incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: logo source files
Date Tue, 03 Apr 2012 20:04:24 GMT
On Tue, Apr 3, 2012 at 3:23 PM, Dennis E. Hamilton
<dennis.hamilton@acm.org>wrote:

> There's something that nags at me about logos and similar materials being
> part of the source-code release (that, I am told, is *the* release in terms
> of Apache principles).
>
> It is natural to have such artifacts in the SVN tree because it is
> convenient and it probably feels essential to have the released source-code
> be the precise source for the project-created binary distributions.
>
> On the other hand, while it is desirable for folks to be able to reproduce
> our build, and have access to the source that was used, that they would end
> up having something that can be claimed to be the authentic project-created
> binary distribution.  Yet it will appear indistinguishable from it.
>
>
If the MD5's match, who cares where it was built?  If the MD5's do not
match then they are distinguishable.  (For MD5's you could substitute code
signing for a more end-user friendly form of the same thing.)


> There is this odd hitch when binaries are built by someone else, even
> without modification, but without preservation of provenance and
> authenticity.  Yet they are not distinguished from "the real thing."
>
>
Ditto.  If the hashes match, then it is the "real thing", for all intents
and purposes.


> There is also the problem that, when someone modifies the source and the
> build, that the default is for the resulting binary to be
> indistinguishable, in terms of surface features and the presence of
> identifying information, from the project-created binary distribution.
>
>
Ditto.  In that case the hashes don't match so it would be distinguishable.


> I'm also not clear that logos and related artifacts qualify as open-source
> concerning the trademark issues.
>
> I don't know how to crack that strange entanglement.
>
>
Look at what Mozilla does, for example.  The default build options do not
include the project logos.



> I can see it working if it were considered that even our binary releases
> are downstream from the Apache release and have some essential
> customizations including being digitally signed and authenticated in other
> ways.  Then placeholders could appear in the released source for
> binary-distribution items (some other content being provided instead) that
> are to be provided/customized by any downstream producer, even ourselves.
>
> And then I can't figure out how the binary can be tied to the exact source
> it was produced from.
>
>
That is not really the issue, is it?  The issue is how a user can
distinguish an Apache release from something that is not an Apache
release.  The PMC is responsible for ensuring that the binary package was
derived from the source.


> Arghh.
>
> I keep thinking this must have been dealt with in the production of other
> user-facing binary distributions from open-source code releases.  Anyone
> have any pointers?
>
>
Mozilla is a good example.

http://www.mozilla.org/foundation/trademarks/policy.html

Also, "Passport without a Visa" is a good article that describes some of
the considerations:

http://www.ifosslr.org/ifosslr/article/view/11/37

-Rob


>  - Dennis
>
>
>
> -----Original Message-----
> From: Rob Weir [mailto:robweir@apache.org]
> Sent: Tuesday, April 03, 2012 10:10
> To: ooo-dev@incubator.apache.org
> Subject: Re: logo source files
>
> On Tue, Apr 3, 2012 at 4:00 AM, J├╝rgen Schmidt
> <jogischmidt@googlemail.com>wrote:
>
> > On 4/3/12 9:41 AM, Kevin Grignon wrote:
> >
> >> @Drew
> >>
> >> Where do we keep the source files for the logos?
> >>
> >>
> > I would like to suggest that we should create a new place for this kind
> of
> > stuff besides trunk
> >
> >
> +1.  Getting it into SVN makes it easy to get to from the build and the
> website.
>
>
> > Juergen
> >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message