www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Owen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-333) Maven Central Repository terms are incompatible with the Apache License
Date Mon, 25 Sep 2017 18:25:00 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16179509#comment-16179509
] 

Sean Owen commented on LEGAL-333:
---------------------------------

[~gstein] that makes sense, if the position is that the PMC is acting on its own if it agrees
to Sonatype's terms, and this actually isn't something proscribed by any ASF policy.

 In the very unlikely case someone litigated this, I'm not even sure where that lands the
indemnity -- on me personally, as a PMC member? In other matters, I understand most of the
ASF's legal structure and policies to be designed to insulate individual contributors from
things like this, by showing due care and diligence in creating the software. 

I'm guessing most people would not accept personal liability for ASF software releases, yet
most ASF projects with a JVM artifact publish to Maven Central. I'm taking the message that
PMCs need to think about whether this is acceptable and decide whether to publish to Maven
Central accordingly.

> Maven Central Repository terms are incompatible with the Apache License
> -----------------------------------------------------------------------
>
>                 Key: LEGAL-333
>                 URL: https://issues.apache.org/jira/browse/LEGAL-333
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Carte Project
>            Assignee: Chris A. Mattmann
>
> All or nearly all of the ASF's Java software projects are distributed through the Maven
Central Repository operated by Sonatype, Inc. Their "full terms of service" (as they are described
in [this page|http://central.sonatype.org/pages/ossrh-guide.html]) can be found here:
> [http://central.sonatype.org/pages/central-repository-producer-terms.html]
> The "Indemnity for Submissions" clause states:
> bq. You agree to indemnify and hold harmless Sonatype and its affiliates, suppliers,
partners, officers, agents, and employees from and against any claim, demand, losses, damages
or expenses (including reasonable attorney's fees) arising from your Submissions.
> To me, the obligation to indemnify against any claim "arising from your Submissions"
sounds somewhat incompatible with the 8 and 9 clauses of the [Apache License 2.0|http://www.apache.org/licenses/LICENSE-2.0].
And my understanding is that all of the ASF's Maven artifacts are nearly-automatically deployed
on that repository.
> Am I missing something?  Any comments?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message