On 08.01.2011, at 18:15, Tom Boutell wrote: > I am reading about the Symfony 2 validation component, which describes > itself as being based on the JSR 303 specification for validation in > Java. > > I am concerned about the license terms for the JSR 303 specification, > which can be found here:
Short version: You can run, but if you live in a country that allows software patents, you cannot hide. Long version: We had this discussion on the cmf list because the same issue applies there, though for JCR there is some indication that the spec is also licensed under the Apache license. Of course there are two aspects to not having a license: 1) copyright 2) patent 1) Copyright is basically literally copying the code. Assume that since we are implementing this in a totally different language that we are fairly safe from this. Though IANAL I expect that even if a few method names match, there is nothing to worry about here. 2) I do not know of JSR 303 is patent encumbered or not. I did not see anything from a quick search. Now in the world of software patents there is nothing that would make us safe really beyond having a patent pool to be able to counter sue. There would also be the option of using a CLA so that patents claims could always be "deflected" to the poor soul who contributed the code, while we rewrite the code to no longer violate the patent. Aside from this all the code we write each day could violate some patent, since I assume none of us spend all day checking patents. So following a spec doesn't necessarily make us much more likely to violate a patent. Though of course acknowledging that we were implementing the given spec might make us easier to find and it would become easier to proof how "evil" we are. Now the the main point of this "draconian" license from my understanding is to prevent that implementations of the spec claim that they are compliant when in reality they are not. It isnt necessarily meant to prevent implementations in other languages. At any rate I send off an email to the spec lead, just like I am in contact with the JCR spec lead. regards, Lukas Kahwe Smith [email protected] -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
