Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
On Sat, Nov 12, 2005 at 04:26:35PM +0100, Mark Wielaard wrote: > On Wed, 2005-11-09 at 05:38 -0800, Leo Simons wrote: > > I keep getting lost in the licensing discussions. I *think* the below > > accurately > > represents where we are right now. > > Thanks for writing this down. I'll try to clarify some things below. Actually, in most cases what you said is just raising more questions for me. > There is one nitpick with the whole setup though. It really reads as if > harmony is just an ordinary Apache project. You really should stop whistling that theme. There is nothing ordinary about Apache projects and there is no shame in being one. I have no idea what kind of *action* should be taken to "reach out more" or "be open". Please stop saying "be more open" without explaining how. If you keep pointing at the ASF as an example of how things should not work and then want to differentiate from that, that's going to become a problem. The attitude needs to be that the ASF is an example of how things could work and that we work as part of the ASF to change the bits that need some changing. > Presenting harmony as just an Apache project doesn't do justice to it. Please. *Stop saying that*. If harmony becomes half as successful as Apache HTTPD or integrates with half as much external codebases as Apache Cocoon or runs on half as many platforms as Apache STDCXX then we'd be doing real well and we'd still be "just an Apache project". Apache projects are all about open collaboration and producing cool software and lots of people working together and working with other open source projects and all of that. Apache projects use hundreds of open source projects that are not developed at apache (even non-open source ones every now and then), and hundreds of open source projects that are not developed at apache use stuff which is developed at apache. We're going to do just that. Analogy. The GNU Classpath community is an important integration point for all the JVM developers that integrate with classpath. GNU Classpath works closely with other projects within the GNU ecosystem (like GCJ) and outside it (like, Jikes or, hehe, Harmony). Despite its very high open source coolness it is still "just" a GNU project. I hope Classpath is proud to carry the "GNU" prefix. It'd be kind of weird to say it should try to become anything "more" than that. "Just as cool" as, I dunno, GCC, or GNU Emacs, should be plenty. > > Q: under what license is the harmony code? > > > s/seperately/separately/g > And add: "We do ask that all contributions are also available under > terms that allow integration into larger works distributed under other > Free Software licenses such as the (L)GPL to make sure the contribution > can be shared by the whole community". Well, we're not asking that right now because we're not sure what it means or what the consequences would be. Someone needs to look into all the nitty gritty legal details surrounding this stuff and what kind of process there should be etc etc. Not me, I prefer to be purely reactive when it comes to legal stuff. Easier. Besides I don't understand it. > > Q: does or will harmony depend on code licensed under the LGPL? > > > > A: Maybe. The ASF is working on a specific policy for allowing ASF projects > > to > >have optional dependencies on binaries licensed under the LGPL. > > If there is a timetable for this effort then it would be good to mention > this. I understood it will be discussed during the next ApacheCon. Haven't heard about it for a while. Timetables and volunteers never go well together, I'm afraid! I know there almost was an ASF board resolution on it a while ago. I think its still on the agenda every meeting. > > Q: does or will harmony code depend on GNU Classpath? > > > > A: Maybe. Once the ASF and FSF legal teams settle the LGPL stuff described > >above, hopefully more attention will turn to answering whether we can / > > want > >to depend on Classpath (from the legal perspective). (GNU Classpath is > >licensed under the GPL but has a special exception: > > > > http://www.gnu.org/software/classpath/license.html > > > >) which may or may not turn out to be acceptable. Even if the exception > > is > >not suitable in its current form the ASF will try to work with the FSF > > and > >the GNU Classpath developers to figure out some kind of workable > > arrangement. > > Right, I think it is good to emphasize that part. Also again it would be > good to have a timetable associated with this. I know the ASF board has > been asked to review and give specific feedback on this, but I haven't > heard anything on the progress. Huh? The ASF board tends to delegate legal stuff to legal people. I suspect the ball is either at the FSF or with legal-discuss@ or with Cliff. In any case, I doubt there's a timetable. > > Q: does or will harmony code depend on "external component X"? > > > > A: Quite often! For example, we're certain
Re: [legal] Proposed changes for the Bulk Contributor Questionnaire
Leo Simons wrote: Rant below. Decided not to tone it down. On Mon, Nov 14, 2005 at 12:11:57AM -0500, Geir Magnusson Jr. wrote: Comments welcome. I like everything but the references to "Black Duck Software". I took a look at their website and their licensing policies and everything about it "feels" wrong. I don't like basing a big part of our processes on some commercial black box "service-like" offering. Taking another look around the web for similar companies, they seem to be about "open source risk management" where the risk is to avoid "contaminating" propietary stuff with "open source" stuff. I resent the idea of "open source" being "contaminating" or anything like that (GPL is viral, but most other stuff is not). There's this entire category of companies who capitalize on FUD. I can imagine SCO having stock options on some of 'em. I think we should avoid the ASF being seen as being part of any of that. --- Leading Open Source Foundation Does Not Trust Its Own Processes The ASF has recently started using the same tools that intellectual property sharks use when figuring out whom to send cease and desist letters. When asked for comments, the ASF said: "We finally gave up trying to understand why people are so scared of open source, so now we're just using some incomprehensible piece of commercial software which makes