On 18/05/2010 20:45, Ron Wheeler wrote:
On 18/05/2010 2:52 PM, Bruno Harbulot wrote:
But how is a repository to know
1) Who is allowed to upload?
2) What, if any, license scheme the person uses. I can make up my own
license and I don't think that copyright or any law depends on a copy of
the license being included.
3) Does the committer have all the contributor licenses for the stuff
that they uploading that they did not write personally.
Sure, that can be tricky. I'm not suggesting there will be a perfect
solution. Cases where there's foul play will always be a problem.
It's for cases where everyone's trying to play fairly that I think the
default mechanism should make things go more smoothly.
I reckon that Maven's success is based on the fact that it's a model for
distributing software (that's at least a key element of the mechanism)
and that most of the software is open-source and falls broadly into
Apache, GPL, LGPL, MIT, BSD licences. Considering that all these have in
common some terms regarding the distribution of the software
("redistribution", "conveying", "distributing", I'm not a lawyer, but
the ideas seems fairly clear), it just seems surprising that having a
mechanism that enables all parties involved (in particular software
publishers and repositories) to respect those licences seems to have
come as an after-thought.
On 18/05/2010 19:52, Bruno Harbulot wrote:
On 18/05/2010 18:33, Ron Wheeler wrote:
1) If people are distributing their own software in violation of their
own licensing, it is their problem.
2) If people are distributing other people's software in violation of
the licencing, they should stop.
Hard to see how this is a Maven problem or how Maven could fix it. Case
#1 is clearly the prerogative of the owner of the software.
True.
Actually, I think I got that bit wrong, sorry. If the copyright holder
of some software publishes it without a licence or copyright notice,
they can. However, I don't think this grants any right to whoever gets
it, maybe using it, but almost definitely not redistributing it.
On 18/05/2010 20:33, Justin Edelson wrote:
Clarification of the documentation and/or mechanisms on how to
> redistribute the licences properly with the software is what I'm
> suggesting. In terms of core Maven mechanism, that could consist of an
> improvement with respect to the convention over configuration principle
> that Maven follows.
I agree that the documentation can be improved with respect to this. You
can certainly submit some documentation patches on this point. I'm not
sure what "core" changes would be involved. There's probably some
possible enforcer plugin, but ultimately it's not Maven's job to
interpret the semantics of a license - that's something developers need
to be responsible for.
That's exactly the point: saying it's someone else's problem is just
denial of the problem. A publisher's omission to include a licence
doesn't grant whoever gets hold of that software a licence to
redistribute unconditionally.
The problem with most OSS licences (as I was saying above), is that a
developer's mistake ends up putting the burden on the distributors.
Since the Maven system overall relies on the tool, the repository and
owners (or people allowed to distribute) to publish their software, this
is a problem that has to be considered as a whole, I think.
I'm not arguing for perfection, just convenience in what I think are the
common cases. Assuming that developers might be a little bit lazy
sometimes and that most OSS software do have a least a requirement of
quoting their licence with their copies, if a developer/publisher
follows the default layout (that is, LICENSE.txt next pom.xml according
to the documentation), this licence should end up automatically in
what's going to be fetched by the tool when a user puts it as a
dependency in their own software, unlike what happens at the moment.
(I guess including some licence text could easily apply to
closed/proprietary software too.)
I think that would be a more sensible default behaviour for the whole
workflow, and that's what makes it a problem for the "core" Maven.
Best wishes,
Bruno.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org