrote: > On Tue, Aug 18, 2015 at 6:46 PM, Niclas Hedhman > wrote: > > > Well, if "Debian" can publish their built Apache Maven as "maven" and > > "Steve&Nick" can't publish their built Apache Maven as "maven", then the > > inescapable question is; On what non-arbitrary grounds is one acceptable > > and the other is not? It can't be "we like Debian, but not Steve&Nick", > > that is morally weak. > > We need to distinguish between two situations: > > * Redistributor starts from official Apache release. > * Redistributor starts from unreleased code. > > "Debian" consumes official Apache releases, and they make changes that are > often very small. Whether we should be aggressive in enforcing our > trademarks > under those circumstances is a judgment call. Should "Steve&Nick" also > start > from an official release and make changes of similar scope to those made by > "Debian", I would agree that the case for enforcing our trademarks would be > roughly analogous. > > However, if "Steve&Nick" are Apache project contributors publishing > unreleased > code and making an end run around Apache release policy, there's greater > cause > for concern. > > * Are other PMC members being denied their right to participate in > release > decision making? > * To what extent does the privileged position afforded "Steve&Nick" > undermine project independence? > * While our communities strive to maintain codebases in compliance with > Apache legal and release policies, we accept that raw repository code > may > be imperfect between releases. Just how far out of compliance is the > unreleased code "Steve&Nick" are publishing under our trademark? > * To what extent is the 501(c)(3) status of the Foundation put at > increased risk by the actions of this project? What if the practices > spread to other projects? > > If "Debian" were to systematically consume unreleased code from us (aside > from > patches they've contributed themselves), I imagine we would have similar > concerns. But that seems like a weird theoretical. > > Marvin Humphrey > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java
Re: apache binary distributions
On Wed, 19 Aug 2015 at 02:47 Niclas Hedhman wrote: > On Wed, Aug 19, 2015 at 3:40 AM, Stephen Connolly < > stephen.alan.conno...@gmail.com> wrote: > > > > > Yes that was my analysis of the question: If I decide to produce an > > unofficial binary release of Maven without the approval of the rest of > the > > PMC, I may not call it Maven. If I did call it Maven then the remainder > of > > the PMC would be responsible for sending me a C&D. > > > > Well, if "Debian" can publish their built Apache Maven as "maven" and > "Steve&Nick" can't publish their built Apache Maven as "maven", then the > inescapable question is; On what non-arbitrary grounds is one acceptable > and the other is not? It can't be "we like Debian, but not Steve&Nick", > that is morally weak. > Well I actually have concerns about the "maven" that debian is publishing. There are some quite significant - in my view - deviations from our Maven. For me, the majority of the concerns could be addressed if they fix the *Description* to clarify that it is a modified distribution of Apache Maven *and* they add an ACK to the trademarks in the description of the package. The open question remains, is the *Package Name* a name that could be viewed as use of the trademark? Do the end users - i.e. developers - expect that `apt-get install maven` is installing Apache Maven? If they are junior developers my experience suggest they may think so... So if `apt-get install maven` causes confusion with our brand, we may have to ask Debian what they suggest they could do to remove the confusion. There are simple solutions, e.g. change the package name to mvn; stop making such large sweeping changes to our product; etc But I am still awaiting guidance from brand on whether a technical name usage - e.g. installer package name - is a use of the mark. This gets even more confusing with some of their packaged maven plugins, which for interop need to use maven: http://pkgs.org/debian-sid/debian-main-i386/libmaven-compiler-plugin-java_3.2-4_all.deb.html (more obvious with Fedora: http://pkgs.org/fedora-23/fedora-i386/maven-compiler-plugin-3.3-2.fc23.noarch.rpm.html) Thankfully in these cases I believe the source code is not patched, but it is binaries rebuilt from source not pulled down from Maven Central... which can cause issues for users. Fun Fun Fun > > > Niclas >
Re: apache binary distributions
