Return-Path: Delivered-To: apmail-legal-discuss-archive@www.apache.org Received: (qmail 40180 invoked from network); 21 Nov 2008 20:36:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Nov 2008 20:36:37 -0000 Received: (qmail 64618 invoked by uid 500); 21 Nov 2008 20:36:46 -0000 Delivered-To: apmail-legal-discuss-archive@apache.org Received: (qmail 64346 invoked by uid 500); 21 Nov 2008 20:36:45 -0000 Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: Reply-To: legal-discuss@apache.org List-Id: Delivered-To: mailing list legal-discuss@apache.org Received: (qmail 64337 invoked by uid 99); 21 Nov 2008 20:36:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Nov 2008 12:36:45 -0800 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of michael.d.dick@gmail.com designates 74.125.46.30 as permitted sender) Received: from [74.125.46.30] (HELO yw-out-2324.google.com) (74.125.46.30) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Nov 2008 20:35:21 +0000 Received: by yw-out-2324.google.com with SMTP id 9so526142ywe.59 for ; Fri, 21 Nov 2008 12:35:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:mime-version:content-type; bh=2rsOmpkaVaCkIeI6iK2PIAXUPuMT39w0Ez9zPHC4yeI=; b=sdyXTOV/0D7BKtyFY+WKmEYeqF+9Am+3ITOYAtEMeMG2/AsTET3wgNI6Fp7PADWT5i PFRJFQE9QG5bslvAMODvc8z03vbBXbofGE6hXvKy3Kv2+hHRWaovHrxV5YF1SAUM08ZA I6Z7Sj+84fYV9yOgXkmGnNwvIg0H8TkDBuoGI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:mime-version:content-type; b=CuRxur9Nl2kZXo1W/ysI6xn4pJwlq541BF/VI2ApRbPurHAAr1xa7vpf9m62nxJdeK +8EU+5kck+juIZM5cSMZ3Su8s47vvm5k7YtnKREwpDg8s59Jg48FapQOhiLqf2itYSQg bs1bXsb1ZKcQaKQQ59js8LdAUIid3LA2IE1fA= Received: by 10.142.166.20 with SMTP id o20mr439999wfe.297.1227299755754; Fri, 21 Nov 2008 12:35:55 -0800 (PST) Received: by 10.142.136.10 with HTTP; Fri, 21 Nov 2008 12:35:55 -0800 (PST) Message-ID: <72c1350f0811211235t49f6d78al546ae1fe5f7ba958@mail.gmail.com> Date: Fri, 21 Nov 2008 14:35:55 -0600 From: "Michael Dick" To: legal-discuss@apache.org Subject: Use of proprietary binaries Cc: Kevin MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_110472_17187017.1227299755751" X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_110472_17187017.1227299755751 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi all, I work on the OpenJPA project and we have an issue with a compilation dependency on an API owned by IBM. IBM provided the API in binary format with a license that allows us to distribute it with our application (ie OpenJPA). It's my understanding that we are not allowed to publish the binary elsewhere though (for example we would not be allowed to put it on my home directory on people.apache.org). I wasn't sure how we could limit the exposure of the API, and the best solution I came up with was to include it in version control (SVN). As a result anyone who extracts the source code from SVN gets a copy of the API, and may use it to compile OpenJPA. However we do not distribute the jar with the pre-compiled binary distributions of OpenJPA. If the API is needed we expect it to be provided by IBM (WebSphere in this case). I'm looking for guidance on how where we should include and document binary dependencies like this one. Can we include a binary like this is SVN and just add the approriate disclaimer to NOTICE.txt? Would it be better to make the API available on openjpa.apache.org and download it from there as a part of our build? In case it helps the license that the jar was distributed with is available on my people.apache.org page at http://people.apache.org/~mikedd/ibm-uow-license.txt. Thanks in advance, -mike ------=_Part_110472_17187017.1227299755751 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi all,

I work on the OpenJPA project and we have an issue with a compilation dependency on an API owned by IBM.

IBM provided the API in binary format with a license that allows us to distribute it with our application (ie OpenJPA). It's my understanding that we are not allowed to publish the binary elsewhere though (for example we would not be allowed to put it on my home directory on people.apache.org).

I wasn't sure how we could limit the exposure of the API, and the best solution I  came up with was to include it in version control (SVN).

As a result anyone who extracts the source code from SVN gets a copy of the API, and may use it to compile OpenJPA. However we do not distribute the jar with the pre-compiled binary distributions of OpenJPA. If the API is needed we expect it to be provided by IBM (WebSphere in this case).

I'm looking for guidance on how where we should include and document binary dependencies like this one. Can we include a binary like this is SVN and just add the approriate disclaimer to NOTICE.txt? Would it be better to make the API available on openjpa.apache.org and download it from there as a part of our build?

In case it helps the license that the jar was distributed with is available on my people.apache.org page at
http://people.apache.org/~mikedd/ibm-uow-license.txt.

Thanks in advance,

-mike
------=_Part_110472_17187017.1227299755751--