www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guillaume Nodet" <gno...@gmail.com>
Subject Re: JSR173
Date Wed, 02 Aug 2006 20:18:01 GMT
Here it is:

--- In stax_builders@yahoogroups.com, Aleksander Slominski <aslom@...>
wrote:

Jim Barnett wrote:
> :)
>
> Whadda mess on our part!
>
> Oh boy...
>
> Okay.  Here's what I *think* will be happening.
>
> 1.  The first bundle available via the link to the BEA ftp download site
> will be going away.  The licenses in that bundle are just plain wrong
> for a host of reasons.   (- BEA
> http://ftpna2.bea.com/pub/downloads/jsr173.jar (API is jarred inside -
> Hasta la vista, baby.)
>
> 2.  The OFFICIAL JSR 173 API will be hosted for download via the
> official JSR 173 JCP site (mirrored from a BEA server I think), and will
> be CLEARLY provided under an ASF 2.0 license.
> (http://www.jcp.org/aboutJava/communityprocess/first/jsr173/
>
> 3.  The API used in XML Beans versus the official JSR 173 API is a new
> issue for me and I will look into it as part of this exercise.  I am
> pretty sure, however, that the two are the same and once the licensing
> issue is cleared up on the official JCP site, all should be well.
>
> 4.  Codehaus is able to do what any licensee under the ASF 2.0 license
> is allowed to do - fork the tree.  Through time it is possible (though
> probably not optimal) that the Codehaus API version and the official API
> version might be different.  My hope is that when we get the wrinkles
> ironed out for the official version, the existence of a Codehaus
> distribution won't be as confusing.
>
hi Jim,

the version of API in codehaus has no modifications and it is *exactly*
what was provided by Ron Benson under ASF2.0 license (that time around
December his email was rbenson at bea.com but I think he no longer works
for BEA)

there is no intention to make any changes or create incompatible
versions of API - StAX API including source code is in codehaus SVN:
http://svn.stax.codehaus.org/trunk/dev/

if there are any differences in JARs it may be only because of ways they
were generated (different JDKs) but content should be the same.
> Would the foregoing action plan be helpful or am I misunderstanding your
> concern?
>
if there were to be any changes to the API please let us know so we make
sure to sync up the version in codehaus.

