From legal-discuss-return-6515-apmail-legal-discuss-archive=apache.org@apache.org Fri Jul 29 18:11:47 2011 Return-Path: X-Original-To: apmail-legal-discuss-archive@www.apache.org Delivered-To: apmail-legal-discuss-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0575F69A9 for ; Fri, 29 Jul 2011 18:11:47 +0000 (UTC) Received: (qmail 11057 invoked by uid 500); 29 Jul 2011 18:11:46 -0000 Delivered-To: apmail-legal-discuss-archive@apache.org Received: (qmail 10837 invoked by uid 500); 29 Jul 2011 18:11:45 -0000 Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: Reply-To: legal-discuss@apache.org List-Id: Delivered-To: mailing list legal-discuss@apache.org Received: (qmail 10829 invoked by uid 99); 29 Jul 2011 18:11:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Jul 2011 18:11:45 +0000 X-ASF-Spam-Status: No, hits=1.3 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ralph.goers@dslextreme.com designates 209.85.160.178 as permitted sender) Received: from [209.85.160.178] (HELO mail-gy0-f178.google.com) (209.85.160.178) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Jul 2011 18:11:38 +0000 Received: by gyf1 with SMTP id 1so3777593gyf.23 for ; Fri, 29 Jul 2011 11:11:10 -0700 (PDT) Received: by 10.142.134.2 with SMTP id h2mr992465wfd.247.1311963068037; Fri, 29 Jul 2011 11:11:08 -0700 (PDT) Received: from [10.11.142.227] (otwbsc01.oceanic.net [205.172.16.102]) by mx.google.com with ESMTPS id v1sm2401563pbg.15.2011.07.29.11.11.06 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 29 Jul 2011 11:11:07 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1084) Subject: Re: IP Clearance From: Ralph Goers In-Reply-To: Date: Fri, 29 Jul 2011 11:11:04 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <1311878349.84406.YahooMailClassic@web27805.mail.ukl.yahoo.com> <314DD6CC-79A3-4F82-9DBD-C569A23A45E9@gbiv.com> <5726FFFA-D43B-45BB-AF43-8B4684759748@dslextreme.com> <0aad01cc4e0f$ada35420$08e9fc60$@com> To: legal-discuss@apache.org X-Mailer: Apple Mail (2.1084) On Jul 29, 2011, at 10:27 AM, Sam Ruby wrote: > On Fri, Jul 29, 2011 at 12:50 PM, Lawrence Rosen = wrote: >> Sam Ruby wrote: >>> My your reasoning, we would never require an ICLA. And if the code = in >>> question is small and obvious enough, that is clearly defensible. >>> When we are talking more than that, adding an ICLA adds clarity. As >>> does a Software Grant. By my reasoning we would always still require an ICLA. I don't see how = you get from my questions regarding existing third party code licensed = the Apache license to that conclusion. Under my ICLA everything I commit = is my responsibility. If I chose to take a work such as Aether and = commit it I would be the one how has verified the provenance of the = code. =20 >>=20 >> What "clarity" are you expecting to add by using an ICLA that is not = available by a clear use of the Apache License? >=20 > If you wish to propose that we do away with all ICLAs, feel free to > propose that. Meanwhile, this question has been asked and answered a > number of times - even on this very thread. Meanwhile, I will address > this in the next section. >=20 >>> Apparently you have never had the joy of working for a large, >>> conservative corporation with deep pockets. We have had several >>> instances of a user doing their own code scans, identifying issues >>> that we had inadvertently overlooked, and these issues were reported >>> to the appropriate PMC which promptly addressed the issue. >> Since 2003 we have required a CLA before we create a new committer = account. In 2004 we disabled accounts from people who did not have a = CLA on file. >=20 >> I have had that joy, including for several years working for the same = "large, conservative corporation" that you work for. I still don't = understand your point. What's their concern about? >=20 > We have had a number of specific bugs identified over the years > against a number of projects. For a number of years, a recurring > theme was that Apache Projects bundled jars that were made available > under the Sun Binary Code License. In some cases, we got Sun to > change the license under which this Jar was made available. In > others, we changed the product to not bundle the jar. >=20 > But the point is that our code had a bug in it, and once we were aware > of it, we promptly addressed the bug. >=20 > I will assert that we are more careful than many projects out on the > Internet. We may have an occasional bug, but overall we do a pretty > good job. If we bring in code, it is incumbent on us to bring that > code up to our standards. For a three line patch entered on Jira, > that is not a problem. For a substantial codebase developed over a > large period of time by a number of contributors it is a bit more. OK - but I don't understand what relevance the above has. >=20 > We just received a huge contribution from Oracle in the form of > OpenOffice.org. Along with that we requested -- and you were > instrumental in helping us obtain -- a Software Grant. This adds a > huge amount of clarity and significantly reduces the amount of IP > clearance efforts that the podling will have to undertake. Sure it does. But OOo wasn't an existing project under an Apache = License. If it had already been under the Apache license what "IP = clearance" is there to do? >=20 > The same thing applies -- albeit on a smaller scale -- with Aether. This is the essential part that I don't understand. What >=20 > This is not new. It is not even new to Maven, which has participated > multiple times in IP clearance efforts: >=20 > http://incubator.apache.org/ip-clearance/index.html As I said in my prior email, I'm aware of this and as I have always = questioned why it was necessary for things that were already under the = Apache license. While I definitely understand the need to do this where = a license change is occurring I just don't get it for works that are = already under our license. Can you please specifically address just = that and not a whole lot of other stuff? >=20 > As to ICLAs,=20 I never brought up ICLAs and never said they weren't necessary. Ralph= --------------------------------------------------------------------- To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org For additional commands, e-mail: legal-discuss-help@apache.org