www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Goers <ralph.go...@dslextreme.com>
Subject Re: Maven Releases
Date Mon, 27 Apr 2009 13:38:49 GMT
Many projects don't provide a source jar. When it is provided,  
typically the source jar is only usable for debugging purposes. As far  
as I am concerned that is fine.

The "release" is actually the tag in SVN. Most, if not all, projects  
provide the binary artifacts of building that tag for users. In the  
case of Java applications that is almost always used by users instead  
of building the source on your own. But as Roy likes to say, we  
release source not binaries.  However, the dependencies the binaries  
have at run time have always been where the policy has focused. After  
all, if a unit test requires GPL'd software that is fine as it only  
makes the unit test a derivative work, not the component being  
released. If the build wants to use some GPL'd tool to build the  
project web site, so what? For example, checkstyle is used by lots of  
projects and it is under the LGPL. Some projects might use Clover to  
generate a code coverage report, which Atlassian allows open source  
projects to use for free but is a commercial project. If they don't  
use Clover then they might use Cobertura, which is licensed under the  
GPL. Neither of these have ever been a problem because they don't  
cause the artifact being released to require anything besides the  
Apache license.

I have never seen any policy that says everything used in the build  
process must have a license compatible with the Apache license.


On Apr 27, 2009, at 5:49 AM, Niclas Hedhman wrote:

> On Mon, Apr 27, 2009 at 3:55 PM, Ralph Goers <ralph.goers@dslextreme.com 
> > wrote:
>> I could care less that it is Maven. What I care about is that you are
>> discussing a build (and one that has bugs in it apparently), not a  
>> release.
> It is discussing the Release, the source release, which IMHO should be
> able to build with given instructions (provided). Policy says that any
> released binary should be the output of the built released sources.
> The question is also how much is such build allow to bring in as
> downloads, and as the built artifact, is it really Ok that it pulls in
> all kinds of stuff that the user is unaware of? Since Maven builds
> itself, I must assume that it depends on everything it pulls in, and
> it is for a user very unclear of the actual licensing for Maven.
> And is it Ok that the source release artifacts only contain the source
> code, and not the needed build structure for it?
> And so on. I'd be happy if the ASF legal says "Yes, that is Ok.",
> because then Maven based projects can end up with a far different
> release workflow than typical in ASF. Right now, I think it is not in
> accordance with policy, or at least not the spirit of ASF, and I am
> seeking clearance, so I can provide an accurate answer to podlings,
> that sometimes have their own ideas on what is releases and how to
> comply with ASF.
> Cheers
> -- 
> Niclas Hedhman, Software Developer
> http://www.qi4j.org - New Energy for Java
> I  live here; http://tinyurl.com/2qq9er
> I  work here; http://tinyurl.com/2ymelc
> I relax here; http://tinyurl.com/2cgsug
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message