us feel secure. We think its pretty silly, but if we already have run the tools, at least companies like SCO can't really use them as grounds for suing us since we'll look pretty clean when they run the tool." Darl McBride said: "We think the ASF is making a very smart decision by employing code scanning techniques. Its the only way to be safe from prosecution. Of course, most other open source organisations don't employ code scanning techniques (since they do have a brain of their own) so we're just going to sue all of those." IP firm XXX said: "What Darl said. Don't use any of that scary open source stuff. Even the ASF understands that now. Won't be long before they turn into a commercial entity themselves!" --- Gr. Hmm. Didn't SCO run keyword scanners and the like? Didn't they find out that they'd actually taken code from open source codebases? Didn't much of the same happen at JBoss some time ago? I doubt there's a lot of keyword scanning tools or any kind of other automated technology that I wouldn't be able to circumvent with a few hours of work. Its just such a stupid idea. If I take source code from (say) the sun jdk, work on it for a few weeks to make it look completely different so no line of the original code remains, I still have a derivative work but no scanner is going to be able to detect that. Just like spam still manages to make it into my inbox. I can imagine how some people or companies would feel safe if we were to say "we scanned everything using this intellectual property risk management tool XXX" but we'd be legitimizing something silly and giving a false sense of security. Now, if these tools were open source and I'd be able to take a look at how they work I might put some trust in them. But fancy websites, lots of press releases, not a lot of technical details, anal usage restrictions and total lack of a "download" button just sets off a lot of alarm bells. With my infra@ hat on I'd probably be against running this kind of black box software under this kind of policy on ASF hardware. With something like jira, I at least know how it works (or doesn't work) and what technology is under the cover and can get at the source code if I want to. Leo++ -- Stefano.
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
Leo Simons wrote: Its kind-of hard to make sense of the whole legal+java+licensing+patents+open source picture. I think in the end it comes down to the US legal system just not making a lot of sense. I disagree. It makes perfect sense while you start to understand why these restrictions were created in the first place. The goals of the ASF, the FSF, Sun and the patent office are not always in synch. If they were, we wouldn't have to discuss. In the past, the *distance* between these entities was so big that even talking was a challenge. Years of convergence make the talking possible, yet actions are hard because they require changes in the ecosystem and these changes are slow and hard. Both the ASF and the FSF are slowly but surely thinking about changing their respective policies to increase the ability for people to exchange code and package things together. Yet, both have strong and loyal communities that need to be reassured that changes are not going to "pollute" their philosophical vision and their social ecosystem. This is no different than a "cold war" diplomacy battle: both sides think their way of thinking is superior, yet they respect the power and capacity of the other side and would like to be able to use it, but they are afraid of the non-linear effects of doing so in their social ecosystem. My gut feeling is that Harmony is going to make it clear that it is in the interests of both communities for the ASF and the FSF to find a way to collaborate. But making it clear and making it happen are two different things: how we are going to get there, though, it's a huge question mark in my head. -- Stefano.
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
Leo Simons wrote: Haven't heard about it for a while. Timetables and volunteers never go well together, I'm afraid! I know there almost was an ASF board resolution on it a while ago. I think its still on the agenda every meeting. No, it's not. We did start a vote but we found issues that were not properly addressed. Cliff is still working on those, but we do hope to expect closure at the next board meeting. That said, you never know, especially at face2face meetings so don't hold your breath. -- Stefano.
GNU Classpath hacker room at FOSDEM 2006
Hi all, Like the last couple of years we want to come together with all the projects around GNU Classpath and the various free runtimes, compiler and tool projects to discuss what has happened in the last year in the Free Software community and what the next year will bring us during FOSDEM. The 6th edition of FOSDEM (Free and Opensource Software Developers' European Meeting) will take place on February 25+26 2006 in Brussels (Belgium), at the Solbosch Campus of the ULB (Free University of Brussels). FOSDEM is a free and non-commercial event for the community and organized by the community. See http://www.fosdem.org/ We were thinking of the following setup: - Saturday from 13:00 to 17:30 - "End-User talks" presentations to promote what we all build together to a wider audience that might have heard of what we do, but haven't actually seen it in action/put together. We might also want to have a "lightning" hour with lots of quick Demos of applications running on a completely free stack (5 - 10 minutes per demo). - Sunday from 09:00 to 12:30 - "Developer talks" presentations of things that are in progress and that people want to explain in more depth to get developers of the other projects to join in a share the fun. - Sunday from 13:00 to 17:30 - "The Future" hard core interactive technical hacker discussions on how to integrate the projects more and move forward in the next year. Arnaud Vandyck, Dalibor Topic, Mark Wielaard, Michael Koch and and Tom Tromey will be our "program committee" this year. If you would like to present something, have an idea for a demo or discussion topic please let us know at fosdem-at-developer.classpath.org Please mention the title, a little abstract, which track and whether you want to do a quick demo, a short 30 min talk or full hour talk (we prefer 30 minute talks to give everybody a chance to present