www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Ruby <ru...@intertwingly.net>
Subject Re: IP Clearance
Date Fri, 29 Jul 2011 17:27:34 GMT
On Fri, Jul 29, 2011 at 12:50 PM, Lawrence Rosen <lrosen@rosenlaw.com> wrote:
> Sam Ruby wrote:
>> My your reasoning, we would never require an ICLA.  And if the code in
>> question is small and obvious enough, that is clearly defensible.
>> When we are talking more than that, adding an ICLA adds clarity.  As
>> does a Software Grant.
>
> What "clarity" are you expecting to add by using an ICLA that is not available by a clear
use of the Apache License?

If you wish to propose that we do away with all ICLAs, feel free to
propose that.  Meanwhile, this question has been asked and answered a
number of times - even on this very thread.  Meanwhile, I will address
this in the next section.

>> Apparently you have never had the joy of working for a large,
>> conservative corporation with deep pockets.  We have had several
>> instances of a user doing their own code scans, identifying issues
>> that we had inadvertently overlooked, and these issues were reported
>> to the appropriate PMC which promptly addressed the issue.
>Since 2003 we have required a CLA before we create a new committer account.  In 2004 we
disabled accounts from people who did not have a CLA on file.

> I have had that joy, including for several years working for the same "large, conservative
corporation" that you work for. I still don't understand your point. What's their concern
about?

We have had a number of specific bugs identified over the years
against a number of projects.  For a number of years, a recurring
theme was that Apache Projects bundled jars that were made available
under the Sun Binary Code License.  In some cases, we got Sun to
change the license under which this Jar was made available.  In
others, we changed the product to not bundle the jar.

But the point is that our code had a bug in it, and once we were aware
of it, we promptly addressed the bug.

I will assert that we are more careful than many projects out on the
Internet.  We may have an occasional bug, but overall we do a pretty
good job.  If we bring in code, it is incumbent on us to bring that
code up to our standards.  For a three line patch entered on Jira,
that is not a problem.  For a substantial codebase developed over a
large period of time by a number of contributors it is a bit more.

We just received a huge contribution from Oracle in the form of
OpenOffice.org.  Along with that we requested -- and you were
instrumental in helping us obtain -- a Software Grant.  This adds a
huge amount of clarity and significantly reduces the amount of IP
clearance efforts that the podling will have to undertake.

The same thing applies -- albeit on a smaller scale -- with Aether.

This is not new. It is not even new to Maven, which has participated
multiple times in IP clearance efforts:

http://incubator.apache.org/ip-clearance/index.html

As to ICLAs, since 2003 we have required an ICLA before we create a
new committer account.  In 2004 we disabled accounts from people who
did not have an ICLA on file.  Our license, our CLAs and our Software
Grant forms were designed together to work together.  And all were
designed with the common goal of making it relatively simple for us to
demonstrate that the contributions were made voluntarily.

>> We don't publish software grants publicly for privacy reasons.  I have
>> in the past, and intend to in the future, answer simple factual
>> questions about the existence of these documents without revealing
>> personal information.
>
> What "privacy reasons" are important to you or to ASF or to the contributors?

Perhaps it is just me, but I don't believe that many corporations
would like the private email addresses of their executives to be
published on the Internet.

In the case of the recent Software Grant from Oracle, I published the
contents of the attachment for all to see, but not the part containing
the signature and contact information:

http://people.apache.org/~rubys/openoffice.files.pdf

>> Meanwhile, I encourage us to move on to questions that relate to an
>> actual plan, and not dwell on hypotheticals.  Is it possible that
>> under some circumstances we would decide to pursue an unfriendly fork
>> without consulting the owners of a piece of code?  I wouldn't rule
>> that out, but I will insist that the end result not be an end run
>> around the ASF requirement that PMCs provide appropriate oversight
>> over the provenance of their code bases.
>
> This I agree with!

:-)

> /Larry

- Sam Ruby

>> -----Original Message-----
>> From: sa3ruby@gmail.com [mailto:sa3ruby@gmail.com] On Behalf Of Sam
>> Ruby
>> Sent: Friday, July 29, 2011 4:08 AM
>> To: legal-discuss@apache.org
>> Subject: Re: IP Clearance
>>
>> On Thu, Jul 28, 2011 at 8:17 PM, Ralph Goers
>> <ralph.goers@dslextreme.com> wrote:
>> > OK.  This is obviously a statement on policy, not legality, which is
>> fine.
>> >  However, I'd like to understand the rationale for the policy a bit
>> better
>> > rather than just accepting a blanket statement.  Are their some
>> consequences
>> > I'm not thinking about or aware of in using code we are legally
>> entitled to?
>> >  Is it just a matter of preserving goodwill?
>>
>> My perspective is that it is much more than that.
>>
>> My your reasoning, we would never require an ICLA.  And if the code in
>> question is small and obvious enough, that is clearly defensible.
>> When we are talking more than that, adding an ICLA adds clarity.  As
>> does a Software Grant.
>>
>> None of these are the only way to obtain such clarity, but often times
>> the easiest.
>>
>> > Again, I'm simply trying to reconcile this policy with the fact that
>> we
>> > won't give software grants to anyone because we tell them the Apache
>> license
>> > is all they need.  I've actually had this question for quite a while
>> as I've
>> > looked at some of the things that are listed as being donated
>> > at http://incubator.apache.org/ip-clearance/index.html and in several
>> cases
>> > I don't understand what extra value the grant provides over the
>> software
>> > license.
>>
>> Apparently you have never had the joy of working for a large,
>> conservative corporation with deep pockets.  We have had several
>> instances of a user doing their own code scans, identifying issues
>> that we had inadvertently overlooked, and these issues were reported
>> to the appropriate PMC which promptly addressed the issue.
>>
>> We don't publish software grants publicly for privacy reasons.  I have
>> in the past, and intend to in the future, answer simple factual
>> questions about the existence of these documents without revealing
>> personal information.
>>
>> Meanwhile, I encourage us to move on to questions that relate to an
>> actual plan, and not dwell on hypotheticals.  Is it possible that
>> under some circumstances we would decide to pursue an unfriendly fork
>> without consulting the owners of a piece of code?  I wouldn't rule
>> that out, but I will insist that the end result not be an end run
>> around the ASF requirement that PMCs provide appropriate oversight
>> over the provenance of their code bases.
>>
>> > Ralph
>>
>> - Sam Ruby
>>
>> > On Jul 28, 2011, at 11:48 AM, Roy T. Fielding wrote:
>> >
>> > At Apache, all contributions are voluntary.  We do not accept code
>> > from copyright owners who don't want us to have it, even if we have
>> > the legal right to adopt it for other reasons.
>> >
>> > ....Roy
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> > For additional commands, e-mail: legal-discuss-help@apache.org
>> >
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message