www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: What constitutes a source release?
Date Wed, 01 May 2013 21:42:08 GMT

On May 1, 2013, at 12:09 PM, Henri Yandell wrote:

> On Wed, May 1, 2013 at 2:36 AM, Roy T. Fielding <fielding@gbiv.com> wrote:
> On Apr 30, 2013, at 11:39 PM, Henri Yandell wrote:
>> Taking a stab at the clear policy, I'd propose adding this to resolved.html:
>> "Source distributions must not contain binaries <quiet>(but let's not discuss
binaries that are not enforced like http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/icons/)</quiet>.
It's fine to have the user run a script to download binaries after they have downloaded the
source <quiet>(such as download-binaries-from-svn-tag.sh, or perhaps when first running
the application)</quiet>. " 
>> Either it's not clear to me, or the current policy is really just a vision towards
a policy.
>> Hen
> FWIW, I meant the binary object forms of compiled source code.
> That is what "binaries" means to me.
> If you think binaries means "anything other than text formats",
> then we are mis-communicating.  I don't know why you would think
> that, given character encodings for text are just another
> form of binary encoding, but it might be an age thing.
> Good to hear :) This all kicked off from a question (LEGAL-163) of whether a binary font
was allowed in a source distribution. Considering a font to be software seemed a stretch.

Adobe Systems might disagree. Fonts are not bitmaps, instead they are shape drawing scripts
that have a sense of scale. When I studied the published Type 1 a couple of decades ago deep
down the format is not too different from a postscript file.

So, a binary font is in fact compiled from source. There are artifacts from this process and
these include Adobe Font Metrics files, etc.

If you've ever studied a PDF with embedded subsets you will know that Adobe went to extremes
to make it difficult to reverse engineer a font from the embedded binary code. You are not
licensed to do it, and even if you could, it is hard, incomplete, and there are bound to be
encoding issues.

Fonts are significant IP for companies.

FontForge is an OpenSource tool that could be used to build a binary font from source.


> Apache releases also contain generated scripts (where
> the source for those generated scripts is also included) and
> assorted other things that don't pose a security risk to
> recipients.  The policies are: (1) we only release open source
> that can be distributed under the terms of the Apache License,
> and the PMC release votes are based on individually (2) inspecting
> the source package to ensure that it can be used to build the
> Apache product and corresponds to some version of the source
> that the PMC is maintaining in our version control system(s)
> and (3) verifying that the contents are believed to be safe/legal
> for us to distribute.
> Where, I assume, 'release' means the code we author rather than a limiting factor for
what we reuse.
> Hen

View raw message