something). Deadline for proposals is December 18, so you have a month to think of something cool. Then we make sure to have some kind of "formal program" at the start of January. Examples of presentations and reports from previous years: http://www.gnu.org/software/classpath/events/escape_fosdem05.html http://www.gnu.org/software/classpath/events/fosdem04.html Some ideas for interesting topics: - Free Swing - The Demo! - Your GNU/Linux distro and the free runtimes - package overview. - From 0 to 100 in 15 Minutes: Getting started with GNU Classpath development using Eclipse, JamVM, Mauve, and the ChangeLog plugin! - Integrating with Objectweb through native-(gcj)-JOnAS - Writing OpenOffice.org plugins using a free software stack. - Using GNU Classpath/gcj/kaffe for games - Using free runtimes on Wine and other win32 environments - Embedding GNU Classpath in web browsers and support for JNLP - Security Auditing! - 1.5 language support in GNU Classpath, gcjx and the free runtimes - GNU Classpath/OSGi/J2ME/Library splitting and trimming - Harmony through interfacing. - Beyond JAPI: what is needed to "really finish" GNU Classpath Or, "Beyond Java" -- what we can do when we finish 1.5. Or more generally some kind of presentation about development metrics: bug rates, rates of change in japi/lines of code/tests, email volume, stuff like that. - Debugging, JDWP development efforts. - etc. Hope to see you in Brussels on February 25 and 26 2006, Arnaud, Dalibor, Mark, Michael and Tom -- Escape the Java Trap with GNU Classpath! http://www.gnu.org/philosophy/java-trap.html Join the community at http://planet.classpath.org/ signature.asc Description: This is a digitally signed message part
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
Hi Leo, On Mon, 2005-11-14 at 02:35 -0800, Leo Simons wrote: > > There is one nitpick with the whole setup though. It really reads as if > > harmony is just an ordinary Apache project. > > You really should stop whistling that theme. There is nothing ordinary > about Apache projects and there is no shame in being one. I have no idea > what kind of *action* should be taken to "reach out more" or "be open". > Please stop saying "be more open" without explaining how. You are right. My expectations of Harmony seem to have been much too high. Ever since we started talking a year ago I wanted this cooperation to work out so much. And my last few emails to the list show my frustration that it hasn't worked out as I had hoped. Without giving clear guidelines as to what has to change. The truth is that I don't know how to make it happen. It has happened with gcj/kaffe/jamvm/ikvm/mono/classpath/cacao/etc in the past. There was a time these projects didn't really work together. They even were afraid of each other. Over the years this changed however. And now you will find a kaffe hacker promoting ikvm, or a gcj hacker showing how to deploy jamvm with eclipse, etc. And we all work together on the core class libraries (instead of having three competing projects!). How and why this worked out so nicely I cannot really explain. Maybe it just needs more time and trust. One thing that has helped us in the past is meering face-to-face and sharing our enthousiasm. It seems FOSDEM always brings us closer together. So I hope some of the hackers will show up and we can make a harmony miracle happen in Brussels. Cheers, Mark -- Escape the Java Trap with GNU Classpath! http://www.gnu.org/philosophy/java-trap.html Join the community at http://planet.classpath.org/ signature.asc Description: This is a digitally signed message part
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
Stefano Mazzocchi wrote: > Leo Simons wrote: > >> Its kind-of hard to make sense of the whole >> legal+java+licensing+patents+open source >> picture. I think in the end it comes down to the US legal system just >> not making a >> lot of sense. > [snip] > Both the ASF and the FSF are slowly but surely thinking about changing > their respective policies to increase the ability for people to exchange > code and package things together. > > Yet, both have strong and loyal communities that need to be reassured > that changes are not going to "pollute" their philosophical vision and > their social ecosystem. > > This is no different than a "cold war" diplomacy battle: both sides > think their way of thinking is superior, yet they respect the power and > capacity of the other side and would like to be able to use it, but they > are afraid of the non-linear effects of doing so in their social ecosystem. > > My gut feeling is that Harmony is going to make it clear that it is in > the interests of both communities for the ASF and the FSF to find a way > to collaborate. > > But making it clear and making it happen are two different things: how > we are going to get there, though, it's a huge question mark in my head. > Are the licenses in question so restrictive that that they would prevent someone from writing a script which would download all the required packages and assemble them correctly on the installer's computer? For example, if some entity were to determine that component ABC v1.2.3 in combination with component XYZ v 3.2.1 would combine to satisfy some useful functionality, then is there any legal reason for them to distribute a script which downloads the parts and puts them together? The script could request that the user agree to each license as well. If we restrict ABC and XYZ to be licensed under some sort of "free license," is there any legal reason preventing someone from doing this? I'm not suggesting this is what harmony should do, but more trying to get at the core of the issue. Cheers, Neil
Re: [legal] Proposed changes for the Bulk Contributor Questionnaire
