www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Dunning <ted.dunn...@gmail.com>
Subject Re: PyPI MXNet
Date Mon, 11 Feb 2019 02:52:26 GMT
On Sun, Feb 10, 2019 at 5:27 PM Hen <bayard@apache.org> wrote:

> ...
> So there are three situations (I was trying to shoe-horn this into #2):
> 1) Apache publishing software.
> 2) Any third party publishing software that incorporates software from
> Apache under AL 2.0.
> 3) Any third party republishing Apache software.
> Do we have any text published (outside of LEGAL-427) for #3?

How about the Apache license and the branding guidelines?

>> There are an unbounded number of downstream channels -- we cannot
>> possibly interface with them all responsibly.
>> Our oversight mechanisms are stretched thin enough as it is.  The
>> Board must already review all project download pages periodically, and
>> on occasion must deal with creeping commercial influences there. It is
>> not feasible to review an ever-growing portfolio of distribution
>> channels, and since we can't do it right we shouldn't do it at all.
> I think it's a jump to say it's not feasible. We reviewed GitHub,
> DockerHub and Maven Central.

Who is "we" here?

Also, we don't (as a Foundation) release binaries.

>> From an administrative point of view, our top priority must be to
>> manage the canonical distribution channel and the project download
>> pages effectively. Then, we can deal with problems in downstream
>> distribution channels on an ad hoc basis, as they are found and
>> reported to us.
> Yet the public are (generally) getting our software from downstream
> channels, not from us.

In packaged or compiled form, yes, they are getting it from packagers or

We produce the canonical source. The only moderate exception really should
be OpenOffice and they are definitely an outlier.

View raw message