thanks,

Alek
> -----Original Message-----
> From: carlossg@... [mailto:carlossg@...] On Behalf Of Carlos
> Sanchez
> Sent: Monday, April 24, 2006 10:37 AM
> To: Jim Barnett
> Cc: Michael Glavassevich; legal-discuss@...; polx@...
> Subject: Re: StAX (JSR 173) API source license
>
> What I mean is that there are three jsr173 API jars, all different
> (binary comparison)
>
> - BEA http://ftpna2.bea.com/pub/downloads/jsr173.jar (API is jarred
> inside)
> - Apache xmlbeans
> http://www.apache.org/dist/java-repository/xmlbeans/jars/jsr173_1.0_api_
> bundle.jar
> (API is jarred inside)
> - Codehaus Stax http://dist.codehaus.org/stax/jars/stax-api-1.0.jar
>
> For my point of view the only official API is the one from BEA, as
> said in the JSR page.
>
> My questions are:
>
> - can BEA jars uploaded to a public place, allowing redistribution?
> based on the license inside
> http://ftpna2.bea.com/pub/downloads/jsr173.jar I'd say no
> - are Apache xmlbeans provided api officially the reference
> implementation? then I can upload it to javax.xml the place for
> referenc implementations
> - if not, is Codehaus provided api officially the reference
> implementation?
>
>
> On 4/24/06, Jim Barnett <jimb@...> wrote:
>
>> Carlos:
>>
>> Thanks for the further information.
>>
>> I haven't looked at the Codehaus files in quite some time but you
>> mentioned that the API 1.0 is different from the other jars.  Do you
>> mean that it is in a different format (i.e., not in source)?
>>
>> I can investigate that if so, but I think the ASF 2.0 license applies
>>
> to
>
>> the file no matter what format the code is provided under.
>>
>> IANAP (I Am Not A Programmer), but from a legal licensing terms
>> perspective I don't think there should be an issue regarding confusion
>> over permitted use.  From a developer perspective, there could well be
>> an ease of use, convenience, practicality or similar issue.
>>
>> I am going to go an take a peek at those files though...
>>
>> Regards,
>>
>> Jim
>>
>> -----Original Message-----
>> From: carlossg@... [mailto:carlossg@...] On Behalf Of
>>
> Carlos
>
>> Sanchez
>> Sent: Monday, April 24, 2006 9:51 AM
>> To: Jim Barnett
>> Cc: Michael Glavassevich; legal-discuss@...; polx@...
>> Subject: Re: StAX (JSR 173) API source license
>>
>> With my "repository" hat on,
>>
>> Currently we have to placeholders in the repository for the API and
>>
> the
>
>> RI
>>
>> http://www.ibiblio.org/maven2/javax/xml/jsr173/1.0/
>> http://www.ibiblio.org/maven2/com/bea/xml/jsr173-ri/1.0/
>>
>> POMs with information are there, but jars are not because or the
>> license doesn't allow redistribution or it was too long to be read and
>> IANAL ;).
>>
>> In any case, if we have an APL version of the same API jar, it should
>> be uploaded to the iBiblio central repository and make xmlbeans use
>> it, instead of redistributing from xmlbeans group which looks like it
>> were a xmlbeans customized version. And BTW it's not exactly the same
>> as the one you can download from BEA webpage.
>>
>> Regarding the codehaus implementation available at
>> http://www.ibiblio.org/maven2/stax/ the api 1.0 is also different from
>> any other of the jars, so more confusion added.
>>
>> Regards
>>
>>
>> On 4/24/06, Jim Barnett <jimb@...> wrote:
>>
>>> Michael, Paul & Co.:
>>>
>>> To clarify, the RI and some related JSR 173 code is currently
>>>
>> available
>>
>>> (probably in modified form due to accreted community contributions
>>> post-upload) via Codehaus.
>>>
>>> http://stax.codehaus.org/
>>>
>>> Recently BEA put a new Spec Lead in place for JSR 173, and one of
>>>
> the
>
>>> first jobs on his platter will be to update the JCP JSR 173 web page
>>>
>> to
>>
>>> make the official (unmodified, fully TCK compliant) RI and related
>>>
>> files
>>
>>> available under the ASF 2.0 license agreement on the JCP site.
>>> Currently the JCP page for JSR 173 is out of date.
>>>
>>> On the Apache usability front, importation of third party code
>>>
>> available
>>
>>> under an ASF 2.0 license would be highly compatible from a licensing
>>> requirements perspective (i.e., the ASF 2.0 license allows almost
>>> transparent re-licensing by another party under almost any terms,
>>> including ASF 2.0).  What you don't get when ASF imports third party
>>> code under a compatible license agreement is the reassurance of the
>>> representations and warranties you get under the contributor license
>>> agreements.
>>>
>>> At BEA we assess inbound third party licensing problems (whether
