geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: SUN PROPRIETARY/CONFIDENTIAL code in myfaces
Date Sat, 04 Aug 2007 21:05:24 GMT

On Aug 4, 2007, at 12:50 PM, Sam Ruby wrote:

> On 8/4/07, David Jencks <> wrote:
>> As I see it there are two kinds of questions I'm asking:
>> 1. Are the 6 questionable jars (4 I already mentioned plus a servlet
>> spec jar with some retyped sun xsds and dtds) OK to release?
>> Obviously the geronimo PMC thought so but this conversation has
>> thrown that into doubt as far as I am concerned.  Is there some
>> information you (or anyone else) would like in order to give an
>> opinion?  I tried to explain the process used to generate these jars
>> and the thinking behind the process already.  Note that none of these
>> jars start from the cddl licensed sun schemas, they all start from or
>> relate to the pre-cddl schemas.  I don't see these questions as being
>> hypothetical, and I hope 6 jars isn't a dump truck.  The servlet spec
>> jar under vote is at
>> servlet_2.5_spec-1.1.tar.gz.  The vote passed but AFAICT it has not
>> yet been called or the artifact actually released.
> Legally, yes.
> Now onto the next question.  Have you documented this in a way that
> users of Geronimo codebase are aware of the composition of the
> package?  Given the answer below, I'll presume no; so let's move onto
> the next problem.  After we are done we can come back to this one.

Note that the jars under discussion all relate to the pre-cddl  
licensed xsds, so I don't think  the hypothetical questions following  
(2) are relevant to these particular jars.
The jars containing source and compiled xmlbeans generated jars  
include the standard ASL1 license and notice files.  To the best of  
our knowledge they dont contain any text such as comments from the  
sun schemas (we recently discovered that the binary files generated  
by xmlbeans by default contain the comments from the source and took  
steps to configure xmlbeans to leave them out).  I guess we could  
include a comment explaining how we got them, but if the asl2  
licensing is really correct I don't exactly see why that would be  
The servlet spec jar contains the standard apache license and notice  
files and the hand-typed schemas start out similar to this:

<?xml version="1.0" encoding="UTF-8"?>

     Licensed to the Apache Software Foundation (ASF) under one or more
     contributor license agreements.  See the NOTICE file distributed  
     this work for additional information regarding copyright ownership.
     The ASF licenses this file to You under the Apache License,  
Version 2.0
     (the "License"); you may not use this file except in compliance  
     the License.  You may obtain a copy of the License at

     Unless required by applicable law or agreed to in writing, software
     distributed under the License is distributed on an "AS IS" BASIS,
     See the License for the specific language governing permissions and
     limitations under the License.

<xsd:schema xmlns=""  
     attributeFormDefault="unqualified" version="2.5">

         **  This is the Web Application 2.5 XSD with only the  
required elements to support an implementation.
         **  Please see 
app_2_5.xsd for a fully documented and latest
         **  XSD.

If these files are legally OK, I can't see why we would need any  
other notice.  If they are not legally OK, then we need to change  
them and figure out what kind of notice is appropriate.  Our position  
has been that the stripped down xsds are required to implement a  
compliant javaee product, which we have a license to do, so the sun  
legalese must be talking about the text bits that aren't needed and  
we left out.

That's the state of the non-cddl-questions about the current  
stuff ... onto the hypothetical future.

>> 2. Hypothetically, starting from the cddl licensed schemas, what can
>> we generate from them, what can we include in apache svn and
>> releases, and what license is any of this under?  The geronimo pmc
>> has previously thought that generated source was under asl.  Craig is
>> claiming that generated source is cddl, however as I tried to explain
>> this point of view seems to me to lead to the entire server being
>> required to be cddl.  In other words I think either Craig is wrong or
>> apache can't develop any javaee products.  In addition I think
>> Craig's argument applied to the pre-cddl xsds would entirely prevent
>> apache releasing any j2ee or javaee products whatsoever.
> So, the entire server is generated from these XSDs?  Sweet!  Must be
> one kick ass generator.  :-)
> Let's assume for the moment that Craig is correct (I believe that
> section 3.5(*) of the license contradicts this interpretation).  Even
> assuming that, how do you the leap from generated artifacts being CDDL
> to entire server?

The only way I can make sense of Craig's argument is that the CDDL  
applies to the information content of the schemas, not any particular  
representation of that information content.  As such any compliant  
implementation has to include that information content throughout a  
large part of its core functionality, so most of the source files are  
going to need to be cddl licensed since they are going to contains  
bits of that information content.  If anyone thinks this isn't what  
Craig's argument means, please explain how to draw the line between  
cddl and non-cddl in the 5 examples I presented earlier.
>> Following onto 2, sometimes there are mistakes in the sun schemas
>> that, well, prevent using them directly in completely compliant
>> implementations.  For instance the web-app-2.5.xsd had a incorrect
>> regular expression for http-method.  Assuming we eventually do use
>> the cddl licensed schemas, and these are in publicly accessible
>> apache svn, can we fix these errors?
> Legally, as long as you comply with the CDDL license (in particular,
> note sections 3.1 and 3.3(*)), yes.
> Now as to ASF policy; in general ASF SVN repositories are for the
> development of code under the Apache License.  I don't believe a few
> files that are clearly marked would substantially change the fact that
> the Geronimo SVN meets that criteria.  If you do proceed to do this,
> mention it in the next regularly scheduled board report and move on.
I think the latest sun web-app schema has actually fixed this mistake  
so we will burn this bridge when we come to it in the future.

I'm a bit confused though about the inclusion of cddl xsds in apache  
svn since IIUC you have indicated xsds are definitely "source  
code" (I completely agree) and the draft 3rd party licensing page  
says cddl source can't be in apache releases.  It doesn't say whether  
a few files can be in svn or not AFAICT but that certainly looks like  
it would prohibit shipping an asf jar with any cddl xsds in it.

david jencks
> - Sam Ruby
> (*)
> ---------------------------------------------------------------------
> DISCLAIMER: Discussions on this list are informational and educational
> only.  Statements made on this list are not privileged, do not
> constitute legal advice, and do not necessarily reflect the opinions
> and policies of the ASF.  See <> for
> official ASF policies and documents.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message