www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John D. Ament" <johndam...@apache.org>
Subject Re: Is GitHub forking subject to clause 4b?
Date Fri, 30 Dec 2016 02:53:40 GMT
On Thu, Dec 29, 2016 at 9:47 PM Greg Stein <gstein@gmail.com> wrote:

> On Thu, Dec 29, 2016 at 7:37 PM, Roman Shaposhnik <roman@shaposhnik.org>
> wrote:
> >...
> Personally, I still maintain (and this view seems to be in agreement with
> yours Roy -- which is good enough for me ;-)) that a random SHA, even if
> it makes a tree corresponding to that SHA available for download, does NOT
> constitute a distribution. Or at the very least this will have to be
> decided based
> on intent.
> Slow down. Roy never said it "does NOT constitute a distribution". In
> addition, pretty much all of the lawyers on this thread said that it DID.

To add to this, in the npm world, there are three ways to point to an

1. symlink
2. A published node module hosted in a registry
3. A git URL and hash

So 3 is explicitly pointing to this process and is effectively treating
each commit as a unique distribution.

> I interpret Roy's email as a "business risk assessment, based on legal
> input". Sure, somebody might call it a distribution and cause "trouble" ...
> but the *risk* is so minuscule [since we follow licenses' intent], that the
> Foundation simply doesn't consider it a problem worth addressing. That the
> *benefits* of keeping our repositories "in the open" is so incredibly
> higher, that the expected *cost* of "trouble" is not worth the concern.

This part gets a little hairy from my POV.  Look at cordova and now weex,
both very heavy as javascript modules.  We're saying pretty explicitly now
that their consumers can point to any particular hash and it is a valid
distribution to them (in the case of weex, they don't even need to include
-incubating in the name!)

> Cheers,
> -g

View raw message