Rant below. Decided not to tone it down. On Mon, Nov 14, 2005 at 12:11:57AM -0500, Geir Magnusson Jr. wrote: > Comments welcome. I like everything but the references to "Black Duck Software". I took a look at their website and their licensing policies and everything about it "feels" wrong. I don't like basing a big part of our processes on some commercial black box "service-like" offering. Taking another look around the web for similar companies, they seem to be about "open source risk management" where the risk is to avoid "contaminating" propietary stuff with "open source" stuff. I resent the idea of "open source" being "contaminating" or anything like that (GPL is viral, but most other stuff is not). There's this entire category of companies who capitalize on FUD. I can imagine SCO having stock options on some of 'em. I think we should avoid the ASF being seen as being part of any of that. --- Leading Open Source Foundation Does Not Trust Its Own Processes The ASF has recently started using the same tools that intellectual property sharks use when figuring out whom to send cease and desist letters. When asked for comments, the ASF said: "We finally gave up trying to understand why people are so scared of open source, so now we're just using some incomprehensible piece of commercial software which makes us feel secure. We think its pretty silly, but if we already have run the tools, at least companies like SCO can't really use them as grounds for suing us since we'll look pretty clean when they run the tool." Darl McBride said: "We think the ASF is making a very smart decision by employing code scanning techniques. Its the only way to be safe from prosecution. Of course, most other open source organisations don't employ code scanning techniques (since they do have a brain of their own) so we're just going to sue all of those." IP firm XXX said: "What Darl said. Don't use any of that scary open source stuff. Even the ASF understands that now. Won't be long before they turn into a commercial entity themselves!" --- Gr. Hmm. Didn't SCO run keyword scanners and the like? Didn't they find out that they'd actually taken code from open source codebases? Didn't much of the same happen at JBoss some time ago? I doubt there's a lot of keyword scanning tools or any kind of other automated technology that I wouldn't be able to circumvent with a few hours of work. Its just such a stupid idea. If I take source code from (say) the sun jdk, work on it for a few weeks to make it look completely different so no line of the original code remains, I still have a derivative work but no scanner is going to be able to detect that. Just like spam still manages to make it into my inbox. I can imagine how some people or companies would feel safe if we were to say "we scanned everything using this intellectual property risk management tool XXX" but we'd be legitimizing something silly and giving a false sense of security. Now, if these tools were open source and I'd be able to take a look at how they work I might put some trust in them. But fancy websites, lots of press releases, not a lot of technical details, anal usage restrictions and total lack of a "download" button just sets off a lot of alarm bells. With my infra@ hat on I'd probably be against running this kind of black box software under this kind of policy on ASF hardware. With something like jira, I at least know how it works (or doesn't work) and what technology is under the cover and can get at the source code if I want to. - LSD
Re: [legal] Proposed changes for the Bulk Contributor Questionnaire
On Nov 14, 2005, at 4:51 AM, Leo Simons wrote: Rant below. Decided not to tone it down. That's our Leo :) On Mon, Nov 14, 2005 at 12:11:57AM -0500, Geir Magnusson Jr. wrote: Comments welcome. I like everything but the references to "Black Duck Software". I took a look at their website and their licensing policies and everything about it "feels" wrong. I don't like basing a big part of our processes on some commercial black box "service-like" offering. Clearly this is something we'll want to talk about. The key is to give people an indication that we're serious about this and will be using tools to help us along. Taking another look around the web for similar companies, they seem to be about "open source risk management" where the risk is to avoid "contaminating" propietary stuff with "open source" stuff. I resent the idea of "open source" being "contaminating" or anything like that (GPL is viral, but most other stuff is not). There's this entire category of companies who capitalize on FUD. I can imagine SCO having stock options on some of 'em. Well, I have a different view, but that's because I spent some time with them trying to understand. I think what they originally set out to do is to provide risk management by letting you know what's happening in your codebases wrt license mingling. If a developer mistakenly brings GPL-ed software into your product codebase and you distribute it, you have a big problem, right? None of that is intrinsically evil or a comment on OSS - developers don't understand the nuances of OSS licensing, and this is bound to happen. They also do it for proprietary codebases that they have access to (Sun's Java code for example) and you can load in your own. Now, I'm not defending BD in any way here. I was really interested in how we could use their technology to help us respect the rights of other IP holders, as well as ensure that what we accept and create is ok. Another thing - they are really interested in working with OSS communities. I have a note to go to infra@ about this which I'll post later today if I can get the time. I think we should avoid the ASF being seen as being part of any of that. --- Leading Open Source Foundation Does Not Trust Its Own Processes The ASF has recently started using the same tools that intellectual property sharks use when figuring out whom to send cease and desist letters. LOL When asked for comments, the ASF said: "We finally gave up trying to understand why people are so scared of open source, so now we're just using some incomprehensible piece of commercial software which makes us feel secure. We think its pretty silly, but if we already have run the tools, at least companies like SCO can't really use them as grounds for suing us since we'll look pretty clean when they run the tool." Darl McBride said: "We think the ASF is making a very smart decision by employing code scanning techniques. Its the only way to be safe from prosecution. Of course, most other open source organisations don't employ code scanning techniques (since they do have a brain of their own) so we're just going to sue all of those." IP firm XXX said: "What Darl said. Don't use any of that scary open source stuff. Even the ASF understands that now. Won't be long before they turn into a commercial entity themselves!" --- Gr. Hmm. Didn't SCO run keyword scanners and the like? Didn't they find out that they'd actually taken code from open source