www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lawrence Rosen" <lro...@rosenlaw.com>
Subject RE: License Policy (Was: TDF/LO talks status.)
Date Tue, 12 May 2015 19:02:32 GMT
Hi Ted, you encouraged me to look back at your LinkedIn profile. (We're 1st linked already!)
You have an outstanding background and you are a long-time contributor to Apache and open


I noticed this at the beginning: "Currently I am Chief Application Architect where we make
the most advanced version of Hadoop on the planet. Ping me for details!"


When you say "version of Hadoop" may I assume that your company has reviewed the patent situation
with that software? (I personally am aware of certain patent claims that we discussed in legal-internal@
several years ago.) Are you confident that your version of Hadoop complies with the licenses
that apply to all components in your version of Hadoop? 


If you are not confident you ought to become so. My only involvement is proposing that the
Apache Hadoop NOTICE file have all the IP detail that we are aware of.


In any event, I discourage you from answering my questions publicly. :-)




From: Ted Dunning [mailto:ted.dunning@gmail.com] 
Sent: Tuesday, May 12, 2015 11:25 AM
To: legal-discuss@apache.org; Lawrence Rosen
Subject: Re: License Policy (Was: TDF/LO talks status.)



On Tue, May 12, 2015 at 4:47 PM, Lawrence Rosen <lrosen@rosenlaw.com <mailto:lrosen@rosenlaw.com>
> wrote:

Even under the proposed policy, for users around the world the decision to use Apache products
remains "brain-dead" easy. For modifying re-distributors, all that changes is that they will
have to read our NOTICE files and comply with all relevant licenses when they create derivative

This is contrary to my experience and judgement in 40 years of involvement of open source.
 It is the blanket nature of the Apache policy that makes adoption easy.  Relaxing that would
negate that and require substantially deeper investigation for each Apache dependency.


It is true that complete, dependency by dependency analysis is required at acquisition time
or each time a funding round is completed, but it is very common for complete detailed dependency
analysis to be deferred in the case of Apache projects, precisely because people know to trust
the due diligence required to do an Apache release.  Degrading the simplicity of the promise
that we make is a real problem and allowing GPL non-optional dependencies does exactly this.



View raw message