Return-Path: Delivered-To: apmail-legal-discuss-archive@www.apache.org Received: (qmail 78889 invoked from network); 23 Nov 2008 18:26:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 23 Nov 2008 18:26:16 -0000 Received: (qmail 75300 invoked by uid 500); 23 Nov 2008 18:26:22 -0000 Delivered-To: apmail-legal-discuss-archive@apache.org Received: (qmail 75072 invoked by uid 500); 23 Nov 2008 18:26:21 -0000 Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: Reply-To: legal-discuss@apache.org List-Id: Delivered-To: mailing list legal-discuss@apache.org Received: (qmail 75063 invoked by uid 99); 23 Nov 2008 18:26:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 23 Nov 2008 10:26:21 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of hyandell@gmail.com designates 209.85.146.183 as permitted sender) Received: from [209.85.146.183] (HELO wa-out-1112.google.com) (209.85.146.183) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 23 Nov 2008 18:24:57 +0000 Received: by wa-out-1112.google.com with SMTP id v27so879207wah.17 for ; Sun, 23 Nov 2008 10:25:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=ntk+ReGWQCBzC+2iil+epdmyZQ/+vPrgWJRxlSd5GOk=; b=gOeaBc1Tb87DCawW1289uKzsEr2ZEfPA9EdEjKgU0ekpNajhhXaH1DbvaWSPb7Xvlf vpsS6c96XZMh7c5Ax+n+ha8irycl8FivwUZL2hbJFqzelpObioInJ48GdA3ConV9TURq k6fPXSEOC0HsBbFF0kKAw2Ha4hVWCtvocVmAw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=M1H/gTAaJ5231RQuAOZvdYtb+ZvoC2Qi3JvSoaa6yyj28FMwqxYzkrPmB6V8U4N2yv v2B15MKaHkHhbN+iTt6hx2ngLoTTLrVASwSUWH2CxYn27suO7FSoPb07JoZ3r38yuK8V uZsrbZuOBrotvfYlWIr3AHgcQauMbZuN2krxY= Received: by 10.115.79.8 with SMTP id g8mr1507012wal.65.1227464742744; Sun, 23 Nov 2008 10:25:42 -0800 (PST) Received: by 10.114.159.2 with HTTP; Sun, 23 Nov 2008 10:25:42 -0800 (PST) Message-ID: <2d12b2f00811231025j2917c827qf64309e212bd4254@mail.gmail.com> Date: Sun, 23 Nov 2008 10:25:42 -0800 From: "Henri Yandell" Sender: hyandell@gmail.com To: legal-discuss@apache.org Subject: Re: Use of proprietary binaries Cc: Kevin In-Reply-To: <72c1350f0811211235t49f6d78al546ae1fe5f7ba958@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <72c1350f0811211235t49f6d78al546ae1fe5f7ba958@mail.gmail.com> X-Google-Sender-Auth: 3e68925f34fa35e4 X-Virus-Checked: Checked by ClamAV on apache.org Sorry for missing the bit about not distributing it Michael. On to guidance. I don't see any legal reason why we can't include it in svn - we're allowed to distribute it, just no one downstream without their own license from IBM. My biggest worry would be that some people would tar up an svn co - even for example our taritup scripts. I'd be tempted to make an svn location called 'donotredistribute' and svn:external it in. The nature of svn means it'll be pretty obvious - plus a README file can explain that (I wouldn't use the NOTICE). Hope that helps, and sorry for answering the wrong question, Hen On Fri, Nov 21, 2008 at 12:35 PM, Michael Dick wrote: > Hi all, > > I work on the OpenJPA project and we have an issue with a compilation > dependency on an API owned by IBM. > > IBM provided the API in binary format with a license that allows us to > distribute it with our application (ie OpenJPA). It's my understanding that > we are not allowed to publish the binary elsewhere though (for example we > would not be allowed to put it on my home directory on people.apache.org). > > I wasn't sure how we could limit the exposure of the API, and the best > solution I came up with was to include it in version control (SVN). > > As a result anyone who extracts the source code from SVN gets a copy of the > API, and may use it to compile OpenJPA. However we do not distribute the jar > with the pre-compiled binary distributions of OpenJPA. If the API is needed > we expect it to be provided by IBM (WebSphere in this case). > > I'm looking for guidance on how where we should include and document binary > dependencies like this one. Can we include a binary like this is SVN and > just add the approriate disclaimer to NOTICE.txt? Would it be better to make > the API available on openjpa.apache.org and download it from there as a part > of our build? > > In case it helps the license that the jar was distributed with is available > on my people.apache.org page at > http://people.apache.org/~mikedd/ibm-uow-license.txt. > > Thanks in advance, > > -mike > --------------------------------------------------------------------- DISCLAIMER: Discussions on this list are informational and educational only. Statements made on this list are not privileged, do not constitute legal advice, and do not necessarily reflect the opinions and policies of the ASF. See for official ASF policies and documents. --------------------------------------------------------------------- To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org For additional commands, e-mail: legal-discuss-help@apache.org