www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Goers <ralph.go...@dslextreme.com>
Subject Re: IP Clearance
Date Fri, 29 Jul 2011 18:11:04 GMT

On Jul 29, 2011, at 10:27 AM, Sam Ruby wrote:

> On Fri, Jul 29, 2011 at 12:50 PM, Lawrence Rosen <lrosen@rosenlaw.com> wrote:
>> Sam Ruby wrote:
>>> My your reasoning, we would never require an ICLA.  And if the code in
>>> question is small and obvious enough, that is clearly defensible.
>>> When we are talking more than that, adding an ICLA adds clarity.  As
>>> does a Software Grant.

By my reasoning we would always still require an ICLA. I don't see how you get from my questions
regarding existing third party code licensed the Apache license to that conclusion. Under
my ICLA everything I commit is my responsibility.  If I chose to take a work such as Aether
and commit it I would be the one how has verified the provenance of the code.   

>> What "clarity" are you expecting to add by using an ICLA that is not available by
a clear use of the Apache License?
> If you wish to propose that we do away with all ICLAs, feel free to
> propose that.  Meanwhile, this question has been asked and answered a
> number of times - even on this very thread.  Meanwhile, I will address
> this in the next section.
>>> Apparently you have never had the joy of working for a large,
>>> conservative corporation with deep pockets.  We have had several
>>> instances of a user doing their own code scans, identifying issues
>>> that we had inadvertently overlooked, and these issues were reported
>>> to the appropriate PMC which promptly addressed the issue.
>> Since 2003 we have required a CLA before we create a new committer account.  In 2004
we disabled accounts from people who did not have a CLA on file.
>> I have had that joy, including for several years working for the same "large, conservative
corporation" that you work for. I still don't understand your point. What's their concern
> We have had a number of specific bugs identified over the years
> against a number of projects.  For a number of years, a recurring
> theme was that Apache Projects bundled jars that were made available
> under the Sun Binary Code License.  In some cases, we got Sun to
> change the license under which this Jar was made available.  In
> others, we changed the product to not bundle the jar.
> But the point is that our code had a bug in it, and once we were aware
> of it, we promptly addressed the bug.
> I will assert that we are more careful than many projects out on the
> Internet.  We may have an occasional bug, but overall we do a pretty
> good job.  If we bring in code, it is incumbent on us to bring that
> code up to our standards.  For a three line patch entered on Jira,
> that is not a problem.  For a substantial codebase developed over a
> large period of time by a number of contributors it is a bit more.

OK - but I don't understand what relevance the above has.

> We just received a huge contribution from Oracle in the form of
> OpenOffice.org.  Along with that we requested -- and you were
> instrumental in helping us obtain -- a Software Grant.  This adds a
> huge amount of clarity and significantly reduces the amount of IP
> clearance efforts that the podling will have to undertake.

Sure it does. But OOo wasn't an existing project under an Apache License. If it had already
been under the Apache license what "IP clearance" is there to do?

> The same thing applies -- albeit on a smaller scale -- with Aether.

This is the essential part that I don't understand. What
> This is not new. It is not even new to Maven, which has participated
> multiple times in IP clearance efforts:
> http://incubator.apache.org/ip-clearance/index.html

As I said in my prior email, I'm aware of this and as I have always questioned why it was
necessary for things that were already under the Apache license.  While I definitely understand
the need to do this where a license change is occurring I just don't get it for works that
are already under our license.  Can you please specifically address just that and not a whole
lot of other stuff?

> As to ICLAs, 

I never brought up ICLAs and never said they weren't necessary.

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message