incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paolo Castagna <castagna.li...@googlemail.com>
Subject Re: [Proposal] Accept Jena into the Incubator
Date Mon, 15 Nov 2010 11:02:08 GMT


Steve Loughran wrote:
> On 13/11/10 04:17, Paolo Castagna wrote:
>> Jeremy Carroll wrote:
>>> On 11/12/2010 11:51 AM, Paolo Castagna wrote:
>>>>
>>>> Also (from the JenaProposal):
>>>>
>>>> "The Jena GRDDL Reader has some additional dependencies:
>>>> http://jena.sourceforge.net/grddl/license.html"
>>>>
>>>> BrowserLauncher2 could be removed in favor of a much simpler approach
>>>> (i.e. write it in a file!).
>>>
>>> That is actually superseded by a Java6 facility, so I should do a
>>> small piece of recoding and remove the dependency
>>
>> +1
>>
>> (and, if I can help, let me know.)
>>
>> Of course, it would be even easier/less work, to remove the click
>> through altogether (this is probably my favorite option).
>>
>>>> What other Apache projects do in a similar situation (i.e. you want
>>>> to warn the user about some potential security issues and therefore
>>>> you ask the user to actively agree, press a button, etc. to make sure
>>>> the user reads it (I know, I know...))?
>>>
>>> The GRDDL component runs XSLT from the Web, in a sandbox.
>>> The HP lawyer who advised, understanding the risks of running 3rd
>>> party code, wanted an explicit user action to agree to the BSD license
>>> terms, to have a firmer leg to stand on if the the 3rd party code
>>> proved malicious, and the sandbox inadequate.
>>> (The browser launcher is used only for the click through agreement to
>>> BSD)
>>
>> I was not able to find a single Apache project which requires a click
>> through to 'ensure' users agree to the license.
> 
> it really screws up things like transitive ivy/maen downloads too, you 
> make an enemy of people downstream. That's why Sun JARs with click 
> through licenses aren't there.
> 
> For Jena, maybe untrusted XSL is some feature that should be turned on 
> via a config option, not click-through.

GRDDL is just one (small) module within Jena.
Jena GRDDL implements stuff specified here: 
http://www.w3.org/2004/01/rdxh/spec
Jena GRDDL artifacts are not published in Maven Central at the moment.

More importantly, Jena does not use any click through.

This is just to avoid confusion.

Paolo

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message