incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vic Cekvenich <cekvenich_...@baseBeans.com>
Subject RE: Geronimo Policy and effect on community
Date Sun, 16 Nov 2003 17:15:14 GMT
This is being sent to PMC@incubator, and cc-ed most ( I had to manually 
search for e-mails of each, so I gave up after a while) of the officers- 
because it discusses policy, and cc-ed the incubator list so there is a 
record of it. Before this, I posted a few messages on Jakarta-General, 
same place where Geronimo was discussed, before it's move to Incubator. 
It has been said that my postings were not clear, presumptive or did not 
make sense, and should be on incubator and other non-jakarta members.  I 
would like to be more effective in expressing my point, I feel an 
important OSS policy issue, and communicate my concerns about this 
"new?" direction/policy for ASF community, so let me build my point 
slowly and verbosely, in the spirit of "FREE as in FREE Speech", that is 
so special for open source projects.

Who am I? (*goto A)
What is my "agenda"? (*goto B)

Background:
In the past jBoss was viewed by "brothers" or family, by ASF, for 
example on the Jakarta General mail list 
(http://www.mail-archive.com/general@jakarta.apache.org/msg04361.html 
Here is a list of brothers of family IMO 
http://www.opensource.org/licenses/index.php on the left: BSD, Mozzila, 
GNU, etc.)
All appeared well as of June 16th meeting minutes ( 
http://apache.org/foundation/board/calendar.html )

Let me ask questions as opposed to statements, and then try to stage my 
arguments.

1. Recently, a project I am most enthused about, HiveMind (*goto C), had 
developers rightly inform the community that there may be IP 
ownership/work for hire issues.
I was the first one (10/27) to pick this up as an issue.
http://www.mail-archive.com/commons-dev@jakarta.apache.org/msg29088.html
which was then followed up by a few of the members. I suggested that it 
live on sf.net for the time being. Leaders of ASF have some "fiduciary" 
duty to members and the community to protect ASF brand and image, and do 
a low risk route!

Q: Does it not make sense to the PMC to wait a few weeks/months to 
resolve any potential IP issues with WebCT before it becomes an Apache 
IP, just to be on the safe side, for this and all other projects?

2. Just so we are using the right dictionary and are on the same page, 
lets define a certain word in a hypothetical made up scenario.
Lets say that that a commercially license product was refactored (it 
could be any, but lets say JSF) lets say the vendor did not file a 
patent on the design and that design was openly documented. Let's that 
there was some legal loophole that would allow for refactoring.
The process takes was to put the files in a modern IDE (it could be any, 
but lets say InteliJ) refactor the package names, refactor the method 
names, refactor the properties names (String), and then change the TLDs 
to map the new packages/names. (These powerful refactoring tools only 
become available quite recently; people that have been using Vi type 
editors would be surprised at the power and ease)
All the package names are renamed different, method names are different, 
string names are different (A reasonable coder could do this to a 
package of JSF size well within an hour work). The code would be 
similar, since there are only so many GoF and other design patters, and 
the JSF TcK and API are well documented so requirements are same in the 
original RI JSF and the legally refactored JSF.
These people did not take time to design and write it from scratch via 
independent means, but copied and changed some things, and I stated that 
this was legal in this example. For example, plagiarism as I understand 
it, is a verbatim copy, but it is not plagiarism to copy and then change 
a few things.

Q: Would PMC say that this is an example of being (legal, but) 
un-ethical, to refactor a design as I outlined here?

3. All ASF committers are required to sign an Agreement with ASF.
Q: Does ASF have a policy for people that misrepresent or violate the 
signed member agreement, for example if it turns out that developer did 
not own the IP committed?

4. Geronimo was proposed by ASF officers. And there is a policy of not 
having homogeneous developers on a ASF project AFAIK.
Here are CoreDevelopers.net principlas that are also developers Geronimo 
(according to the home page of CoreDevelopers.net):
Dain Sundstong, David Jencks, Greg Wilkins, James Strachan, Jeremy 
Boynes, Jules Golsnell, Renigio Chirino, Jason Dillon, (Jan Bartal) - 
Associate of CoreDeveloper.net). Total of 9.

Geronimo developers that are not principals of CoreDevelopers.net 
(according to
http://www.mail-archive.com/general@incubator.apache.org/msg00644.html ):
Bruce Snyder, David Blevins, Geir Magnusson, Simone Bordet, Richard 
Monson-Hegel, Jim Jagilski. Total of 6.

