www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hen <bay...@apache.org>
Subject Re: PyPI MXNet
Date Tue, 12 Feb 2019 05:45:57 GMT
On Mon, Feb 11, 2019 at 7:12 PM Daniel Shahaf <d.s@daniel.shahaf.name>
wrote:

> Hen wrote on Mon, Feb 11, 2019 at 09:28:56 -0800:
> > Noting that we don't provide guidance/policy afaict that allows for
> > https://pypi.org/project/apache-beam/ (as my perennial example).
> >
> > Our guidance is:
> >
> > * Projects shall not publish on pypi.
>
> Yes, projects shouldn't use pypi as their only release channel, but on the
> other hand, ASF is not interested in preventing its releases from being
> distributed via pypi (or any other downstream).
>

It feels very much that different folk have different positions on this and
I'm unable to figure out what Apache's position is. I'd happily mute my
opinion in favour of the official Apache position, but there doesn't seem
to be a single coherent position.


>
> > * Projects shall not publish unreleased material.
>
> I don't care whether RC's are on pypi or not so long as they aren't the
> default
> download.  There are good engineering reasons to make RC's available via as
> same channels as possible to GA's, after all.
>

Is this your opinion, or is this an Apache position?


>
> > * "Using Apache Trademarks in software product branding: In general you
> may
> > not use Apache trademarks in any software product branding. However in
> very
> > specific situations you may use the Powered By naming form for software
> > products. "
>
> This quote isn't about downstream distribution channels that don't modify
> the
> source code.  Rather, it's about forbidding people from creating a C
> compiler
> called "hadoop", or a compiler whose logo is the elephant or the feather,
> without our permission.
>

I agree, except it's the only text that I see that can be argued to be
relevant to a downstream redistributor.


>
> > Outside of Mark's text in the JIRA issue, I don't see any guidance that
> > allows for the apache-beam pypi download.
>
> The whole point of an Apache brand is that we allow downstream distributors
> that don't modify the source code to use it.
>

It's a common Open Source trademark pain point. How many modifications can
a Debian maintainer make before they must rename the package, remove the
logos? Flashbacks to Firefox and Iceweazel. I have vague memories that this
was a hard part of the Trademark Policy and I think we skipped on writing
it up.

Mark's text is good. I'll write it up as a policy FAQ/position and let
people take shots at it.

Hen

Mime
View raw message