incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Burrell Donkin <>
Subject Re: [licensing] On Apache Releases [WAS Re: Clarification on treatment of "weak copyleft" components]
Date Thu, 20 Oct 2011 20:40:17 GMT
On Thu, Oct 20, 2011 at 9:01 PM, Rob Weir <> wrote:
> On Thu, Oct 20, 2011 at 9:06 AM, Robert Burrell Donkin


>> At Apache, a "source release" is (just) what's in version control when
>> the release is cut, is canonical and mandatory. Other artifacts follow
>> the "binary release" rules, are optional and secondary.
> OK.  So obviously no "weak" copyleft source files in our source
> release, i.e., in our source tarballs.



> The approach we currently have for these components, in OpenOffice, is:
> 1) The 3rd party components are stored in a separate repository, not
> with the core product's SVN.  So we reduce the opportunity for
> contamination.
> 2) The build script downloads the source for these components and
> compiles them.
> So we avoid the pre-req/provisioning issue.  And we don't need to
> include the MPL code in the source distribution.  It comes down
> automatically at build time,
> That may satisfy the letter of what I'm reading.  But I'd be
> interested to hear what you think, whether something like that had
> been done at Apache before.

Most projects use this sort of approach (though there is a strong
minority view that thinks that they are wrong to do so)

There has been historic resistance to hosting weak copyleft source at
Apache but there's now a consensus that requirements to supply source
in perpetuity mean that we'll have to host it sooner or later, most
likely in a separate repository.

> Maybe it would be better, for example, to allow two build modes, one
> with and one without the copyleft components, and force the downstream
> developer to explicitly enable the compilation with weak copyleft
> components by changing a flag or something?

Always a good idea to let developers know what's happening

Some downstream consumers (in particular, packagers) want to compile
against their own system dependencies so IMHO it'd be cleaner just to
switch on or off dependency download, preferrably with fine control.


View raw message