>>>
> open
>
>>> source or proprietary) using a 4-part analysis.  Those 4 parts are
>>>
> (1)
>
>>> license compatibility, (2) intellectual property pedigree, (3)
>>> supportability and (4) continued availability.  (3) and (4) are not
>>>
> as
>
>>> relevant when looking at open source code candidates because we have
>>> source and can both self-educate on the product support front and
>>> maintain our own code tree to ensure long term availability of the
>>>
>> code
>>
>>> for our use.  (1) and (2), however, are critical in assessing open
>>> source candidates.  (1) relates to ensuring that the applicable open
>>> source license agreement permits use of the code by the licensee
>>> (whether it be BEA, IBM or ASF) under the licensee's desired license
>>> agreement(s).
>>>
>>> Item (2) relates to making an educated assessment as to whether
>>>
> there
>
>> is
>>
>>> anything in the third party code candidate that ought not to be
>>>
> there.
>
>>> One example of code that fails the "pedigree" test would be code
>>> putatively licensed under a highly compatible license agreement such
>>>
>> as
>>
>>> the ASF 2.0 license, yet which on investigation includes portions
>>> licensed into the licensor-project under incompatible licenses such
>>>
> as
>
>>> the GPL, LGPL, etc.  This is a problem because a licensor can grant
>>>
> a
>
>>> licensee no greater rights than the licensor had to grant.  In the
>>> simplest case, this means that a licensor who includes code it
>>>
>> obtained
>>
>>> under an LGPL in a project that it licenses to others under an ASF
>>>
> 2.0
>
>>> license, *most likely* (lawyer hedge; if you buy my analysis of the
>>> incompatibility of ASF 2.0 and LGPL on an earlier thread) is
>>> distributing the LGPL-encumbered parts in violation of the LGPL and
>>>
> in
>
>>> breach of the authors' Copyright in those LGPL-covered portions.
>>>
>>> Item (2) is of some concern to open source organizations such as
>>>
> ASF,
>
>> as
>>
>>> they want to be as certain as possible that the outbound licensing
>>>
>> under
>>
>>> ASF 2.0 is valid and that they are respecting the rights of others,
>>>
>> but
>>
>>> it's even more of a concern to proprietary software vendors.  The
>>>
>> reason
>>
>>> is that such proprietary vendors generally take open source software
>>>
>> "as
>>
>>> is" and re-license it providing some level of warranty or indemnity
>>> against infringement.  Unlike outbound licensing in an "as is"
>>>
> state,
>
>> by
>>
>>> offering indemnity and/or warranty on code obtained without
>>>
> warranty,
>
>>> the licensor is assuming a contingent financial liability that is
>>>
> hard
>
>>> to measure but could be substantial in amount in an extreme case.
>>>
>>> That's a long winded way of saying that when we look at code
>>>
> licensed
>
>>> under the ASF 2.0 license, we favor ASF project code versus non ASF
>>> project code because the ASF contributor license agreement policy
>>>
> and
>
>>> process offers one circumstantial proof point that the code will be
>>>
> of
>
>>> lower risk of third party IP encumbrances than code developed
>>>
> without
>
>>> any form of contributor-level promise or commitment.
>>>
>>> I will be working with the new Spec Lead to get the JCP page for JSR
>>>
>> 173
>>
>>> updated as soon as possible.  Thanks for reminding me that this
>>>
> issue
>
>> is
>>
>>> still unresolved, and sorry for the confusion our delay in cleaning
>>>
>> this
>>
>>> up may have caused.
>>>
>>> Regards,
>>>
>>> Jim Barnett
>>> Associate General Counsel
>>> BEA Systems, Inc.
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: Michael Glavassevich [mailto:mrglavas@...]
>>> Sent: Sunday, April 23, 2006 2:00 PM
>>> To: legal-discuss@...
>>> Cc: polx@...
>>> Subject: Re: StAX (JSR 173) API source license
>>>
>>> Paul Libbrecht <polx@...> wrote on 04/23/2006 08:56:16 AM:
>>>
>>>
>>>> Two little opinions:
>>>> - last I checked the StAX API was under one of these extra weird
>>>> licenses that big companies a specially able to realize, one such
>>>>
> as
>
>>> the
>>>
>>>
>>>> early JAXP or Servlet API licenses which may bite you for the need
>>>>
>> to
>>
>>>> update or... at least at the time it has retained me from
>>>>
> embarking
>
>> on
>>
>>>> ActiveSoap. Now that StAX is getting more presence, it would be
>>>>
> real
>
>>>> nice to have the StAX API under APL 2!
>>>>
>>> ... and from what I understand BEA has made the StAX API available
>>>
>> under
>>
>>> the APL 2.0. Quoting a post from Radu Preotiuc-Pietro (see here [1]
