www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Bagnara <apa...@bago.org>
Subject Re: POM licensing
Date Mon, 01 Oct 2007 10:38:21 GMT
Gilles Scokart ha scritto:
> I seriously doubt that pom are not copyrightable.  I'm not a lawer, but
> I'm quiet sure that writing a pom for complex project requires a serious
> dose of creativity.  Think to the way you can use pom inheritance, or
> think to the number of optional dependencies or verion ranges you can
> use.  Someone can even combine via a pom some modules that were even not
> expected by the developpers of the project.
> 
> That, combined to the fact that it might be difficult to find back the
> original author of the pom.  I think that we have a problem.
> 
> Gilles

Sorry for not being "specific".
I was referring to simple poms only including the groupId, artifactId,
license reference and the dependencies.

I also agree that other build informations are probably copyrightable.

We have 2 cases:
poms submitted by the project building the artifacts (maybe because they
use maven or they use an automated tool to deploy the pom). In this case
we can evangelize people to add the licensing.

Otherwise we can have poms written by users for third party libraries:
most time this poms only include the "simple" information above
(artifactId, groupId, license of the artifact, dependencies).

If they are not copyrightable then most of the current central
repository is safe to be used, otherwise I see a big problem because I
think many of the poms there have been simply submitted by "someone"
(not an Apache committer or someone that signed a CLA or flagged "a
grant" in JIRA) and it has to be understood if central has the right to
really redistribute files received in that way, and if we (maven users)
have the rights (we need a use license) to read and use that
informations to build our projects.

Am I too "pessimistic" about the issue?

Stefano

> 2007/10/1, Stefano Bagnara < apache@bago.org <mailto:apache@bago.org>>:
> 
>     Carlos Sanchez ha scritto:
>     > i'm trying to follow this thread and seems that we are talking about
>     > two different things:
>     >
>     > 1) the license of the project the pom describes
>     > 2) the license of the pom itself
>     >
>     > For 1) all apache projects must extend the parent apache pom
>     >   <parent>
>     >     <groupId>org.apache</groupId>
>     >     <artifactId>apache</artifactId>
>     >     <version>4</version>
>     >   </parent>
>     >
>     > For 2) all projects need to add the license header to the pom as they
>     > do with any other file in apache svn
> 
>     The issue is #2. Very few poms in the maven repository have a license
>     header, so this would let me thing that we cannot legally use them as
>     they don't declare any license and they don't give us any right of use
>     or redistribution.
> 
>     So either the basic informations contained in a pom are not
>     copyrightable, or we have to deal with their copyright and licensing.
> 
>     In the former case everything is ok and we simply need the central
>     repository to declare a licensing for its "database" (the collection of
>     the poms could be an index/database).
> 
>     In the latter we have to make sure every pom added to the central comes
>     with a license that allow redistribution and allow automated use by
>     tools like maven.
> 
>     WDYT?
> 
>     Stefano
> 
> 
> 
> 
> -- 
> Gilles SCOKART



Mime
View raw message