www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Mclean <jus...@classsoftware.com>
Subject Podling releases and ASF policy
Date Fri, 14 Jun 2019 04:05:52 GMT

As requested by Roman, bringing this here. There's been a lot said in other threads on the
IPMC so I'll attempt to summarise.

Here the list of things that have traditionally has caused -1 vote on podling releases by
the IPMC:
- Missing LICENSE
- Missing 3rd party bundled code licenses listed in LICENSE
- Missing NOTICE
- Missing KEYS file [1]
- Distribution not incorrect dist directory [1]
- Invalid signatures and checksums
- Missing checksums [1]
- Missing ASF headers
- Included compile code (which is Category A)
- Included compile code (which is Category B/X)
- Includes Category X source code (or other files)
- Includes Category B source code (which makes it Category X)
- Includes content that they don’t have permission to distribute (copyright issue)
- Includes uncategorised source code [2] 
- Has Category X dependencies
- Has uncategorised dependencies [2]

1. Can be fixed right away without having to re-vote so not an issue
2. Depends on the license of included code/dependencies

Except for some people, who think that most things should be allowed, there seems to be general
agreement in the IPMC on this list, except for allowing compiled code or having a category
X dependency in a podling release. Votes on releases on the IPMC general list also confirm
this. Some people have expressed the view that as long as it is legal it is allowed, but it
unclear if that means full compliance with 3rd party licenses or not. In a few cases, things
from this list have been allowed with permission from V.P legal / V.P incubator.

These are things the IPMC usually allows in podling releases, which don't follow ASF policy:
- Missing some Category A licenses in LICENSE
- Not complying with terms of  Category A 3rd party licenses (usually missing the license
- Extra information in NOTICE or LICENSE
- Malformed NOTICE
- A few ASF headers missing or incorrect headers on files

There's a thread on the IPMC general list to improve the DISCLAIMER (text to be decided) to
make it clear that podling releases content may not be fully compliant with ASF policies.
It also expected that podling documents any issues found so people are aware of them and that
they can be tracked and fixed before graduation.

Note this would only apply to podling releases, not TLP ones. By the time a podling graduated,
their releases will follow all ASF policy.

The incubator wants to be more lenient on podling releases but is wary of not following ASF
policy that it doesn’t set. Does the legal committee have any guidance on what could be
allowed, from the above list in podling releases? Basically what parts of ASF policy can we
safely ignore?

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message