www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: PyPI MXNet
Date Mon, 11 Feb 2019 01:07:23 GMT
On Sun, Feb 10, 2019 at 1:22 PM Hen <bayard@apache.org> wrote:
> Looking at this JIRA issue:
> https://issues.apache.org/jira/projects/LEGAL/issues/LEGAL-426?filter=allopenissues
> The question is whether the PyPI image for MXNet can include the Intel Simplified License.
> Before I reply/resolve, I want to check that my answer is correct. I think the answer
> ----------
> * Apache does not have a PyPI account therefore whether or not to include the Intel Simplified
License is outside the scope of this forum and is up to the account owner on PyPI.

While trademarks are technically in the bailiwick of Brand Management
rather than Legal Affairs, that sentence is problematic. It is not
true that the PyPI account owner gets free rein.

Because those MXNet packages use the ASF's trademarks, we *do* have
the right to object. And we *do* object.

> * Note that that account on PyPI is in breach of our trademark policy.
> * 1) It does not refer to MXNet correctly, it should be referred to as Apache MXNet,
> * 2) It causes confusion as it looks like it is being published by Apache. It must be
clear that this comes from a third party.
> * As a separate note, as this is a third party account the Apache MXNet PPMC should not
be recommending this as the ideal way to install the software, but may refer to it as a convenience
offered by a third-party.
> ----------
> Do I have that right?

I suggest a much simpler answer:

* Since these MXNet PyPI packages use our trademarks, please adapt
  them so that they adhere to the guidelines spelled out at
* That will mean removing bundled dependencies under the Intel Simplified
  License, since it is not an approved license.

As the parties behind the MXNet PyPI packages are already active
participants in the Apache MXNet community, I anticipate that the
issue will be resolved easily.

> As a separate topic I think we should look into an Apache account on PyPI, akin to our
account on DockerHub. The other approach to the above would be to get that setup.


There are an unbounded number of downstream channels -- we cannot
possibly interface with them all responsibly.

Our oversight mechanisms are stretched thin enough as it is.  The
Board must already review all project download pages periodically, and
on occasion must deal with creeping commercial influences there. It is
not feasible to review an ever-growing portfolio of distribution
channels, and since we can't do it right we shouldn't do it at all.

>From an administrative point of view, our top priority must be to
manage the canonical distribution channel and the project download
pages effectively. Then, we can deal with problems in downstream
distribution channels on an ad hoc basis, as they are found and
reported to us.

Marvin Humphrey

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message