>>>
> in
>
>>> the
>>> archives) on the xmlbeans-dev list:
>>>
>>> "The XmlBeans team (esp Lawrence, with his Apache hat on ;-) ) have
>>> worked
>>> with BEA (represented by the BEA legal team) to clarify the
>>>
> licensing
>
>>> status of jsr173 APIs. The jar that we have made available at
>>>
>>>
> http://www.apache.org/dist/java-repository/xmlbeans/jars/jsr173_1.0_api_
>
>>> bundle.jar
>>> is totally legit, as provided by BEA, licensed under the Apache
>>>
>> License
>>
>>> 2.0 and with no modifications on our part. It is NOT something that
>>>
> we
>
>>> just downloaded, changed a few things and commited.
>>> It's also been oked by Cliff (with his legal affairs hat on), see
>>>
> this
>
>>> thread for details:
>>>
>>>
> http://mail-archives.apache.org/mod_mbox/xmlbeans-dev/200510.mbox/%3c113
>
>>> 0357486.13564.0.camel@...%3e
>>> ".
>>>
>>>
>>>> - I doubt that the fact that it is distributed under APL 2 means
>>>>
> you
>
>>> can
>>>
>>>
>>>> check this is an ASF repo... I do not think, unless a donation
>>>>
>>> happened
>>>
>>>> like in the case of JAXP I think, we the ASF claim any ownership
>>>>
> and
>
>> I
>>
>>>> believe folks expect ASF ownership on ASF versionning servers.
>>>>
>>> I wasn't implying that the ASF owns code distributed by some other
>>> organization under the APL 2.0. StAX would be included as a
>>>
>> third-party
>>
>>> work like the SAX and DOM sources which are already part of XML
>>>
>> Commons.
>>
>>> There's a proposed policy on third-party licensing (see here [2])
>>>
> that
>
>>> states that third-party source licensed under the ASL 2.0 may be
>>> included
>>> within Apache products. It would seem that including the StAX API
>>>
>> source
>>
>>> (licensed under the APL 2.0) in xml-commons would be okay provided
>>>
>> that
>>
>>> it's in an acceptable form. I'm not assuming that it currently is in
>>>
>> an
>>
>>> acceptable form since the individual source files are missing the
>>>
>> Apache
>>
>>> license header.
>>>
>>>
>>>> Why would you want to commit the sources under ASF ?
>>>>
>>> The primary goal of XML Commons External [3] is to provide other
>>>
>> Apache
>>
>>> projects (Xerces, Xalan, FOP, Batik, etc...) with stable versions of
>>> XML-related externally-defined standards-based code. This includes
>>> controlled bug fixes and performance improvements.
>>>
>>>
>>>> Note, oh note, that I would looooove for StAX to be either under
>>>>
> APL
>
>>> or
>>>
>>>> even donated to ASF. But we need to know this from someone like
>>>>
> Bea
>
>> or
>>
>>> ??
>>>
>>> An official donation would be cool.
>>>
>>>
>>>> paul
>>>>
>>> [1]
>>>
>>>
> http://mail-archives.apache.org/mod_mbox/xmlbeans-dev/200603.mbox/%3c994
>
>>> 79F4D39C9244F8E17E688193A3DD805D876@...%3e
>>> [2] http://people.apache.org/~cliffs/3party.html#category-a
>>> [3] http://xml.apache.org/commons/components/external/index.html
>>>
>>>
>>>> Michael Glavassevich wrote:
>>>>
>>>>> XML Commons External [1] maintains Apache-hosted sets of the
>>>>>
> SAX,
>
>>>> DOM and  JAXP APIs. We're planning to upgrade these sources to
>>>>
> JAXP
>
>>>> 1.4 which now  includes the StAX API.
>>>>
>>>>> A copy of the StAX API source/binary is being distributed in the
>>>>> xmlbeans/jars directory of the java-repository [2] (see
>>>>> jsr173_1.0_api_bundle.jar) and on Apache mirror sites. The
>>>>>
> README
>
>>>>> contained in the jar states that the source and binary files are
>>>>> distributed under the Apache License 2.0 and I've been assured
>>>>>
> by
>
>>>> one of  the XMLBeans developers [3] that the jar is legitimate and
>>>>
>>> that
>>> it
>>>
>>>>> originates from BEA. We would like to commit the StAX sources
>>>>>
>>>> contained in  this jar to SVN however none of the source files
>>>> contain the Apache
>>>>
>>>>> license header. Can these source files be included in an ASF
>>>>>
>> project
>>
>>> in
>>>
>>>>> their current form?
>>>>>
>>>>> Thanks.
>>>>>
>>>>> [1] http://xml.apache.org/commons/components/external/index.html
>>>>> [2] http://www.apache.org/dist/java-repository/xmlbeans/jars/
>>>>> [3]
>>>>> http://mail-archives.apache.org/mod_mbox/xmlbeans-dev/200603.
>>>>>
> mbox/%3c99479F4D39C9244F8E17E688193A3DD805D876@...%3e
>
>>>>> Michael Glavassevich
>>>>> XML Parser Development
>>>>> IBM Toronto Lab
>>>>> E-mail: mrglavas@...
>>>>> E-mail: mrglavas@...
>>>>>
>>>>>
>>>>>
> ---------------------------------------------------------------------
>
>>>>> DISCLAIMER: Discussions on this list are informational and
