Re: Dual-licensed logo PNG (CC-BY 3.0, LGPL 3.0)?

[Niclas Hedhman]

Hi,

I would recommend that we only license that under CC-SA, but you might want
to point out that the media files are also available under LGPL3. The
downstream user can re-apply (or swap with) the LGPL3 if they want to, as
those media files are unmodified and we lay no additional claims.


Cheers
Niclas

On Fri, Aug 26, 2016 at 9:41 PM, Stian Soiland-Reyes 
wrote:

> Hi,
>
> Our GSOC student wants to include a PNG for a CWL logo (for
> representing CWL services within Apache Taverna), but the original
> logo is dual-licensed:
>
> From https://github.com/common-workflow-language/logo/blob/
> master/LICENSE.md
>
> > The Common Workflow Language Logos are (C) Copyright 2016 the Common
> Workflow Language Project and are released under the terms of the GNU
> Lesser General Public License, version 3 or any later version, or, at your
> option, of the Creative Commons Attribution-ShareAlike 3.0 Unported License.
>
>
> https://www.apache.org/legal/resolved#cc-sa says:
>
> > Unmodified media under the Creative Commons Attribution-Share Alike 2.5
> and Creative Commons Attribution-Share Alike 3.0 licenses may be included
> in Apache products, subject to the licenses attribution clauses which may
> require LICENSE/NOTICE/README changes. For any other type of CC-SA licensed
> work, please contact the Legal PMC.
>
>
> So I guess our best option is to use it under CC-SA 3.0 - but as LGPL
> 3.0 in this case is not effectively incompatible with ASF license
> either direction (it's easy to replace a PNG file in a JAR) - I don't
> see a reason why we have to remove that dual-license choice for
> downstream users?
>
> That is - my question is - are we fine in NOT specifying which of the
> two licenses we choose to distribute the PNG under?
>
> (This would allow for instance a GPL 3.0 downstream project to embed
> our code AND the logo without re-sourcing it from upstream)
>
>
>
> Here's our student's proposed modifications to append to our project's
> LICENSE:
>
> https://github.com/apache/incubator-taverna-common-
> activities/pull/21/files
>
>
> I assume we don't need to also modify our NOTICE file?  Am I correct
> in this understanding? Or should we do something more, e.g.
> cwl-logo-header.txt file next to the PNG or adding to the README?
>
>
>
> BTW - I have raised an issue upstream about the attribution as "Common
> Workflow Language Project" does not seem to be a legal copyright
> holder:
>
> https://github.com/common-workflow-language/logo/issues/2
>
> ..I guess for now we should respect their current (C) statement.
>
>
> Any feedback?
>
>
> --
> Stian Soiland-Reyes
> Apache Taverna (incubating), Apache Commons
> http://orcid.org/-0001-9842-9718
>
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>
>


-- 
Niclas Hedhman, Software Developer
http://zest.apache.org - New Energy for Java

Re: [VOTE] Apache Pirk 0.1.0-incubating Release

[Suneel Marthi]

+1 binding

1. License, Disclaimer, Notice look good
2. Compiled source and all tests pass
3. Verified MD5 , SHA1 sigs of artifacts
4. RAT checks pass

On Fri, Aug 26, 2016 at 8:02 PM, Justin Mclean 
wrote:

> Hi,
>
> +1 binding
>
> I checked:
> - name included incubating
> - signature and hashes good
> - DISCLAIMER exists
> - LICENSE and NOTICE good
> - No unexpected binary files in release
> - Can compile from source
>
> I noticed you’ve dropped “apache” from the release artefact names, IMO
> it’s good to keep it for branding reasons.
>
> In the export section of the README I’m little confused. The text mentions
> the JCA  (and there’s a couple of java.security classes imported in the
> code) and has a link to the oracle website [1] but fails to mention the
> bundled cryptographic code [2] or include a link to the relevant Apache
> page. Also out of interest where did [2] original come from?
>
> Thanks,
> Justin
>
> 1. http://www.oracle.com/us/products/export/eccn-matrix-345817.html
> 2. ./src/main/java/org/apache/pirk/encryption/Paillier.java
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>
>

Re: [VOTE] Apache Pirk 0.1.0-incubating Release

[Justin Mclean]

Hi,

> In terms of the README mentioning bundled cryptogrphic code, it says that
> "Apache Pirk implements cryptographic software..." -- the Paillier class is
> one such implementation. 

I don’t think anything is required just that it could be made a bit clearer.

Thanks,
Justin
-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: [VOTE] Apache Pirk 0.1.0-incubating Release

[Ellison Anne Williams]

Hi Justin,

The Paillier implementation was part of the original software grant for
Apache Pirk from the National Security Agency.

In terms of the README mentioning bundled cryptogrphic code, it says that
"Apache Pirk implements cryptographic software..." -- the Paillier class is
one such implementation. Please let me know if we need to add some
additional clarifying language and we can do so on the next release.

We will change the artifact naming conventions back to apache-pirk.

Thanks!