codebases? Didn't much of the same happen at JBoss some time ago? There have been many times when keyword scanners have informed us of code that had accidentally snuck into our codebase. There's nothing intrinsically wrong with using tooling to find code that shouldn't be there. The point of mentioning a keyword scanner (e.g. grep -R ) is to get people to look at the code, and do some basic due diligence. I doubt there's a lot of keyword scanning tools or any kind of other automated technology that I wouldn't be able to circumvent with a few hours of work. Its just such a stupid idea. If I take source code from (say) the sun jdk, work on it for a few weeks to make it look completely different so no line of the original code remains, I still have a derivative work but no scanner is going to be able to detect that. Just like spam still manages to make it into my inbox. Right. We are *never* secure from the efforts of a bad actor. Ever. People can lie on their ICLA, their CCLA, the software grant. They can change the copyright, license and munge the code around a bit. We're not trying to stop that - we're trying to stop accidents, and create a very clean developer base. So they keyword scanner is for people to use on their code before contribution, to make them look at the list and ensure that what they find doesn't surprise them. I ran a keyword scanner on the IBM contribution and
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
IANAL. On Sun, Nov 13, 2005 at 10:44:58PM -0800, Neil Macneale wrote: > I am not clear what it is about the GPL which does not allow someone to > package it up and distribute it for use with non-GPL code. The GPL does not allow restrictions on that non-GPL code which are not in the GPL. For example if some non-GPL code says "You can only link with this package if the name of all your sourcefiles includes the word 'wombat'" then that's a restriction not in the GPL so you cannot create that package and distribute it. Obviously the apache license doesn't say anything about wombats (unfortunately, there is so much to say!). The issue there is much more subtle, and is documented at the links I provided. > It seems that > there are plenty of parts of the J2SE puzzle already available, > regardless of their licenses. What is stopping anyone from putting them > all together with their respective licenses and source files, and adding > some polish and saying, "Here is a compliant java runtime! Enjoy."??? Besides the above, "java" is a trademark and to be able to use it in a phrase such as "compliant java" you need to get a license to use it. And that license you can get from Sun only if you do jump through lots of hoops, like pass the TCK. > It seems that this sort of approach would be the best way to get lots of > people, and other projects, involved. > > I'm lawyer-phobic, so anyone who can explain the problem with this in > plain English, please do. In one sentence: The licenses us lawyer-phobic people use to protect us from all those lawyers and their silly ideas are so restrictive that the approach you describe might be disallowed by those same licenses. By analogy: We (the ASF) have put up so many thick walls to build our legal fortress that its kinda hard to just go and work with the neighbours (the FSF). The analogy works in reverse too (it seems the walls the FSF has designed are considerably higher). Its kind-of hard to make sense of the whole legal+java+licensing+patents+open source picture. I think in the end it comes down to the US legal system just not making a lot of sense. - LSD
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
IANAL. On Mon, Nov 14, 2005 at 09:34:17AM -0800, Neil Macneale wrote: > Are the licenses in question so restrictive that that they would prevent > someone from writing a script which would download all the required > packages and assemble them correctly on the installer's computer? For > example, if some entity were to determine that component ABC v1.2.3 in > combination with component XYZ v 3.2.1 would combine to satisfy some > useful functionality, then is there any legal reason for them to > distribute a script which downloads the parts and puts them together? > The script could request that the user agree to each license as well. > > If we restrict ABC and XYZ to be licensed under some sort of "free > license," is there any legal reason preventing someone from doing this? > I'm not suggesting this is what harmony should do, but more trying to > get at the core of the issue. No, such an installer script is I believe perfectly okay. Its what every linux distribution out there does to some extent. I think setups like that can, do and should exist (for example Fedora Core ships gcj, classpath, ant, tomcat, etc, and they all work together properly). AIUI you can't call it java though. Writing that script at apache might also be violating apache's policies and philosophy. The core of this is that the GPL is "distribution oriented", which means you can do lots of stuff as long as you don't redistribute. I think. Leo
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
Leo Simons wrote: > On Mon, Nov 14, 2005 at 09:34:17AM -0800, Neil Macneale wrote: > >>Are the licenses in question so restrictive that that they would prevent >>someone from writing a script which would download all the required >>packages and assemble them correctly on the installer's computer? For >>example, if some entity were to determine that component ABC v1.2.3 in >>combination with component XYZ v 3.2.1 would combine to satisfy some >>useful functionality, then is there any legal reason for them to >>distribute a script which downloads the parts and puts them together? >>The script could request that the user agree to each license as well. >> >>If we restrict ABC and XYZ to be licensed under some sort of "free >>license," is there any legal reason preventing someone from doing this? >>I'm not suggesting this is what harmony should do, but more trying to >>get at the core of the issue. > > > No, such an installer script is I believe perfectly okay. Its what every > linux distribution out there does to some extent. I think setups like that > can, do and should exist (for example Fedora Core ships gcj, classpath, > ant, tomcat, etc, and they all work together properly). > > AIUI you can't call it java though. sweet. Call it: jahva. :-) Neil
