www-jcp-open mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: No NDAs? Or open TCKs?
Date Tue, 03 Jul 2007 05:44:40 GMT

"William A. Rowe, Jr." <wrowe@rowe-clan.net> wrote 
in message news:4689CF56.5080809@rowe-clan.net...
> Geir Magnusson Jr. wrote:
>> On Jul 2, 2007, at 11:46 PM, William A. Rowe, Jr. wrote:
>>> I think something got lost in the noise...
>>> When we say "No NDA" we are asking as a matter of convenience to
>>> not make individual open source project participants to be bound
>>> to an NDA?
>> I don't understand the question, but I'll try anyway - right now, if
>> someone wants to use a TCK from Sun for an Apache project, we ask that
>> they sign our NDA (it's between ASF and the person).
>> You can read it here :
>>   http://www.apache.org/jcp/ApacheNDA.pdf
>>> But - are we OK with a specific TCK license which is closed, e.g.
>>> would state "Licensed to developers of ASF software, irrespective
>>> of their other affiliations, provided the use is limited strictly
>>> to validation of development and implementations published through
>>> the ASF"?
>> Well, that's what we have.  But we ask people sign the NDA so that they
>> can positively state they understand that the materials are not for
>> redistribution, and we don't discuss the internals of using the tests or
>> partial results on public lists.
>> What I'd like to do is simply try to revert to a lighter restriction -
>> people assert that they understand that the materials are only for use
>> here, and we can talk about them on regular dev lists.
>>> I think we are fine with the later.  We need no license to ship
>>> a TCK outside of an ASF community, and no need to use it beyond
>>> the community.  I believe we are only asking, as a matter of
>>> principal, not to burden individual committers and PMC members
>>> by filing NDA's.
>> I'm fairly familiar with the issue :)  How do we hold people accountable
>> if they do decide to use the TCK for their own commercial use, for
>> example?  Sun may hold us accountable.  The NDA is, IMO, one way that we
>> demonstrate that we're taking due care.
> I guess I'm confused; everyone who joins the project, we hope, becomes
> familiar with the LICENSE file and how to read one.  If they violate the
> license, the ASF is at fault for their misuse?

No, we don't require that.  The person that signs the NDA gets his/her own 
copy of the TCK.  It is *never* checked into the SVN repository.  For 
example, on Tomcat, I have never signed the NDA for Servlet/JSP, so I have 
absolutely no access to the TCK (which, of course, is my choice).  As a 
result, there isn't anyway that I can violate the LICENSE :).  Any 
downstream distributer of a modified Tomcat would need to get their own copy 
of the TCK to certify their release.

But neither Tomcat 3.x or Tomcat 4.x was ever certified with the TCK (only 
Sun's port to their RI was).  From Apache, they both depended on the now 
mothballed WatchDog project to provide their own, independantly developed 
psuedo-TCK.  Since Sun and Apache were such good friends back then, 
everybody lied and said that Tomcat was the RI, but it was never technically 
true (all that was true is that the RI was based on Tomat).

I'd personally like it if we could take Geir's suggestion and nudge Sun to 
allow at least some talk of specific test failures on public lists.  That 
would at least give the committers that have access to the TCK the ability 
to veto a broken commit on the dev@ list.  But for projects like Tomcat and 
Geronimo (with NDAs on distributing [information about] the TCK, but little 
other restrictions), I think that the current system works well enough.  The 
teams at Tomcat and Geronimo have done really great things with their 
implementations of their respective specs, so I don't think that it is 
really fair to penalize them with an asterisk on their sites that they 
aren't officially certified just because of the dust up with Harmony.

> If so, that's the construction of the agreement between Sun and the ASF
> that needs to be remedied.  We take violations of our license seriously,
> or of the GPL, or of a non-open license.  But we can't guarantee each
> individual committer's behavior, whether they sign an NDA, or not.
> Bill
> Bill

View raw message