Ellison Anne

On Fri, Aug 26, 2016 at 8:02 PM, Justin Mclean 
wrote:

> Hi,
>
> +1 binding
>
> I checked:
> - name included incubating
> - signature and hashes good
> - DISCLAIMER exists
> - LICENSE and NOTICE good
> - No unexpected binary files in release
> - Can compile from source
>
> I noticed you’ve dropped “apache” from the release artefact names, IMO
> it’s good to keep it for branding reasons.
>
> In the export section of the README I’m little confused. The text mentions
> the JCA  (and there’s a couple of java.security classes imported in the
> code) and has a link to the oracle website [1] but fails to mention the
> bundled cryptographic code [2] or include a link to the relevant Apache
> page. Also out of interest where did [2] original come from?
>
> Thanks,
> Justin
>
> 1. http://www.oracle.com/us/products/export/eccn-matrix-345817.html
> 2. ./src/main/java/org/apache/pirk/encryption/Paillier.java
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>
>

Re: [VOTE] Apache Pirk 0.1.0-incubating Release

[Justin Mclean]

Hi,

+1 binding

I checked:
- name included incubating
- signature and hashes good
- DISCLAIMER exists
- LICENSE and NOTICE good
- No unexpected binary files in release
- Can compile from source

I noticed you’ve dropped “apache” from the release artefact names, IMO it’s 
good to keep it for branding reasons.

In the export section of the README I’m little confused. The text mentions the 
JCA  (and there’s a couple of java.security classes imported in the code) and 
has a link to the oracle website [1] but fails to mention the bundled 
cryptographic code [2] or include a link to the relevant Apache page. Also out 
of interest where did [2] original come from?

Thanks,
Justin

1. http://www.oracle.com/us/products/export/eccn-matrix-345817.html
2. ./src/main/java/org/apache/pirk/encryption/Paillier.java
-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Dual-licensed logo PNG (CC-BY 3.0, LGPL 3.0)?

[Stian Soiland-Reyes]

Hi,

Our GSOC student wants to include a PNG for a CWL logo (for
representing CWL services within Apache Taverna), but the original
logo is dual-licensed:

>From https://github.com/common-workflow-language/logo/blob/master/LICENSE.md

> The Common Workflow Language Logos are (C) Copyright 2016 the Common Workflow 
> Language Project and are released under the terms of the GNU Lesser General 
> Public License, version 3 or any later version, or, at your option, of the 
> Creative Commons Attribution-ShareAlike 3.0 Unported License.


https://www.apache.org/legal/resolved#cc-sa says:

> Unmodified media under the Creative Commons Attribution-Share Alike 2.5 and 
> Creative Commons Attribution-Share Alike 3.0 licenses may be included in 
> Apache products, subject to the licenses attribution clauses which may 
> require LICENSE/NOTICE/README changes. For any other type of CC-SA licensed 
> work, please contact the Legal PMC.


So I guess our best option is to use it under CC-SA 3.0 - but as LGPL
3.0 in this case is not effectively incompatible with ASF license
either direction (it's easy to replace a PNG file in a JAR) - I don't
see a reason why we have to remove that dual-license choice for
downstream users?

That is - my question is - are we fine in NOT specifying which of the
two licenses we choose to distribute the PNG under?

(This would allow for instance a GPL 3.0 downstream project to embed
our code AND the logo without re-sourcing it from upstream)



Here's our student's proposed modifications to append to our project's LICENSE:

https://github.com/apache/incubator-taverna-common-activities/pull/21/files


I assume we don't need to also modify our NOTICE file?  Am I correct
in this understanding? Or should we do something more, e.g.
cwl-logo-header.txt file next to the PNG or adding to the README?



BTW - I have raised an issue upstream about the attribution as "Common
Workflow Language Project" does not seem to be a legal copyright
holder:

https://github.com/common-workflow-language/logo/issues/2

..I guess for now we should respect their current (C) statement.


Any feedback?


-- 
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons
http://orcid.org/-0001-9842-9718

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

[VOTE] Apache Pirk 0.1.0-incubating Release

[Ellison Anne Williams]

Hi All,

The PPMC vote for the Apache Pirk 0.1.0-incubating release has passed after
updating the cryptographic export information; it is a source-only release
(no binary artifacts). We kindly request that the IPMC now vote on the
release.

The PPMC vote thread is located here:
*https://lists.apache.org/thread.html/8eed650dfe1acdd56a4b29ed5973add87883703fbebd1ba28150422f@%3Cdev.pirk.apache.org%3E
*

The artifacts can be downloaded here https://dist.apache.org/
repos/dist/dev/incubator/pirk/release/0.1.0/

The artifacts have been signed with key 1FD8849B found in the KEYS file:
https://dist.apache.org/repos/dist/dev/incubator/pirk/KEYS

All JIRAs completed for this release are tagged with 'FixVersion = 0.1.0'.
You can view the release notes here: https://issues.apache.or
g/jira/secure/ReleaseNote.jspa?projectId=12320320&version=12338109

Please vote accordingly:

[ ] +1, accept as the official Apache Pirk 0.1.0-incubating release
[ ] -1, do not accept as the official Apache Pirk 0.1.0-incubating release
 because...

The vote will run for at least 72 hours.

Thanks!

Ellison Anne

Resulr, was: [VOTE] OpenAZ retirement

[Emmanuel Lécharny]

Ok, I think it's time to close this vote. Wev' got 7 +1 for the retirement :

Bertrand,
Colm,
John,
Mark,
Roman,
Ted,
and me.

I'll move forward from this point.

Thanks !


-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org