Re: [legal] Proposed changes for the Bulk Contributor Questionnaire
On Mon, Nov 14, 2005 at 09:57:48AM -0500, Stefano Mazzocchi wrote: > Leo Simons wrote: > >Rant below. Decided not to tone it down. > > > >On Mon, Nov 14, 2005 at 12:11:57AM -0500, Geir Magnusson Jr. wrote: > >>Comments welcome. > > > >I like everything but the references to "Black Duck Software". I took > >a look at their website and their licensing policies and everything > >about it "feels" wrong. I don't like basing a big part of our processes > >on some commercial black box "service-like" offering. > > > >Taking another look around the web for similar companies, they seem to > >be about "open source risk management" where the risk is to avoid > >"contaminating" propietary stuff with "open source" stuff. I resent the > >idea of "open source" being "contaminating" or anything like that (GPL > >is viral, but most other stuff is not). There's this entire category of > >companies who capitalize on FUD. I can imagine SCO having stock options > >on some of 'em. > > > >I think we should avoid the ASF being seen as being part of any of that. > > > >--- > >Leading Open Source Foundation Does Not Trust Its Own Processes > > > >The ASF has recently started using the same tools that intellectual > >property sharks use when figuring out whom to send cease and desist > >letters. > > > >When asked for comments, the ASF said: "We finally gave up trying to > >understand why people are so scared of open source, so now we're just > >using some incomprehensible piece of commercial software which makes us > >feel secure. We think its pretty silly, but if we already have run the > >tools, at least companies like SCO can't really use them as grounds for > >suing us since we'll look pretty clean when they run the tool." > > > >Darl McBride said: "We think the ASF is making a very smart decision > >by employing code scanning techniques. Its the only way to be safe from > >prosecution. Of course, most other open source organisations don't > >employ code scanning techniques (since they do have a brain of their > >own) so we're just going to sue all of those." > > > >IP firm XXX said: "What Darl said. Don't use any of that scary open > >source stuff. Even the ASF understands that now. Won't be long before > >they turn into a commercial entity themselves!" > >--- > > > >Gr. > > > >Hmm. Didn't SCO run keyword scanners and the like? Didn't they find out > >that they'd actually taken code from open source codebases? Didn't much > >of the same happen at JBoss some time ago? > > > >I doubt there's a lot of keyword scanning tools or any kind of other > >automated technology that I wouldn't be able to circumvent with a few > >hours of work. Its just such a stupid idea. If I take source code from > >(say) the sun jdk, work on it for a few weeks to make it look completely > >different so no line of the original code remains, I still have a > >derivative work but no scanner is going to be able to detect that. Just > >like spam still manages to make it into my inbox. > > > >I can imagine how some people or companies would feel safe if we were > >to say "we scanned everything using this intellectual property risk > >management tool XXX" but we'd be legitimizing something silly and giving a > >false sense of security. > > > >Now, if these tools were open source and I'd be able to take a look at > >how they work I might put some trust in them. But fancy websites, lots > >of press releases, not a lot of technical details, anal usage > >restrictions and total lack of a "download" button just sets off a lot > >of alarm bells. > > > >With my infra@ hat on I'd probably be against running this kind of > >black box software under this kind of policy on ASF hardware. With > >something like jira, I at least know how it works (or doesn't work) and > >what > >technology is under the cover and can get at the source code if I want to. > > Leo++ +1 from me, too. sounds like an excellent way to shoot oneself to slashdot with headlines like "Apache foundation rejects code from IBM, claims it was stolen from FSF!". Political suicide, should it ever happen, as it'd force the ASF to play arbiter in disputes that don't exist. cheers, dalibor topic > > -- > Stefano. >
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
Mark Wielaard wrote: > It seems FOSDEM always brings us closer > together. Shouldn't that read "beer", not "FOSDEM"? -- David N. Welton - http://www.dedasys.com/davidw/ Linux, Open Source Consulting - http://www.dedasys.com/
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
On Mon, Nov 14, 2005 at 09:54:42PM +0100, David N. Welton wrote: > Mark Wielaard wrote: > > > It seems FOSDEM always brings us closer > > together. > > Shouldn't that read "beer", not "FOSDEM"? +1. One nice thing about FOSDEM is that it offers belgian beer in a friendly, belgian environment. cheers, dalibor topic > > -- > David N. Welton > - http://www.dedasys.com/davidw/ > > Linux, Open Source Consulting > - http://www.dedasys.com/
Re: [legal] Proposed changes for the Bulk Contributor Questionnaire
On Nov 14, 2005, at 9:57 AM, Stefano Mazzocchi wrote: Leo Simons wrote: Rant below. Decided not to tone it down. On Mon, Nov 14, 2005 at 12:11:57AM -0500, Geir Magnusson Jr. wrote: Comments welcome. I like everything but the references to "Black Duck Software". I took a look at their website and their licensing policies and everything about it "feels" wrong. I don't like basing a big part of our processes on some commercial black box "service-like" offering. Taking another look around the web for similar companies, they seem to be about "open source risk management" where the risk is to avoid "contaminating" propietary stuff with "open source" stuff. I resent the idea of "open source" being "contaminating" or anything like that (GPL is viral, but most other stuff is not). There's this entire category of companies who capitalize on FUD. I can imagine SCO having stock options on some of 'em. I think we should avoid the ASF being seen as being part of any of that. --- Leading Open Source Foundation Does Not Trust Its Own Processes The ASF has recently started using the same tools that intellectual property sharks use when figuring out whom to send cease and desist letters. When asked for comments, the ASF said: "We finally gave up trying to understand why people are so scared of open source, so