www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: Bundling and LICENSE
Date Sun, 03 Apr 2016 05:25:14 GMT
I'm asking here because I remembered this thread: https://mail-archives.apache.org/mod_mbox/www-legal-discuss/201406.mbox/%3cCAM1oqKqL+1A90=WKQda-GJyQTo5gAH+ep3WViTRMF9EtiAiVgA@mail.gmail.com%3e

My takeaway was sort of what Mark suggested, which is that we we trust the upstream community's
L&N (or for the above thread, lack of N) and if you think they should have a different
L&N, work with that upstream community so the ASF community can continue to fulfill ASF
policy by propagating parts of the upstream L&N.  I'm not sure we should guess at what
they would write for their L&N though and then use that.

I guess the related question is how much we should trust the upstream community's L&N.
 Are we required to do what is the equivalent of an IP clearance for third-party bundles in
our binary releases for every release?  Or can we trust the top-level L&N we find in the
upstream packages?  Otherwise, it seems to really raise the bar on release reviewing.  In
the extreme, you shouldn't even trust upstream ASF releases as the upstream PMC may have made
a mistake in their release.  I remember back in incubation days where our mentors only reviewed
the source package.  Nowadays, a Flex release review seems to require checking L&N in
the binary, the L&N in the doc package, the L&N in every JAR in the binary, and now
potentially, every file in every third-party bundle in the binary.  Were we supposed to be
doing this all this time?  And must any L&N issue found in third-party bundles be a release
blocker lest the PMC be accused of not upholding the ASF policies on correct L&N?


From: Justin Mclean <justin@classsoftware.com<mailto:justin@classsoftware.com>>
Reply-To: "legal-discuss@apache.org<mailto:legal-discuss@apache.org>" <legal-discuss@apache.org<mailto:legal-discuss@apache.org>>
Date: Saturday, April 2, 2016 at 2:47 AM
To: "legal-discuss@apache.org<mailto:legal-discuss@apache.org>" <legal-discuss@apache.org<mailto:legal-discuss@apache.org>>
Subject: Re: Bundling and LICENSE


IMO The situation is a little more complex than what Alex has stated, The binary also bundles
BSD licensed, Apache licensed software (including one with a NOTICE file) and other software
that are not mentioned in NOTICE and LICESE as required by policy.

Please see [1] and feel free to add comments. Given that this is easily rectified I’m not
sure why legal really needs to be involved.


1. https://issues.apache.org/jira/browse/FLEX-35058

View raw message