www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig Russell <craig.russ...@oracle.com>
Subject Re: Country of Origin of various ASF projects
Date Tue, 18 Oct 2016 08:58:35 GMT

> On Oct 17, 2016, at 3:28 PM, Alex Harui <aharui@adobe.com> wrote:
> 
> And what are the rules if I compiled the code on a VM in the cloud?  Does
> it matter where that VM is running?
> 
> Seems like folks who need TAA compliance should always work from source
> packages and compile it themselves.

+1

Apache deals in open *source*.

Convenience binaries can be built by anyone, anywhere there is a computer with an internet
connection or a postal address where a tape (!) containing sources can be delivered.

Craig
> 
> -Alex
> 
> On 10/17/16, 2:15 PM, "sebb" <sebbaz@gmail.com> wrote:
> 
>> Note also that each individual release may have a different release
>> manager who may reside in a different country.
>> And of course people may change their country of residence.
>> 
>> On 17 October 2016 at 21:00, Paul Libbrecht <paul@hoplahup.net> wrote:
>>> Why can’t you or someone at your company rebuild within the US (or
>>> anywhere
>>> else appropriate) so that this compliance is guaranteed? It is generally
>>> expected that someone else successfully building will build the same
>>> artefact, even if differences such as modification date of binary files
>>> may
>>> exist. E.g. version numbers are the same.
>>> 
>>> paul
>>> 
>>> 
>>> On 17 Oct 2016, at 21:50, Austin, Richard (Fort Collins)
>>> <richard.austin@hpe.com> wrote:
>>> 
>>> Good afternoon,
>>> 
>>> I am trying to determine the Country of Origin of a lengthy list of
>>> Apache
>>> open-source projects, in order to determine whether they are in
>>> compliance
>>> with the U. S. Trade Agreements Act (TAA).  (Some of our customers
>>> require
>>> this.)  TAA defines the Country of Origin as the country where the
>>> software
>>> is built--where final compilation occurs.  There is a LONG list of
>>> countries
>>> that are TAA-approved.
>>> 
>>> One person at human-response@apache.org noted that each project is
>>> generally
>>> compiled on the local machine of the Release Manager for that specific
>>> version and then uploaded.  While I can contact each project separately
>>> to
>>> ask about the build country, I was advised that it might be worth
>>> checking
>>> with Apache Legal Affairs, in case a compilation of this information
>>> already
>>> exists.  (It seems very likely that other groups needing TAA compliance
>>> would have already been asking Apache about this.)
>>> 
>>> Do you know of any centralized source of Country of Origin information
>>> for
>>> Apache projects?  Note that we are only looking for the country or
>>> countries--we do NOT need information on specific servers, cities, or
>>> states.
>>> 
>>> Thanks very much for any information--or pointers to others who may have
>>> relevant information.
>>> 
>>> Regards,
>>>  Richard Austin
>>>  Software Development Engineer
>>>  Hewlett Packard Enterprise
>>> 
>>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
> 

Craig L Russell
clr@apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message