cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <>
Subject Re: [ANN] XMLForm as a standalone servlet toolkit
Date Fri, 28 Mar 2003 09:44:18 GMT
Gianugo Rabellino wrote:
> Stefano Mazzocchi wrote:
>> I have looked at the code you distribute and you are in clear 
>> violation of the ASF license and the ASF guidelines for these reasons:
> OK, I don't want to delve into whether Ivelin's move is right or not 
> from a community POV (but yes, I do share Steven and Torsten's 
> concerns). This email sounds a bit too much like a threat to me, while I 
> tend to assume that Ivelin was and is in good faith and unwilling to 
> hurt anyone.

when I wear my PMC chair hat (and it's going to be a rare event), I am 
an officer of the foundation, trying to protect the interests of the 

If the Ivelin's code is exploited, or infringes a patent, or is sued by 
someone and the foundation didn't have proper oversight, the foundation 
can get in trouble and *I*, as the PMC chair, I'm going to feel ashamed 
for having let this happening.

I'm *NOT* stating that Ivelin is doing this on purpose, hell no, but I'm 
pretty sure that he didn't understand the legal implications of his move 
and he needs to act quickly about it: either compliying with the ASF 
license or with the ASF code development policies.

> Anyway, since you are making a point on legal stuff, with my lawyer hat 
> on, I'm afraid that either I misunderstood at all the Apache license or 
> you're just wrong when you say:
>> 2) you are distributing ASF-copyrighted code from outside the ASF 
>> infrastructure.
> I don't see what is the problem here: do you mean that I can't 
> distribute Cocoon, or HTTPD, or Tomcat on my very own FTP server? Why 
> that? Since when? The Apache license looks pretty clear to me when it 
> comes to freedom to redistribute stuff and indeed I don't see why and 
> how this can be seen as a violation. And if that's a violation, well... 
> I guess that there are plenty of Internet resources that are

right, let me restate:

- you are distributing *MODIFIED* ASF-copyrighted code from outside the 
ASF infrastructure, and this in violation of the ASF practices and 
considered bad from an ethical point of view. It also removes legal PMC 
oversight and makes the ASF vulnerable to legal attacks.

> As per package names, well... I guess it's questionable: I'm not sure 
> that articles 4 and 5 cover even package names: actually one might say 
> that *taking away* "org.apache" from the package name is a licence 
> violation since it's a way to hide where the software comes from. OTOH, 
> keeping those names might be confusing so I don't really know where to 
> stand. For sure it's not polite and savy, but I'm not dead sure that 
> it's illegal (meaning defendable in court).

You are right, there is nothing in the license that covers java package 
names explicitly. As a matter of fact, though, the java package 
namespaces are used to identify resources uniquely. And if you are 
abusing this namespace without the legal rights to the names, you are 
potentially hurting the owner. This scheme comes from the URI space and 
this space is legally *owned* by the foundation.

I'm pretty sure that if I identified my namespaces with something like 
"", I would get their lawyers knocking 
on my doors even if, I'm sure, there is no license I signed or 
clicked-thru that prevented me from doing it.


View raw message