www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Bagnara <apa...@bago.org>
Subject Re: SUN PROPRIETARY/CONFIDENTIAL code in myfaces
Date Sat, 04 Aug 2007 01:02:07 GMT
Roy T. Fielding ha scritto:
> On Aug 3, 2007, at 1:22 AM, Stefano Bagnara wrote:
>> Santiago Gala ha scritto:
>>> I'm not really sure what we are trying to achieve here, but a file
>>> committed by a Sun employee, that has signed a CLA, while working under
>>> Sun direction, etc. *is licensed under AL 2.0*
>> This is a very dangerous "statement". I committed many files to the ASF
>> repositories under the CDDL, the BSD, the MIT, the MPL licenses (being
>> them jars, xmls or other files) but this does not means they are now AL
>> 2.0 and copyrighted to ASF.
> No, and Santiago didn't say anything like that either.  In this case,
> Sun has a long-standing agreement with the ASF which says that
> all Sun-copyrighted content that their employees commit to Tomcat
> is contributed under license to the ASF and we may relicense it
> at will provided the license is consistent with our open source,
> nonprofit purpose.  That was part of our agreement to accept the
> Tomcat code (and logo) as an Apache project.
> Second, we are not responsible for any actions by individuals.
> If a committer submits code that they do not have the legal right
> to submit, then they will not be defended by Apache.  What the ASF
> defends are the decisions of our PMCs to make a release, not the
> decisions by individual committers to ignore our policies.

That's what I'm trying to say: we need to understand what is the ASF
policy wrt non class files included in CDDL licensed jars.

The mail-1.4.jar example is what I committed to our svn repository
believing I was committing a category B artifact and now I'm not sure I
could have done it as it includes also some text file that we cannot
consider binary. As I don't want to be individually responsible for such
things, should I write our PMC about this and should we stop
distributing JAMES Server? Or is this only a missing piece in the ASF

The most important thing is that I don't want any individual
responsibility for this: if the PMC decision to release does not protect
me then I will remove the CDDL jar tomorrow and someone else will try to
understand if the ASF policies allow us to include it or not ;-)

I agree with everything else you wrote.


> Third, unless specifically stated otherwise in a contribution and
> accepted as such by the PMC, all contributions are under the Apache
> license.  NOBODY has the right to commit non-Apache-Licensed source
> to an ASF project without prior approval of the responsible PMC.
> I don't know the specific background of the files in myfaces, unlike
> the ones in Tomcat.  I do know Craig was mentoring the project and
> that he was the spec lead at the time, so whoever did commit those
> files to MyFaces did so with his permission.
> None of that changes the copyright on these files.  The copyright
> is still owned by Sun.  However, we cannot publish misleading and
> incorrect license notices within our releases.  The files committed
> to our repository with permission of the copyright owner must have
> a license header consistent with the license they gave to the ASF.
> The copyright ownership notice should remain.  Only the header info
> about the no-longer-applicable license is removed.  If the copyright
> owner disagrees with a specific contribution, it is their
> responsibility to notify us.  Once that notice is received, we will
> take whatever action is warranted aside from changing history -- we
> will not change old (approved) releases just because a copyright
> owner has changed their mind about a past commit.
> In any case, if these files are updated to the most recent specs or
> new files are suggested for commit, it is the committer's and PMC's
> responsibility to ensure that permission is obtained from the
> copyright owner and that the result of that permission is reflected
> in the license headers.  That will always be a requirement, no
> matter what our policies say about third-party licenses.
> ....Roy

DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message