incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <>
Subject Re: A systematic approach to IP review?
Date Mon, 19 Sep 2011 11:40:09 GMT
On Sun, Sep 18, 2011 at 9:34 PM, Pedro Giffuni <> wrote:
> Hi;
> Is there an updated SGA already?

Not that I know of.   But we can and should go ahead with IP clearance
using the SGA we already have.   In fact, starting that process will
help us identify exactly which files needed to be added to the updated


> I think there will likely be a set of files of uncertain license
> that we should move to apache-extras. I am refering specifically
> to the dictionaries: Oracle might have property over some but not
> all. I propose we rescue myspell in apache-extras and put the
> dictionaries there to keep it as an alternative. I have no idea
> where to get MySpell though.
> While here, if there's still interest in maintaining the Hg
> history, seems to be a nice alternative: it's
> rather specialized in Mercurial.
> Cheers,
> Pedro.
> On Sun, 18 Sep 2011 20:27:05 -0400, Rob Weir <> wrote:
>> If you haven't looked it closely, it is probably worth a few minutes
>> of your time to review our incubation status page, especially the
>> items under "Copyright" and "Verify Distribution Rights".  It lists
>> the things we need to do, including:
>>  -- Check and make sure that the papers that transfer rights to the
>> ASF been received. It is only necessary to transfer rights for the
>> package, the core code, and any new code produced by the project.
>> -- Check and make sure that the files that have been donated have been
>> updated to reflect the new ASF copyright.
>> -- Check and make sure that for all code included with the
>> distribution that is not under the Apache license, we have the right
>> to combine with Apache-licensed code and redistribute.
>> -- Check and make sure that all source code distributed by the project
>> is covered by one or more of the following approved licenses: Apache,
>> BSD, Artistic, MIT/X, MIT/W3C, MPL 1.1, or something with essentially
>> the same terms.
>> Some of this is already going on, but it is hard to get a sense of who
>> is doing what and how much progress we have made.  I wonder if we can
>> agree to a more systematic approach?  This will make it easier to see
>> the progress we're making and it will also make it easier for others
>> to help.
>> Suggestions:
>> 1) We need to get all files needed for the build into SVN.  Right now
>> there are some that are copied down from the website
>> during the build's bootstrap process.   Until we get the files all in
>> one place it is hard to get a comprehensive view of our dependencies.
>> 2) Continue the CWS integrations.  Along with 1) this ensures that all
>> the code we need for the release is in SVN.
>> 3)  Files that Oracle include in their SGA need to have the Apache
>> license header inserted and the Sun/Oracle copyright migrated to the
>> NOTICE file.  Apache RAT (Release Audit Tool) [2] can be used to
>> automate parts of this.
>> 4) Once the SGA files have the Apache headers, then we can make
>> regular use of RAT to report on files that are lacking an Apache
>> header.  Such files might be in one of the following categories:
>> a) Files that Oracle owns the copyright on and which should be
>> included in an amended SGA
>> b) Files that have a compatible OSS license which we are permitted to
>> use.  This might require that we add a mention of it to the NOTICE
>> file.
>> c) Files that have an incompatible OSS license.  These need to be
>> removed/replaced.
>> d) Files that have an OSS license that has not yet been
>> reviewed/categorized by Apache legal affairs.  In that case we need to
>> bring it to their attention.
>> e) (Hypothetically) files that are not under an OSS license at all.
>> E.g., a Microsoft header file.  These must be removed.
>> 5) We should to track the resolution of each file, and do this
>> publicly.  The audit trail is important.  Some ways we could do this
>> might be:
>> a) Track this in SVN properties.  So set ip:sga for the SGA files,
>> ip:mit for files that are MIT licensed, etc.  This should be reflected
>> in headers as well, but this is not always possible.  For example, we
>> might have binary files where we cannot add headers, or cases where
>> the OSS files do not have headers, but where we can prove their
>> provenance via other means.
>> b) Track this is a spreadsheet, one row per file.
>> c) Track this is an text log file checked in SVN
>> d) Track this in an annotated script that runs RAT, where the
>> annotations document the reason for cases where we tell it to ignore a
>> file or directory.
>> 6) Iterate until we have a clean RAT report.
>> 7) Goal should be for anyone today to be able to see what work remains
>> for IP clearance, as well as for someone 5 years from now to be able
>> to tell what we did.  Tracking this on the community wiki is probably
>> not good enough, since we've previously talked about dropping that
>> wiki and going to MWiki.
>> -Rob
>> [1]
>> [2]

View raw message