Perhaps, the maven pmc could decree: if you are making a convenience installer of maven for an OS where the maven pmc does not create a convenience installer, you may use "maven" as the packaging name provided the description clarifies it is a custom build and provides an ack of our marks. Also the version number is different if patches have been applied. Would that be an acceptable defence of our mark? On Wed 19 Aug 2015 at 09:46, Stephen Connolly < stephen.alan.conno...@gmail.com> wrote: > On Wed, 19 Aug 2015 at 02:47 Niclas Hedhman wrote: > >> On Wed, Aug 19, 2015 at 3:40 AM, Stephen Connolly < >> stephen.alan.conno...@gmail.com> wrote: >> >> > >> > Yes that was my analysis of the question: If I decide to produce an >> > unofficial binary release of Maven without the approval of the rest of >> the >> > PMC, I may not call it Maven. If I did call it Maven then the remainder >> of >> > the PMC would be responsible for sending me a C&D. >> > >> >> Well, if "Debian" can publish their built Apache Maven as "maven" and >> "Steve&Nick" can't publish their built Apache Maven as "maven", then the >> inescapable question is; On what non-arbitrary grounds is one acceptable >> and the other is not? It can't be "we like Debian, but not Steve&Nick", >> that is morally weak. >> > > Well I actually have concerns about the "maven" that debian is publishing. > There are some quite significant - in my view - deviations from our Maven. > > For me, the majority of the concerns could be addressed if they fix the > *Description* to clarify that it is a modified distribution of Apache Maven > *and* they add an ACK to the trademarks in the description of the package. > > The open question remains, is the *Package Name* a name that could be > viewed as use of the trademark? > > Do the end users - i.e. developers - expect that `apt-get install maven` > is installing Apache Maven? If they are junior developers my experience > suggest they may think so... > > So if `apt-get install maven` causes confusion with our brand, we may have > to ask Debian what they suggest they could do to remove the confusion. > > There are simple solutions, e.g. change the package name to mvn; stop > making such large sweeping changes to our product; etc > > But I am still awaiting guidance from brand on whether a technical name > usage - e.g. installer package name - is a use of the mark. > > This gets even more confusing with some of their packaged maven plugins, > which for interop need to use maven: > http://pkgs.org/debian-sid/debian-main-i386/libmaven-compiler-plugin-java_3.2-4_all.deb.html > (more > obvious with Fedora: > http://pkgs.org/fedora-23/fedora-i386/maven-compiler-plugin-3.3-2.fc23.noarch.rpm.html) > Thankfully in these cases I believe the source code is not patched, but it > is binaries rebuilt from source not pulled down from Maven Central... which > can cause issues for users. > > Fun Fun Fun > > >> >> >> Niclas >> >
Re: apache binary distributions
I might add also that our integration tests should pass for patched releases (if you want to call the package "maven") Let's take this straw man out for a walk: Microsoft produce a maven.msi and it is available for download on a page called "how to get maven" on the Microsoft website. The installer's first screen says clearly that this is "microsoft's build of Apache maven" and our marks are ack on the first screen. Is that ok? On Wed 19 Aug 2015 at 10:03, Stephen Connolly < stephen.alan.conno...@gmail.com> wrote: > Perhaps, the maven pmc could decree: if you are making a convenience > installer of maven for an OS where the maven pmc does not create a > convenience installer, you may use "maven" as the packaging name provided > the description clarifies it is a custom build and provides an ack of our > marks. Also the version number is different if patches have been applied. > > Would that be an acceptable defence of our mark? > > On Wed 19 Aug 2015 at 09:46, Stephen Connolly < > stephen.alan.conno...@gmail.com> wrote: > >> On Wed, 19 Aug 2015 at 02:47 Niclas Hedhman wrote: >> >>> On Wed, Aug 19, 2015 at 3:40 AM, Stephen Connolly < >>> stephen.alan.conno...@gmail.com> wrote: >>> >>> > >>> > Yes that was my analysis of the question: If I decide to produce an >>> > unofficial binary release of Maven without the approval of the rest of >>> the >>> > PMC, I may not call it Maven. If I did call it Maven then the >>> remainder of >>> > the PMC would be responsible for sending me a C&D. >>> > >>> >>> Well, if "Debian" can publish their built Apache Maven as "maven" and >>> "Steve&Nick" can't publish their built Apache Maven as "maven", then the >>> inescapable question is; On what non-arbitrary grounds is one acceptable >>> and the other is not? It can't be "we like Debian, but not Steve&Nick", >>> that is morally weak. >>> >> >> Well I actually have concerns about the "maven" that debian is >> publishing. There are some quite significant - in my view - deviations from >> our Maven. >> >> For me, the majority of the concerns could be addressed if they fix the >> *Description* to clarify that it is a modified distribution of Apache Maven >> *and* they add an ACK to the trademarks in the description of the package. >> >> The open question remains, is the *Package Name* a name that could be >> viewed as use of the trademark? >> >> Do the end users - i.e. developers - expect that `apt-get install maven` >> is installing Apache Maven? If they are junior developers my experience >> suggest they may think so... >> >> So if `apt-get install maven` causes confusion with our brand, we may >> have to ask Debian what they suggest they could do to remove the confusion. >> >> There are simple solutions, e.g. change the package name to mvn; stop >> making such large sweeping changes to our product; etc >> >> But I am still awaiting guidance from brand on whether a technical name >> usage - e.g. installer package name - is a use of the mark. >> >> This gets even more confusing with some of their packaged maven plugins, >> which for interop need to use maven: >> http://pkgs.org/debian-sid/debian-main-i386/libmaven-compiler-plugin-java_3.2-4_all.deb.html >> (more >> obvious with Fedora: >> http://pkgs.org/fedora-23/fedora-i386/maven-compiler-plugin-3.3-2.fc23.noarch.rpm.html) >> Thankfully in these cases I believe the source code is not patched, but it >> is binaries rebuilt from source not pulled down from Maven Central... which >> can cause issues for users. >> >> Fun Fun Fun >> >> >>> >>> >>> Niclas >>> >>