(According to some browsing of http://nagoya.apache.org/eyebrowse   of 
the CVS for the Geronimo, ALL commits in CVS are by CoreDevlopers.net 
LLC. This is not scientific, but I did look. I did find a few commits by 
  ammulder@apache.org, adc@apache.org who I do not know what group they 
belong in, but I state that over 95%(I had to put a number I guess) are 
clearly CoreDevelopers.net principlas. Everyone listed as a partner in 
the CoreDeveloper.net principals also works Geronimo)

Q: Would this be an example of non-homogenous, non-salaried developers?

5. There was much discussion to slow down Geronimo at the time, one 
example post by Ceki on August 6th (in news.Gmane.org of Jakarta General 
List) , (quote) :"
Given the legal uncertainties related to our J2EE project, allow me to 
suggest that the committers to this project be required to send a duly 
signed copy of the contributor agreement to our Secretary. This is 
nothing but standard ASF procedure and it could not do harm to follow 
our own procedures more carefully."

Q: Does it seem in hind sight to the PMC that Geronimo was rushed?

6. There was a phrase in to the archive of "Elba.sf.net"  (deleted 2 
days ago) quote:
"Think of Elba (jBoss code) as a latticework for Geronimo--and as a 
shield to buffer the Geronimo codebase and CVS repository from any LGPL 
code. As Geronimo is built, its code will replace the code from Elba" 
(end quote)"
The quote can be seen in googe and yahoo cache of same page, and other 
places.
So my reading comprehension says: They plan to take jBoss design and 
implementation, and refractor it.

*Qa: Is the policy of ASF leaders similar or different to above?*

Qb: Are the Geronimo sponsors surprised that jBoss has involved lawyers 
or was this expected?


7. Regarding :
http://theserverside.com/home/thread.jsp?thread_id=22337#101208
Above says:
"The version 1.1 and 1.2 do contain an interface with methods hinting to 
"the 3 maps design" Marc (F. of jBoss) is talking about. "

There are several other points discussed, that taken as a group describe 
pattern as to what happened.

Q: Does this statements taken as a group raise suspicion that CVS is 
indeed refactored/derived and influenced by jBoss designs/implementation?


8. Regarding this thread on "Exibit D", quote:
http://marc.theaimsgroup.com/?l=geronimo-dev&m=106875482022176&w=2
Above thread says, by members * elected ASF officers * and a the 
CoreDeveloper.net principals, quote:
"I'm not sure, but I think even having it in the (CVS) Attic is still 
not sufficient.
...
It also must be deleted from mail archives, if it was ever there."  (end 
quote)

Q: For the purpose of using appropriate dictionary, what is a proper 
legal word for trying to destroy material evidence, by ASF members?

Q: Is there policy/precedent/guideline by ASF for appropriate situation 
in "destroying" CVS track record?


<OT > In the past we did not have fingerprints, to be used for legal 
enforcement. Now we have invisible UV fingerprint, and even DNA. 
Sometimes, legally, people go back, after people that they did not have 
enough evidence in the past, because they found this invisible DNA. 
Faced with testifying  under oath, a single suspect testify as to what 
really happened (Prisoners Dilemma quandary goes like this: if we both 
testify that something happened or none, or one, or both). What does 
this have to do with Geronimo?
Sometimes, when I work with multiple international developers, we cut 
and paste code and xml amongst each other, and with different encoding, 
there are invisible ( but harmless ) characters stuck in the code, xml, 
docs. Sometime in the future, someone could build a "lexer" to create a 
image of a rhythm of  code that was copied by exposing these, it may be 
possible to compare and see if there is a match.  See how there is a 
space after OT?... that could be an invisible inadvertent character, 1 
in a 1,000 of invisible characters, a high degree of confidence by an 
expert witness, in simple tings like build.xml, properties, etc.  It 
changes the Prisoners Dilemma, someone might tell the truth, sooner or 
later.
</OT >

9. Q:  Do the ASF leaders have insurance in case of lawsuits?

(* I was on  BoD for MMA (Microcomputer Managers Association in NYC) in 
the 80's and we all had coverage, I just would like you guys to have it. 
These things have a way of exploding, who knows, maybe ASF BoD members 
becomes an expert witness in this case
http://news.com.com/2100-7344_3-5107419.html?tag=nefd_pop
)


10. There was a statement on Jakarta General ("there is no case law on 
"open" licensed designs") but I will ask it.
Q: Is there case law of anyone breaking a license?

