www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John D. Ament (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (LEGAL-287) Legal review of Apache Maturity Model
Date Wed, 25 Jan 2017 03:46:26 GMT

     [ https://issues.apache.org/jira/browse/LEGAL-287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

John D. Ament updated LEGAL-287:
--------------------------------
    Description: 
I'd like to ask the legal team to review the maturity model - http://community.apache.org/apache-way/apache-project-maturity-model.html

There are some clauses that don't sound quite right, either they don't align to the existing
foundation policies or seem to mis-state them.

CD30 - Does this preclude that the tooling required to build cannot be distributed with the
package? What about projects that require lua or other interpreted language (e.g. not compiled).
LC30 and LC20 seem to duplicate each other
LC50 - I'm not sure what copyright has to do here.  Its been discussed that copyright != licensing.
 The SGA is a license to use code under Apache v2 license.  Copyright claims may be added
to NOTICES in accordance with that.
RE40 - Seems to imply that convenience binaries are expected.
RE50 - While a good idea, seems to be a subtle foundation policy change.
QU* - All seem to be new policy.  Specifically, security is more of a foundation-wide requirement
with foundation-wide rules for handling.


> Legal review of Apache Maturity Model
> -------------------------------------
>
>                 Key: LEGAL-287
>                 URL: https://issues.apache.org/jira/browse/LEGAL-287
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: John D. Ament
>
> I'd like to ask the legal team to review the maturity model - http://community.apache.org/apache-way/apache-project-maturity-model.html
> There are some clauses that don't sound quite right, either they don't align to the existing
foundation policies or seem to mis-state them.
> CD30 - Does this preclude that the tooling required to build cannot be distributed with
the package? What about projects that require lua or other interpreted language (e.g. not
compiled).
> LC30 and LC20 seem to duplicate each other
> LC50 - I'm not sure what copyright has to do here.  Its been discussed that copyright
!= licensing.  The SGA is a license to use code under Apache v2 license.  Copyright claims
may be added to NOTICES in accordance with that.
> RE40 - Seems to imply that convenience binaries are expected.
> RE50 - While a good idea, seems to be a subtle foundation policy change.
> QU* - All seem to be new policy.  Specifically, security is more of a foundation-wide
requirement with foundation-wide rules for handling.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message