Re: apache binary distributions
We could define a hierarchy of right to use the mark: pmc has ultimate right, if the pmc are not producing a packaging for that system then the developers of the packaging system have the right to define who can use the mark in relation to their packaging system only. The aim here would be to make our software available easily in different packaging systems. The pmc may want to take ownership of popular packaging systems, so we'd need to be able to trump others On Wed 19 Aug 2015 at 10:27, Stephen Connolly < stephen.alan.conno...@gmail.com> wrote: > I might add also that our integration tests should pass for patched > releases (if you want to call the package "maven") > > Let's take this straw man out for a walk: > > Microsoft produce a maven.msi and it is available for download on a page > called "how to get maven" on the Microsoft website. The installer's first > screen says clearly that this is "microsoft's build of Apache maven" and > our marks are ack on the first screen. > > Is that ok? > On Wed 19 Aug 2015 at 10:03, Stephen Connolly < > stephen.alan.conno...@gmail.com> wrote: > >> Perhaps, the maven pmc could decree: if you are making a convenience >> installer of maven for an OS where the maven pmc does not create a >> convenience installer, you may use "maven" as the packaging name provided >> the description clarifies it is a custom build and provides an ack of our >> marks. Also the version number is different if patches have been applied. >> >> Would that be an acceptable defence of our mark? >> >> On Wed 19 Aug 2015 at 09:46, Stephen Connolly < >> stephen.alan.conno...@gmail.com> wrote: >> >>> On Wed, 19 Aug 2015 at 02:47 Niclas Hedhman wrote: >>> On Wed, Aug 19, 2015 at 3:40 AM, Stephen Connolly < stephen.alan.conno...@gmail.com> wrote: > > Yes that was my analysis of the question: If I decide to produce an > unofficial binary release of Maven without the approval of the rest of the > PMC, I may not call it Maven. If I did call it Maven then the remainder of > the PMC would be responsible for sending me a C&D. > Well, if "Debian" can publish their built Apache Maven as "maven" and "Steve&Nick" can't publish their built Apache Maven as "maven", then the inescapable question is; On what non-arbitrary grounds is one acceptable and the other is not? It can't be "we like Debian, but not Steve&Nick", that is morally weak. >>> >>> Well I actually have concerns about the "maven" that debian is >>> publishing. There are some quite significant - in my view - deviations from >>> our Maven. >>> >>> For me, the majority of the concerns could be addressed if they fix the >>> *Description* to clarify that it is a modified distribution of Apache Maven >>> *and* they add an ACK to the trademarks in the description of the package. >>> >>> The open question remains, is the *Package Name* a name that could be >>> viewed as use of the trademark? >>> >>> Do the end users - i.e. developers - expect that `apt-get install maven` >>> is installing Apache Maven? If they are junior developers my experience >>> suggest they may think so... >>> >>> So if `apt-get install maven` causes confusion with our brand, we may >>> have to ask Debian what they suggest they could do to remove the confusion. >>> >>> There are simple solutions, e.g. change the package name to mvn; stop >>> making such large sweeping changes to our product; etc >>> >>> But I am still awaiting guidance from brand on whether a technical name >>> usage - e.g. installer package name - is a use of the mark. >>> >>> This gets even more confusing with some of their packaged maven plugins, >>> which for interop need to use maven: >>> http://pkgs.org/debian-sid/debian-main-i386/libmaven-compiler-plugin-java_3.2-4_all.deb.html >>> (more >>> obvious with Fedora: >>> http://pkgs.org/fedora-23/fedora-i386/maven-compiler-plugin-3.3-2.fc23.noarch.rpm.html) >>> Thankfully in these cases I believe the source code is not patched, but it >>> is binaries rebuilt from source not pulled down from Maven Central... which >>> can cause issues for users. >>> >>> Fun Fun Fun >>> >>> Niclas >>>
Re: apache binary distributions