now we're just using some incomprehensible piece of commercial software which makes us feel secure. We think its pretty silly, but if we already have run the tools, at least companies like SCO can't really use them as grounds for suing us since we'll look pretty clean when they run the tool." Darl McBride said: "We think the ASF is making a very smart decision by employing code scanning techniques. Its the only way to be safe from prosecution. Of course, most other open source organisations don't employ code scanning techniques (since they do have a brain of their own) so we're just going to sue all of those." IP firm XXX said: "What Darl said. Don't use any of that scary open source stuff. Even the ASF understands that now. Won't be long before they turn into a commercial entity themselves!" --- Gr. Hmm. Didn't SCO run keyword scanners and the like? Didn't they find out that they'd actually taken code from open source codebases? Didn't much of the same happen at JBoss some time ago? I doubt there's a lot of keyword scanning tools or any kind of other automated technology that I wouldn't be able to circumvent with a few hours of work. Its just such a stupid idea. If I take source code from (say) the sun jdk, work on it for a few weeks to make it look completely different so no line of the original code remains, I still have a derivative work but no scanner is going to be able to detect that. Just like spam still manages to make it into my inbox. I can imagine how some people or companies would feel safe if we were to say "we scanned everything using this intellectual property risk management tool XXX" but we'd be legitimizing something silly and giving a false sense of security. Now, if these tools were open source and I'd be able to take a look at how they work I might put some trust in them. But fancy websites, lots of press releases, not a lot of technical details, anal usage restrictions and total lack of a "download" button just sets off a lot of alarm bells. With my infra@ hat on I'd probably be against running this kind of black box software under this kind of policy on ASF hardware. With something like jira, I at least know how it works (or doesn't work) and what technology is under the cover and can get at the source code if I want to. Leo++ I'm sorry, but I don't understand the issue here. I'm proposing that a) We suggest to people that are about to contribute to us to do some careful inspection before they do that. The assumption here is that people are well-meaning but sometimes makes mistakes or are lazy, and we want them to think before the contribute. A keyword scanner (which is a glorified "grep") is a great way to find things that you weren't aware were there, such as who authors were (if there are author tags), what copyright claims are listed in the files, etc. There's nothing inherently evil about it. It doesn't matter what SCO or anyone else did with a keyword scanner - we're trying to have it used to protect ourselves and just as importantly, other copyright holders like Sun. b) We use a tool internally to check code for which the contributor can't provide our ASQ for each author. Ok, the tool isn't open source, but I don't know of any options, and we need something like this *now*. I'd love to see us create a toolsuite like this (because one of my goals is to work out a process that we can share with the rest of the ASF), but we don't have the luxury of time to do it. geir -- Geir Magnusson Jr +1-203-665-6437 [EMAIL PROTECTED]
Re: [legal] Proposed changes for the Bulk Contributor Questionnaire
On Nov 14, 2005, at 3:18 PM, Dalibor Topic wrote: On Mon, Nov 14, 2005 at 09:57:48AM -0500, Stefano Mazzocchi wrote: Leo Simons wrote: Rant below. Decided not to tone it down. Leo++ +1 from me, too. sounds like an excellent way to shoot oneself to slashdot with headlines like "Apache foundation rejects code from IBM, claims it was stolen from FSF!". Political suicide, should it ever happen, as it'd force the ASF to play arbiter in disputes that don't exist. I don't understand this. I'm suggesting we use a tool internally to help us *find* problems, both at contribution time as well as ongoing to ensure that inappropriate 3rd party code doesn't come in during the regular flow of activity. We'd then examine any issues raised, and make a judgement based on that. Suppose a contribution had code from the FSF. (IBMs doesn't. Period) Would you prefer that we don't find it until much later, like after a release? Or if we do find it, just accept it to avoid having to commit "political suicide" by pointing it out to the contributor? If we find code stolen from *any* copyright holder, we will definitely reject the code.Because there is a complete implementation under a non-opensource license that has been very, very widely distributed, it behooves us to take what steps we can to ensure that we don't accidentally incorporate it into our codebase. geir (I love it when I can use "behoove" in a sentence. Not as good as "festoon" or "huggermuggery", but close...) -- Geir Magnusson Jr +1-203-665-6437 [EMAIL PROTECTED]
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
On Nov 14, 2005, at 1:44 AM, Neil Macneale wrote: Mark Wielaard wrote: Hi Leo, On Wed, 2005-11-09 at 05:38 -0800, Leo Simons wrote: I keep getting lost in the licensing discussions. I *think* the below accurately represents where we are right now. Thanks for writing this down. I'll try to clarify some things below. There is one nitpick with the whole setup though. It really reads as if harmony is just an ordinary Apache project. While when we started it we want it to be something that is a much larger cooperative effort between various different individuals, organizations and projects with similar goals but completely different backgrounds. Presenting harmony as just an Apache project doesn't do justice to it. And I feel it will fail if we do that. There are a lot of people working on all the sister projects who we currently are not giving the feeling they are part of our harmony collaboration. This is not something specific to your email though. I often get the feeling that people on this list act as if Apache is the be all, end all for harmony and getting to a free software replacement for the proprietary non-free j2se implementations. And that does push away a lot of people who have been working on all this for years without any Apache involvement at all. I personally feel that way at times reading some of the discussions. Lets try to be a little more inclusive and get the support of those hundreds of people working already on the same goal, but who don't currently feel part of harmony. This may be some what off topic, but I'm going to ask anyway... I am not clear what it is about the GPL which does not allow someone to package it up and distribute it for use with non-GPL code. Well, it's not non-GPL code per se, but rather code under licenses that aren't compatible with the GPL. The problem is that many licenses are incompatible. You cannot combine code under the Apache License and code under the GPL and (according to the FSF) conform to the terms of the GPL. Because we believe in respecting license terms, we're stuck. geir -- Geir Magnusson Jr +1-203-665-6437 [EMAIL PROTECTED]
