www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris A. Mattmann (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-323) Clarify if binary artifacts are part of a release
Date Wed, 02 Aug 2017 05:42:00 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16110344#comment-16110344

Chris A. Mattmann commented on LEGAL-323:

[~ctubbsii] thanks for your explanation which is very much in line with my own.

As for banning convenience binaries altogether, I could definitely see an advantage of this
for the reasons you state above, however it would probably spell untenable for certain project
communities here who have a focus on packaging software components together (Apache Bigtop
for one). Right now my goals are to as a first preference support ASF projects such as these
- and not to "clarify" or update policy in a way detrimental to those communities. However
I do encourage others here at the ASF to take a look at downstream packaging libraries (such
as Homebrew for example as you mention). I've found such communities ready and willing to
accept ASF folks here in upstream-ville and our contributions.

[~andrew.wang] I meant no ill-will in my responses, and pointed you to a definition of corporate
policy in case you weren't familiar with some of the rationale behind it generally which also
applies here. I think you (and possibly others) may have a misconception which is that the
Legal policy of the ASF is the only player here. Christopher has correctly framed my interpretation
of policy in this case - there is both ASF legal policy here, and also infrastructure policy
(also governed by an officer of the Foundation, VP, Infrastructure and by ASF Operations,
which are at the helm of the ASF President who reports to the ASF Board). You ask the Legal
committee - are binary artifacts part of a release? The answer as I have already stated is
*No*. You would like convenience binaries to be covered similarly to source release legal
policy. As VP Legal I state that though convenience binaries are allowed through a combination
of ASF infrastructure policy and portions of VP Legal policy (e.g., https://www.apache.org/legal/resolved.html#prohibited)
that *they are not official ASF products*. However as pointed out by me, and by Christopher
Tubbs and by yourself, these products reflect on our reputation, so there are a handful of
portions of ASF legal policy that address elements of convenience binaries in reference to
your original question and referenced above. In short, no you can't include Cat-X in them
(as stated on the resolved page I referenced). In addition, consider that Infrastructure also
places certain "requirements" on your artifacts including convenience binaries as produced
by a PMC. For example you can't upload a file size > 100MB (or 200MB maybe? can't remember)
per artifact - as an example this isn't a legal requirement - but one imposed by Infra which
also governs release policy. 

More broadly, I encourage your PMC and release managers to come with a specific question rather
than a (as you stated) hypothetical. It will help to couch a future discussion in this with
a specific use case beyond the original question asked in this issue.

I'll let discussion continue for a bit, but I also want to be completely upfront I see no
need to clarify this on our legal web pages further than has already been done in this JIRA
issue (and in some of the prior release discussions in which Roy and others make it very clear
the ASF releases *source code* that's it).

I hope to close this issue out next week.

> Clarify if binary artifacts are part of a release
> -------------------------------------------------
>                 Key: LEGAL-323
>                 URL: https://issues.apache.org/jira/browse/LEGAL-323
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Andrew Wang
>            Assignee: Chris A. Mattmann
> Hi,
> Reading the release policy and particularly http://www.apache.org/legal/release-policy.html#compiled-packages
I'm still confused as to whether binary artifacts are considered part of a release.
> {quote}
> The Apache Software Foundation produces open source software. All releases are in the
form of the source materials needed to make changes to the software being released.
> As a convenience to users that might not have the appropriate tools to build a compiled
version of the source, binary/bytecode packages MAY be distributed alongside official Apache
> {quote}
> This seems to imply that only the source is the official release. Binary artifacts are
not part of the release, and are just distributed on the side.
> Reading the rest of this page though, it's pretty clear that binary artifacts still need
to adhere to the requirements for release artifacts, e.g. licensing and distribution location.
> What does this mean in practical terms? If we build a tarball with jars and native libraries
in it, is it part of our official release? What about jars uploaded to Maven Central? When
the PMC votes on a release, are we voting on just the source tarball, or also these additional
binary artifacts?
> Thanks,
> Andrew

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message