Am 18.08.2015 18:46, schrieb Marvin Humphrey: On Tue, Aug 18, 2015 at 2:02 AM, Kalle Korhonen So what if a project (members) does not vote but unofficially releases binary executable packages, perhaps along with source to some other location than /dist/? Clearly, it's not an official release by Apache policy but there the bits are in the wild anyway. At Apache, software that is published beyond the group that develops it must be assembled, vetted and voted in accordance with Release Policy and distributed in accordance with Release Distribution Policy. http://www.apache.org/dev/release http://www.apache.org/dev/release-distribution does this extend to convenience binaries and binaries not produced by the project itself?... let's say for example a windows installer Apache is deliberately decentralized in that technical decisions are officially delegated to a PMC, but projects are still obligated to follow Foundation policy with regards to project governance, IP diligence, etc. A primary function of the Incubator is to prepare projects to self-govern in accordance with Apache policy and traditions. And a project could choose to just "tolerate" this such binaries, right? [...] bye blackdrag -- Jochen "blackdrag" Theodorou blog: http://blackdragsview.blogspot.com/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: apache binary distributions
On Wed, Aug 19, 2015 at 10:46 AM, Stephen Connolly wrote: > ...Well I actually have concerns about the "maven" that debian is publishing. > There are some quite significant - in my view - deviations from our Maven. > > For me, the majority of the concerns could be addressed if they fix the > *Description* to clarify that it is a modified distribution of Apache Maven > *and* they add an ACK to the trademarks in the description of the package... I agree that this would be a reasonable request. OTOH I'm not sure about requesting a package name change, if I'm getting "maven" from a Debian package library it's reasonable to expect that that package has been built and assembled by Debian, as it's their core business. But that would be a question for our trademarks folks. -Bertrand - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: apache binary distributions
There is a reason that these distributions are not called hadoop in the product name. There is no cloudera hadoop. Nor MapR hadoop. It is a fine line to acknowledge provenance and give proper credit but not claim to be identical. On the other hand, hive and pig and zookeeper in the distributions are typically just repackaged apache releases. I say generally, since there are exceptions in products competitive to MapR's (I work for MapR) which I am not fully knowledgable about. Sent from my iPhone > On Aug 19, 2015, at 1:42, Niclas Hedhman wrote: > > That said, I think/suspect that if "Cloudera Hadoop" or "Hortonworks > Hadopo" is published in this manner (official releases with minor changes > to fit their bigger picture), there might be quite a lot of noise... Just > asking... I have no strong opinion in either way, other than I would like > to see consistency. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: apache binary distributions
Sent from my iPhone On Aug 19, 2015, at 1:46, Stephen Connolly wrote: > > Well I actually have concerns about the "maven" that debian is publishing. > There are some quite significant - in my view - deviations from our Maven Can you be specific? Should you perhaps take this up with the maven pmc? Who should then contact Debian with concrete suggestions? - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
RE: apache binary distributions
A side matter that has not been raised here. One reason for protecting a mark is to avoid losing it. I have worked at two corporations that were necessarily aggressive in protecting the use of their marks: Univac in various incarnations and Xerox Corporation. While Google might be happy to see the verbing of its mark, other trademark holders worry about the inappropriate use of their mark by others. This is related to the confusion issue but it is about the mark *becoming* generic and no longer protected. The famous case of this is apparently "aspirin." I suspect the makers of Kleenex tissues have similar concerns but can't do much about what the general public does. There are some hyper-active approaches that we know of, especially if your surname is McDonald, but nevertheless there are two reasons for careful use of a mark and requiring others to use it carefully: protecting the distinctiveness and protecting against confusion. I have no information on recent cases and how the US Patent and Trademark folk rule on these things nowadays. I suspect the guidelines that go with protecting an ASF-held mark to this degree is over the line on the fussiness side. At the OSCON Apache Software Foundation booth, I repeatedly heard that "I use Apache" or "I love Apache" and it is easy to confirm that they mean the Apache HTTPD software (or whatever the fussy designation would be). I don't see any guidance on how Apache project participants should employ the marks in their writing and speaking. The matter of harmful confusion, as gone into at length on this thread, is of course a judgment call as it would be if a claim of confusion were put before a judge [;<), and it is all grey in the wide middle. I think an useful case here would be whether users of "Joe's Maven" found that the Apache Maven project would not accept their incident reports and there no other recourse, users being led to believe that the Apache Maven project is responsible for the code that they are using. If that is a pattern, that seems like a good trigger for having a heart-to-heart with the producer of "Joe's Maven" about clearing up the confusion. - Dennis -Original Message- From: Bertrand Delacretaz [mailto:bdelacre...