>>>>>
>>> educational
>>>
>>>>> only.  Statements made on this list are not privileged, do not
>>>>> constitute legal advice, and do not necessarily reflect the
>>>>>
>> opinions
>>
>>>>> and policies of the ASF.  See <http://www.apache.org/licenses/>
>>>>>
>> for
>>
>>>>> official ASF policies and documents.
>>>>>
>>>>>
> ---------------------------------------------------------------------
>
>>>>> To unsubscribe, e-mail: legal-discuss-unsubscribe@...
>>>>> For additional commands, e-mail: legal-discuss-help@...
>>>>>
>>> Michael Glavassevich
>>> XML Parser Development
>>> IBM Toronto Lab
>>> E-mail: mrglavas@...
>>> E-mail: mrglavas@...
>>>
>>>
>>>
> ---------------------------------------------------------------------
>
>>> DISCLAIMER: Discussions on this list are informational and
>>>
> educational
>
>>> only.  Statements made on this list are not privileged, do not
>>> constitute legal advice, and do not necessarily reflect the opinions
>>> and policies of the ASF.  See <http://www.apache.org/licenses/> for
>>> official ASF policies and documents.
>>>
>>>
> ---------------------------------------------------------------------
>
>>> To unsubscribe, e-mail: legal-discuss-unsubscribe@...
>>> For additional commands, e-mail: legal-discuss-help@...
>>>
>>>
>>>
> _______________________________________________________________________
>
>>> Notice:  This email message, together with any attachments, may
>>>
>> contain
>>
>>> information  of  BEA Systems,  Inc.,  its subsidiaries  and
>>>
>> affiliated
>>
>>> entities,  that may be confidential,  proprietary,  copyrighted
>>>
>> and/or
>>
>>> legally privileged, and is intended solely for the use of the
>>>
>> individual
>>
>>> or entity named in this message. If you are not the intended
>>>
>> recipient,
>>
>>> and have received this message in error, please immediately return
>>>
>> this
>>
>>> by email and then delete it.
>>>
>>>
>>>
> ---------------------------------------------------------------------
>
>>> DISCLAIMER: Discussions on this list are informational and
>>>
> educational
>
>>> only.  Statements made on this list are not privileged, do not
>>> constitute legal advice, and do not necessarily reflect the opinions
>>> and policies of the ASF.  See <http://www.apache.org/licenses/> for
>>> official ASF policies and documents.
>>>
>>>
> ---------------------------------------------------------------------
>
>>> To unsubscribe, e-mail: legal-discuss-unsubscribe@...
>>> For additional commands, e-mail: legal-discuss-help@...
>>>
>>>
>>>
>> --
>> I could give you my word as a Spaniard.
>> No good. I've known too many Spaniards.
>>                              -- The Princess Bride
>>
>>
> _______________________________________________________________________
>
>> Notice:  This email message, together with any attachments, may
>>
> contain
>
>> information  of  BEA Systems,  Inc.,  its subsidiaries  and
>>
> affiliated
>
>> entities,  that may be confidential,  proprietary,  copyrighted
>>
> and/or
>
>> legally privileged, and is intended solely for the use of the
>>
> individual
>
>> or entity named in this message. If you are not the intended
>>
> recipient,
>
>> and have received this message in error, please immediately return
>>
> this
>
>> by email and then delete it.
>>
>>
>
>
> --
> I could give you my word as a Spaniard.
> No good. I've known too many Spaniards.
>                              -- The Princess Bride
> _______________________________________________________________________
> Notice:  This email message, together with any attachments, may contain
> information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
> entities,  that may be confidential,  proprietary,  copyrighted  and/or
> legally privileged, and is intended solely for the use of the individual
> or entity named in this message. If you are not the intended recipient,
> and have received this message in error, please immediately return this
> by email and then delete it.
>
> ---------------------------------------------------------------------
> DISCLAIMER: Discussions on this list are informational and educational
> only.  Statements made on this list are not privileged, do not
> constitute legal advice, and do not necessarily reflect the opinions
> and policies of the ASF.  See <http://www.apache.org/licenses/> for
> official ASF policies and documents.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@...
> For additional commands, e-mail: legal-discuss-help@...
>
>
>


