www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: [proposal] daedalus jar repository (was: primary distribution location)
Date Wed, 26 Feb 2003 19:54:21 GMT

As you have seen from some of our exchange and Costin's comments, there are
differing views on how to make use of the repository.  Costin and I seem to
be of the option that a significant portion of the value of the repository
comes from sharing and centralizing the managment of ASF-acceptable third
party jars.

For what it is worth, I discussed this with Dion Gillard yesterday.  He
indicated that he didn't have time to respond on the thread, but that I
should reply in proxy, so I will quote him: "People *must* know that the
maven team decided a whole lot of things about repositories.  And having an
apache only repository is almost useless; even apache uses non-apache code.
The current 'daedalus' repository seems to be duplicating what's already
been done in maven."

I don't know that I entirely agree with him about the repository duplicating
what is done by Maven, because I do believe that the ASF would want to have
oversight on what it does accept for use, and the ibiblio repository would
be a mirror or a superset of what the ASF site declares as official (for the

Dion does agree, as I think should everyone, with your rules for

  a) policy
  b) desire
  c) approval for the ASF to redistribute

Not sure that (a) and (c) aren't redundant, but that depends upon how you
define policy.

FWIW, Dion indicates that you are wrong about the "no" regarding JUnit

> Licensing policy is quite tricky and lots of things need to be done
> before the ASF should even consider setting up a centralized easily
> user-accessible distribution [of third party jars]

But that's the whole point, Leo.  :-)  Given the confusion and effort
related to the approved use of third party jars, I see that as a primary
benefit of the repository, not even a secondary one.  Especially from the
standpoint of the Board (and projects) being able to verify that all third
party jars have clean license.  I'm not sure if you have any idea of how
many hours and hours Dion has invested in going through the Maven
repository, and its licensing.

By using the repository as the authoritative statement of what is
acceptable, projects have both a known authority and a known procedure for
securing approval to use another jar.  This provides further protection to
the ASF by ensuring that not only does each PMC make a conscious decision to
use a new jar, but that people who are familar with licensing on a regular
basis also get a chance to vett new uses of third party code.

> http://nagoya.apache.org/wiki/apachewiki.cgi?Licensing should
> be made into an authoritive source on www.apache.org that
> unambiguously answers "yes" or "no"

And those would be the guiding principles used by the repository oversight
committee to approve new contents.  By centralizing it, if there are any
issues that need to go back to the Board, there is a controlled mechanism so
that it doesn't become a lot of noise at their level.  And as the approved
list grows, projects can spend less time worrying over licening, and just
use approved jars.

	--- Noel

To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org

View raw message