Re: GNU Classpath hacker room at FOSDEM 2006
I'll definitely be there - thanks for the note, Mark. Will you let us in the GNU Classpath hacker room though? :) geir On Nov 14, 2005, at 11:33 AM, Mark Wielaard wrote: Hi all, Like the last couple of years we want to come together with all the projects around GNU Classpath and the various free runtimes, compiler and tool projects to discuss what has happened in the last year in the Free Software community and what the next year will bring us during FOSDEM. The 6th edition of FOSDEM (Free and Opensource Software Developers' European Meeting) will take place on February 25+26 2006 in Brussels (Belgium), at the Solbosch Campus of the ULB (Free University of Brussels). FOSDEM is a free and non-commercial event for the community and organized by the community. See http://www.fosdem.org/ We were thinking of the following setup: - Saturday from 13:00 to 17:30 - "End-User talks" presentations to promote what we all build together to a wider audience that might have heard of what we do, but haven't actually seen it in action/put together. We might also want to have a "lightning" hour with lots of quick Demos of applications running on a completely free stack (5 - 10 minutes per demo). - Sunday from 09:00 to 12:30 - "Developer talks" presentations of things that are in progress and that people want to explain in more depth to get developers of the other projects to join in a share the fun. - Sunday from 13:00 to 17:30 - "The Future" hard core interactive technical hacker discussions on how to integrate the projects more and move forward in the next year. Arnaud Vandyck, Dalibor Topic, Mark Wielaard, Michael Koch and and Tom Tromey will be our "program committee" this year. If you would like to present something, have an idea for a demo or discussion topic please let us know at fosdem-at-developer.classpath.org Please mention the title, a little abstract, which track and whether you want to do a quick demo, a short 30 min talk or full hour talk (we prefer 30 minute talks to give everybody a chance to present something). Deadline for proposals is December 18, so you have a month to think of something cool. Then we make sure to have some kind of "formal program" at the start of January. Examples of presentations and reports from previous years: http://www.gnu.org/software/classpath/events/escape_fosdem05.html http://www.gnu.org/software/classpath/events/fosdem04.html Some ideas for interesting topics: - Free Swing - The Demo! - Your GNU/Linux distro and the free runtimes - package overview. - From 0 to 100 in 15 Minutes: Getting started with GNU Classpath development using Eclipse, JamVM, Mauve, and the ChangeLog plugin! - Integrating with Objectweb through native-(gcj)-JOnAS - Writing OpenOffice.org plugins using a free software stack. - Using GNU Classpath/gcj/kaffe for games - Using free runtimes on Wine and other win32 environments - Embedding GNU Classpath in web browsers and support for JNLP - Security Auditing! - 1.5 language support in GNU Classpath, gcjx and the free runtimes - GNU Classpath/OSGi/J2ME/Library splitting and trimming - Harmony through interfacing. - Beyond JAPI: what is needed to "really finish" GNU Classpath Or, "Beyond Java" -- what we can do when we finish 1.5. Or more generally some kind of presentation about development metrics: bug rates, rates of change in japi/lines of code/tests, email volume, stuff like that. - Debugging, JDWP development efforts. - etc. Hope to see you in Brussels on February 25 and 26 2006, Arnaud, Dalibor, Mark, Michael and Tom -- Escape the Java Trap with GNU Classpath! http://www.gnu.org/philosophy/java-trap.html Join the community at http://planet.classpath.org/ -- Geir Magnusson Jr +1-203-665-6437 [EMAIL PROTECTED]
Re: The Unofficial "Harmony, Licensing, the Universe and everything" FAQ
On Nov 14, 2005, at 12:04 PM, Mark Wielaard wrote: Maybe it just needs more time and trust. Yes. Patience. We're just getting started. geir -- Geir Magnusson Jr +1-203-665-6437 [EMAIL PROTECTED]
Re: [arch] Interpreter vs. JIT for Harmony VM
From: Steve Shih-wei Liao <[EMAIL PROTECTED]> > - Re-entrant JIT: Many JITs are not re-entrant. When running, for instance, > MTRT in SPECJVM, because multiple threads are running, multiple JITTing may > happen concurrently if there is no locking. The Execution Manager can put > locks before each JITTing in order to ensure that no multiple JITTing is > going on concurrently. Do you know an actual JIT compiling the same method simultaneously? HotSpot VM has a thread dedicated to JIT compilation and the compiling thread receive a compilation request from a queue. A JIT I have developed took another way in which a thread executing an application compiles the application. The JIT allows multiple threads to do JIT compilation simultaneously but a method is not compiled multiple times because of appropriate locks assined to each stage of JIT compilation. There are choices on the relationship between threads and JIT compilation: - Separated threads dedicated to JIT compilation. - Number of locks by JIT gets fewer? - Compilation takes much time in case that there are many active application threads. It leads to further starvation. Note that HotSpot VM has -Xbatch option to lighten this problem. - Exploits more processors remaining? - Application threads which also perform JIT compilation. - Exploits multiple processors for JIT compilation naturally. Kazuyuki Shudo[EMAIL PROTECTED] http://www.shudo.net/
