www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Bundling and LICENSE
Date Sun, 03 Apr 2016 11:13:53 GMT
On 03/04/2016 06:25, Alex Harui wrote:
> I'm asking here because I remembered this
> thread: https://mail-archives.apache.org/mod_mbox/www-legal-discuss/201406.mbox/%3cCAM1oqKqL+1A90=WKQda-GJyQTo5gAH+ep3WViTRMF9EtiAiVgA@mail.gmail.com%3e
> https://mail-archives.apache.org/mod_mbox/www-legal-discuss/201406.mbox/%3cCAM1oqKpm7TnNKRDc2=dDpYFcH4mFF2bFJ1f5WJ6GZwTsQmZA3Q@mail.gmail.com%3e
> My takeaway was sort of what Mark suggested, which is that we we trust
> the upstream community's L&N (or for the above thread, lack of N) and if
> you think they should have a different L&N, work with that upstream
> community so the ASF community can continue to fulfill ASF policy by
> propagating parts of the upstream L&N.  I'm not sure we should guess at
> what they would write for their L&N though and then use that.

(Still not an official ASF position but I'm sure Jim will say something
if I am way off base here...)

I think you can argue that either way. The position is that you think
there is an upstream error but you are not sure. Either way you need to
ask the question upstream. Meanwhile you can either:
- proceed as if upstream is correct
- proceed as if upstream applied the correction you think they should

Given you are trying to do the right thing, I think either option is OK
as long as the question is asked of upstream.

> I guess the related question is how much we should trust the upstream
> community's L&N.  Are we required to do what is the equivalent of an IP
> clearance for third-party bundles in our binary releases for every
> release?  Or can we trust the top-level L&N we find in the upstream
> packages?  Otherwise, it seems to really raise the bar on release
> reviewing.  In the extreme, you shouldn't even trust upstream ASF
> releases as the upstream PMC may have made a mistake in their release.
>  I remember back in incubation days where our mentors only reviewed the
> source package.  Nowadays, a Flex release review seems to require
> checking L&N in the binary, the L&N in the doc package, the L&N in every
> JAR in the binary, and now potentially, every file in every third-party
> bundle in the binary.  Were we supposed to be doing this all this time?
>  And must any L&N issue found in third-party bundles be a release
> blocker lest the PMC be accused of not upholding the ASF policies on
> correct L&N?

You trust that upstream is correct but if you find something that looks
odd - or are made aware of something that looks odd - then you have to
get to the bottom of it. (And ideally encourage all involved to improve
docs etc. so the next person to find the oddity also finds the explanation.)


> From: Justin Mclean <justin@classsoftware.com
> <mailto:justin@classsoftware.com>>
> Reply-To: "legal-discuss@apache.org <mailto:legal-discuss@apache.org>"
> <legal-discuss@apache.org <mailto:legal-discuss@apache.org>>
> Date: Saturday, April 2, 2016 at 2:47 AM
> To: "legal-discuss@apache.org <mailto:legal-discuss@apache.org>"
> <legal-discuss@apache.org <mailto:legal-discuss@apache.org>>
> Subject: Re: Bundling and LICENSE
> Hi,
> IMO The situation is a little more complex than what Alex has stated,
> The binary also bundles BSD licensed, Apache licensed software
> (including one with a NOTICE file) and other software that are not
> mentioned in NOTICE and LICESE as required by policy.
> Please see [1] and feel free to add comments. Given that this is easily
> rectified I’m not sure why legal really needs to be involved.
> Thanks,
> Justin
> 1. https://issues.apache.org/jira/browse/FLEX-35058

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message