@apache.org] Sent: Wednesday, August 19, 2015 06:27 To: Incubator General Subject: Re: apache binary distributions On Wed, Aug 19, 2015 at 10:46 AM, Stephen Connolly wrote: > ...Well I actually have concerns about the "maven" that debian is publishing. > There are some quite significant - in my view - deviations from our Maven. > > For me, the majority of the concerns could be addressed if they fix the > *Description* to clarify that it is a modified distribution of Apache Maven > *and* they add an ACK to the trademarks in the description of the package... I agree that this would be a reasonable request. OTOH I'm not sure about requesting a package name change, if I'm getting "maven" from a Debian package library it's reasonable to expect that that package has been built and assembled by Debian, as it's their core business. But that would be a question for our trademarks folks. -Bertrand - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Incubator wiki write access
Please grant me write access to the incubator wiki. My username is GourSaha. I am an Apache Slider committer. -Gour
Re: Incubator wiki write access
On Wed, Aug 19, 2015 at 9:19 AM, Gour Saha wrote: > Please grant me write access to the incubator wiki. > > My username is GourSaha. > > I am an Apache Slider committer. Done. Marvin Humphrey - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Incubator wiki write access
Thank you Marvin. -Gour On 8/19/15, 9:20 AM, "Marvin Humphrey" wrote: >On Wed, Aug 19, 2015 at 9:19 AM, Gour Saha wrote: >> Please grant me write access to the incubator wiki. >> >> My username is GourSaha. >> >> I am an Apache Slider committer. > >Done. > >Marvin Humphrey > >- >To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >For additional commands, e-mail: general-h...@incubator.apache.org > > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: apache binary distributions
On Wed, Aug 19, 2015 at 4:39 AM, Stephen Connolly < stephen.alan.conno...@gmail.com> wrote: > We could define a hierarchy of right to use the mark: pmc has ultimate > right, if the pmc are not producing a packaging for that system then the > developers of the packaging system have the right to define who can use the > mark in relation to their packaging system only. > FWIW, the Foundation (board level) has the legal final authority, they delegate this to the VP Trademarks, who shares that delegation with the individual PMCs to adapt to each of their own unique circumstances. At no time do we state that others creating a binary from our released tarball/source is infringing our mark, if the result of what they built is limited to ASF sources - not extended or patched in a 'significant way'. PMC's must determine what is significant in this context... if someone patched httpd for 128 bit int sizes, that PMC would probably shrug (and work out the right patch upstream.) Any PMC distributing sources for a .jar are likely to flip out over modifying the public API's, and rightfully so. And we've noted here, many ASF project builds allow various things to be toggled-in/toggled-out. Clear labeling is a good way to avoid a PMC objecting to the use of the mark. There are some special things here we do have absolute control over. If a project wants to provide the 'official' build, why not start signing the .jar? Because only the ASF committers sign code "as the ASF" under the authority of the PMC, there is no concern about that .jar being a third-party component. Users could still build that .jar, because we give them the sources, on purpose, to deliberately do that. With few exceptions, downstream is very easy to work with when the PMC addresses their concerns clearly and politely. > The aim here would be to make our software available easily in different > packaging systems. The pmc may want to take ownership of popular packaging > systems, so we'd need to be able to trump others Keep in mind, every package distributor has their own policy for who gets naming priority. It can be helpful to point out that the ASF owns the mark, and should generally have priority, but the politics of the thing is that individual contributors to each package distributor have to earn their karma, just as we require here at the ASF. A signed vs. and unsigned build may also carry weight in those discussions.
[RESULT] [VOTE] Apache Tamaya Release 0.1-incubating
Dear Incubator I summarize the vote for releasing of Apache Tamaya version ' 0.1-incubating': +1 John D. Ament +1 Romain ;ammi-Bucau +1 Justin Mclean So we have three +1 and no -1 votes, so the vote PASSED successfully. We will continue with our work for releasing, thanks everybody. J Anatole
