www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: Simplfying requirements for LICENSE and NOTICE
Date Wed, 10 Feb 2016 01:32:40 GMT

On 2/9/16, 5:03 PM, "shaposhnik@gmail.com on behalf of Roman Shaposhnik"
<shaposhnik@gmail.com on behalf of roman@shaposhnik.org> wrote:
>> At the least, they contain extraneous information, which might be legal
>>but violates
>> Apache policy[2] and is the sort of thing you have gotten quite quite
>> about in the past[3].
>Well, this is taking it a bit too far I think. Here's the analogy --
>personally I get
>animated about lack of unit tests and test coverage all the time. This is
>one of my hot button issues. But will I bully the project into improving
>test coverage? Abso-freaking-lutely NO!

But there is no Apache policy around unit tests and test coverage.  There
is policy around L&N and while there is no vetoing of releases, policy
non-compliance is quite often used to convince the RM to cancel a release

One question I've puzzled over is how serious certain kinds of
non-compliance really are.  For example, supposedly the release vote is
only about the source package, but the license how-to extends the policy
to the convenience binary, and the source header policy further requires
L&N in jars within the convenience binary.  I know of one project that got
through incubation without the mentors ever examining the convenience
binary package.  How can policy control convenience binaries if there is
no vote or other required approval mechanism required of the PMC?  Can we
just say that problems found in the convenience binary are just things to
be fixed in the next release?  That would also be a simplification, IMO.

Meanwhile, while automation and tooling via Creadur and/or SPDX seem like
a reasonable future, they sound like several years off, especially when
you consider that many projects bundle non-ASF projects and lots of the
questions and problems come from trying to bubble up incorrect L&N
handling in those external artifacts.  Getting non-ASF projects to work
with any automation and tooling is likely to be hard.

So I think that leaves us with taking more attempts at better doc.  One
person offered a sort of algorithm approach, Justin offered a table.  Once
I get my question about whether binaries are part of the problem space, I
might have a patch for the how-to of my own to offer.

My two cents,

View raw message