-- 
The best way to predict the future is to invent it - Alan Kay

--- End forwarded message ---


On 8/2/06, Carlos Sanchez <carlos@apache.org> wrote:
>
> it doesn't work for me, i'm not member
>
> On 8/2/06, Guillaume Nodet <gnodet@gmail.com> wrote:
> > I think this mail is quite explicit:
> > http://groups.yahoo.com/group/stax_builders/message/1071
> >
> >
> > On 8/2/06, Carlos Sanchez <carlos@apache.org> wrote:
> > > it's pretty close to geronimo case. If it's actually the BEA's
> > > reference they should put it prominently on the site.
> > >
> > > On 8/2/06, Guillaume Nodet <gnodet@gmail.com> wrote:
> > > > They are already on public repositories:
> > > >     http://www.ibiblio.org/maven2/stax/stax-api/1.0.1/
> > > > I guess, the pom should be the same than the one for
> > > >      javax.xml.jsr173
> > > > and the license is available at
> > > >
> > > >
> > http://svn.stax.codehaus.org/browse/stax/trunk/dev/ASF2.0.txt
> > > > though i have already asked on the list to advertise that a bit more
> > > > on their site (stax.codehaus.org).
> > > >
> > > > I can raise a JIRA with an upload bundle if needed, just want to
> > > > make sure I need to.
> > > >
> > > >
> > > > On 8/2/06, Carlos Sanchez <carlos@apache.org> wrote:
> > > > > Can you provide links to jar, pom and where the license can be
> found?
> > > > >
> > > > > On 8/1/06, Guillaume Nodet <gnodet@gmail.com> wrote:
> > > > > > Based on some old discussions on legal,
> > > > > > it appears that jsr173 jar from bea has been relicensed under
> ASL 2
> > > > > > and donated to the codehaus stax project.
> > > > > >
> > > > > > Would it be possible to something so that the default location
> > points
> > > > > > to a valid jar (in javax/xml/jsr173).
> > > > > >
> > > > > > Not sure what the best way would be, but ...
> > > > > >
> > > > > > --
> > > > > > Cheers,
> > > > > > Guillaume Nodet
> > > > >
> > > > >
> > > > > --
> > > > > I could give you my word as a Spaniard.
> > > > > No good. I've known too many Spaniards.
> > > > >                              -- The Princess Bride
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Cheers,
> > > > Guillaume Nodet
> > >
> > >
> > > --
> > > I could give you my word as a Spaniard.
> > > No good. I've known too many Spaniards.
> > >                              -- The Princess Bride
> > >
> >
> >
> >
> > --
> > Cheers,
> > Guillaume Nodet
>
>
> --
> I could give you my word as a Spaniard.
> No good. I've known too many Spaniards.
>                              -- The Princess Bride
>



-- 
Cheers,
Guillaume Nodet

Mime
View raw message