Q: Should ASF be involved in breaking a license or copying a 
design/implementation  of a "brother" project?


So that brings us to a fork based on questions 6a.
Case I (Blue Pill)  or Case II (Red Pill) or Case III (Yellow Pill)

Case I. - ASF feels that members gave them within charter to "break" or 
"refactor" one license to another. (I would not mind seeing a vote count 
on it, unless PMC feels they do not need it) Mistakes were made in 
executing; ie: refactoring of code should have happened in a more legal 
way. ASF will use The CoreDeveloper.net principals to keep going in same 
direction, but will refactor the lines of code, as it is proved beyond 
reasonable doubt that it is verbatim jBoss code, from that point in 
time, each time. It's risky, but possible to do legally, if done 
carefully. In effect, ASF will be a legal shield The CoreDeveloper.net 
principals and provide a brand name for their product, in return for 
having a ASF J2EE/EJB product.

Case II. ASF feels that members do not want them to "break" or 
"refactor" license or designs, even if it could be done legally. A 
J2EE/EJB project could be done at ASF by looking at the J2EE/EJB API as 
requirements, on which a design is based; followed by implementation of 
that design. The CoreDeveloper.net principals misrepresented IP and 
suggested to remove evidence to ASF.

Case III. JBoss is misrepresenting.  ASF's CoreDeveloper.net principals 
did not plan, nor are did they refactor jBoss, and they used original 
IP, based on requirements, they did a ASF design and are now 
implementing it, their own J2EE/EJB design.

Depending on which policy is selected by ASF, it could have 
repercussions to the community and communities of our brother projects.
- I. We could see more patents (http://petition.eurolinux.org/index_html 
) that would protect designs, main goal is that refactoring legally is 
harder. A side affect is that even when programmers are not refactoring, 
but are just creating a design based on requirements, we now have to 
examine a list of patented designs, that I would have to license or not 
use. Also, we could also see more projects "close" source, because it 
exposes it to legally removing a license.  I think both these things 
(protect code, patent design) be prudent to consider now by architects 
and tech leads as the cat's out of the bag.
- II. I spend 30% of my time "selling" Apache open source technology to 
business, that it is a safe platform to be on. I think most of us know 
the objects PHB's give us (is it supported, what is the license, does it 
mean they own my license, etc.) If there is a precedent that Apache open 
source developers are capable or inclined to use a legal loophole, 
despite of a "work for hire" clause, and that they could/would refractor 
a design of a client's application, it would make it harder for ALL of 
us in the open source community to get gigs.  We, proponents of the open 
source community, would be viewed as not safe employees, nor would our 
"products" be viewed as safe (what if it gets overturned and now I have 
to pay license to some idiot like "SCO" after I already deployed to 
production?)
- III. What is the biggest problem with OSS? This IMO: "I will commit 
some really cool designs, when I have time". I wish that donated free 
time of all ASF members be not spent on legal manners. I think members 
voted in officers because they admire their code or "gifts" to the 
community, and not because they are great at legal issues.

<Legal vs Ethical community illustration >
OJ Simpson is a superstar sport hero, he had a great brand image, and 
had many sponsors and was widely admired. Then he was accused of doing 
awful and disgusting thing to a family member. As we now know he was 
falsely accused, we as exonerated in a authorized court of law, and 
found innocent of all accusations. The community however, had a 
perception that there was some evidence that he was hiding things as to 
what he did do to a family member. So legal community did one thing, but 
community at large did something else. Because of the community 
perception, he can no longer find sponsors and is now shunned, where he 
was admired before the accusations. Of course there are other 
illustrations that go the other way, people publicly accused, where 
there was no evidence, life just ain't fair, because people generalize.
</ Legal vs Ethical community illustration >

I feel that some in ASF leadership have lost touch with the community.
As proponent of open source, I feel that the ASF community wants ASF 
representatives to have a policy regarding copying/refactoring or 
breaking a license and a policy of appearances of doing so. The larger 
OSS community could be fractured, and I do not see this to be ASF charter.

