incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: [VOTE] Release ManifoldCF 0.5-incubating, RC0
Date Tue, 27 Mar 2012 10:16:18 GMT
Please see below.

On Tue, Mar 27, 2012 at 5:50 AM, Roy T. Fielding <fielding@gbiv.com> wrote:
> On Mar 27, 2012, at 2:15 AM, sebb wrote:
>> On 26 March 2012 16:20, Roy T. Fielding <fielding@gbiv.com> wrote:
>>> On Mar 26, 2012, at 4:41 PM, Karl Wright wrote:
>>>> On Mon, Mar 26, 2012 at 10:24 AM, sebb <sebbaz@gmail.com> wrote:
>>>>> On 26 March 2012 02:38, Shinichiro Abe <shinichiro.abe.1@gmail.com>
wrote:
>>>>>> Hello Incubator IPMC,
>>>>>>
>>>>>> Please vote on whether or not to release ManifoldCF 0.5-incubating,
RC0.
>>>>>> This RC has passed our podling vote and awaits your inspection.
>>>>>> You can find the artifact at
>>>>>> http://people.apache.org/~shinichiro/apache-manifoldcf-0.5-incubating-RC0/,
or
>>>>>> in svn at https://svn.apache.org/repos/asf/incubator/lcf/tags/release-0.5-incubating-RC0/.
>>>>>
>>>>> The NOTICE file says:
>>>>> Apache ManifoldCF
>>>>> Copyright 2010-2011 The Apache Software Foundation
>>>>>
>>>>> The LICENSE file includes references to lots of jars that are dual
>>>>> licensed under CDDL v1.0 and GPL v2.
>>>>> However, there is no indication which license has been chosen by the
project.
>>>>>
>>>>> I think this is a blocker.
>>>
>>> A project does not choose a license.  The license is provided by the copyright
>>> owner.  We do not change that license, nor do we reduce the number of the
>>> available licenses to choose from, for downstream recipients.  Therefore,
>>> it doesn't make any sense to indicate which one is "chosen".
>>>
>>> In any case, the indicated artifacts are only included in binary packages.
>>> We don't release binaries, so none of these licenses belong in our source
>>> product's LICENSE file.  We need to be clear that the source code package
>>> does not include these dependencies.  They only exist in binary distributions.
>>
>> That's not the case with this product at present; all the jars are
>> actually in SVN and they are also in the source and binary archives.
>
> Do I really need to explain what "source code" means?
>
>  http://www.apache.org/dev/release.html#what
>
>  "All releases are in the form of the source materials needed to make changes to the
software being released."
>
> Apache releases open source and ONLY open source.  Our releases are absolutely
> forbidden to contain anything other than the open source code that is in our
> vcs-of-record, meaning code that is in the form most likely to be edited by
> recipients for the sake of modifying the product, and in some specific cases
> the generated (and open) source code of build scripts.
>
> Binary distributions and binary/jar dependencies MUST be separate packages
> that are not voted on by the PMC during the release vote, because they are
> not part of our product and are not released by the ASF.  No PMC has been
> granted the authority to publish binary releases on behalf of the ASF.
> It would be contrary to the mission of the foundation.  They may distribute
> binary build packages of existing source releases, but these are not ASF
> releases -- they are just builds provided by the project for user convenience.

ManifoldCF does not distribute binary build packages that do not have
a separately-published source release somewhere, and never did.

> Likewise for jar files of dependencies -- they are NOT our product and they
> MUST NOT be present in the source code package that is voted on for release.
>

If this is the case, you basically imply that binary distributions of
other released open source packages cannot be checked into SVN as part
of a project.  Is this what you are claiming?  If so, I suggest you
audit all Apache projects because in my estimation well over 50% of
then do not adhere to this rule.

> If podlings get this wrong, fix them.  If TLPs get this wrong, fix them.
> No project should ever leave incubator before this is drilled into their
> collective skull: The ASF produces open source software!
>
> If any ASF member is aware of an Apache release package that is not 100%
> open source code, you are hereby instructed to DELETE it from our servers.
> Nobody, not even me, has the right to place a compiled class in one of
> our packages and call that a source release.
>

I am aware of no Apache release that is not 100% open source software,
but I am aware of many that include binary distributions of other open
source released works.  Can you please clarify if such projects should
be deleted immediately?  I really have to ask for clarification on
this issue because this is entirely at odds with what I'd read and
been told in some 2+ years being involved with ASF projects.

> Is that clear?
>

No, please clarify.

Karl

> ....Roy
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message