<A proposed way out >
I fell that Geronimo should be amputeed for the sole reason so that it 
does not infect the reputation of the other ASF and even OSS projects.
- Geronimo should be parked like Hibernate was parked once there was 
appearance of problems with IP.
- A 2nd original IP J2EE/EJB project be incubated based on requirements 
and original design, with a smaller % of CoreDevelopers.net principals 
of active developers, and without any elba/ or licensed code of any kind.
- CoreDeveloper.net principals that appear to have mis-represented IP to 
ASF via a legal agreement, or appeared to be doing refactoring should be 
dealt with in some manner. ASF as owners of the committed code, could 
give the IP back to CoreDevelopers.net. The identified individuals that 
are not working with ASF are free to work on sf.net implementation, 
where ASF would not be the legal umbrella, and they can refactor, or do 
what they feel is right. If they develop a diverse community, they would 
become eligible for incubation as a 2nd J2EE/EJB project. (ASF has 
several competing frameworks now)
- ASF develop a public policy on "refactoring" by ASF members and projects
- ASF develop a public policy on deleting CVS archive.
- ASF Officers that supported deleting CVS archives be put to a vote of 
confidence. (members are allowed ,according to bylaws, to vote anytime 
with or without cause on removing a director). It is thought to deal 
with friend and family in this way, but it is in everyone's best 
interest. I personally would admire anyone who was named in the "delete 
CVS attic thread" decided to step down due for the greater good of 
community.
- ASF develop a public policy on what to do in case of member agreement 
misrepresentation. The code that was inappropriate not be destroyed, but 
be linked from this public policy, so we ASF can say: "Sometimes 
mistakes pre-mediated/or accidental happened, such as in this case, and 
this is what we did".
- PMC's of each subproject due a little of due diligence and PR of each 
project to have CVS members identify the source of designs, so that it 
can be vouched for that indeed this is ASF IP and not a refactoring or 
derived, since as I illustrated, people can generalize.
- Develop a policy that only non PMC members can propose a project. This 
gives officers the distance to be able to say: "project was accepted as 
represented", should any problems ever arise and not be involved.

</A proposed way out >


I am going to note, that these events happened during Greg Stein's 
reign, fair or unfair, which is why I originally got upset, because it 
was all predictable.
I sincerely wish all the best to the members of ASF, a brand I admire. I 
thank you for contributing your time, ideas and implementations to the 
community at large.

Vic
baseBeans

Ps:
A. baseBeans was one of the first companies to advertise with 3 half 
page adds in JDJ in 2001, helping raise awareness of Struts (which I did 
not see Sun/IBM, etc. advertise Tomcat, etc.) I also contributed some 
discussions in struts-users to expose how MVC is applied in 
Master/Detail processing. baseBeans have financially donated funds to 
open source developers, but not ASF.  In general, I base my business on 
promoting and supporting OSS. I get plenty back in return for my 
efforts, thanks to among others ASF members. I am also aware as to what 
happened to the person that insisted on telling the church that the 
earth is round. :-(

B. I sincerely see this hurting OSS. I sincerely think this could 
appears unethical to some in the community, regardless if it is legal. 
It has been suggested that this is some vendetta because bP was turned 
down for incubation- I can answer that that is not a part of my 
motivation. It was suggested that I have affinity to jBoss - my answer 
is that I do not like EJB, and hence EJB containers. Instead I view this 
as appearing to point on how to legally refactored anything, and it is 
the 2nd time this happens that worries me. In fact I was critical of 
EJBs publicly, exercising FREE, as in FREE speech that an ASF member 
sent me a personal e-mail stating that he will make sure that I never 
become a ASF members because of this single fact. So no I am not a ASF 
member. I am a long time user of ASF "products" and therefore feel that 
I am part of the user community.

C. Yeah, here is what we should be talking about in the OSS community. 
To me Hivemind combines services, IoC (Inversion of Control patern), 
Design By Contract (Jass, JContract, iContract),  AOP's interceptors 
(Aspect oriented programing), etc. into something very useful, simple 
and powerful. More? I think in stages: 1st Generation languages, 2nd 
gen, 3rd generation, OO+MVC, and the next wave in productivity is HiveMind.
I am 10 times more productive using OO then in 3gl, I expect to be 10 
times more productive using Hivemind relative to OO. Also, I am still 
having problems trying to use it and need the help of ASF community. 
But.. it should be clear IP and live by the same rules.



---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message