xml-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@covalent.net>
Subject URGENT: 3rd Party jar's in apache CVS need immediate action.
Date Tue, 29 Jan 2002 02:01:58 GMT

Folks,

We've been a little to slack in letting Jar's creep into our repository.

While pure source code is typically vetted - and on mass ingestion covered
by the various contributors and ASF licenses - the jar's have escaped this
scrutiny.

Or in other words - we have some 50 odd jar's in an ASF repository which
are *not* under the ASF license - or where the license is unclear. See the
end of this message for more details.

Worse: some have a license which may actually expressly *forbids* them to
be distrubuted by the ASF in such a way.

OK - now that we are aware of that - we'd better fix it. And we'd better
be seen to do this swiftly.

So no matter what - we need to have the jar's with licenses which
prohibits the ASF of having them there in CVS zapped ASAP - i.e. within
days - even if this is at the expense of zapping a bit too much.

Inaction is not an option - in cases like this we will always act to be
rather safe than sorry.

I see two parts to this - and several paths.

Could you folks get me an opinion ?

1.	Fixing the problem

	Option 1.1
		find . -name '*.jar' -exec rm {} \;
		in the next72 hours.

	Option 1.2
		Within the next 72 hours - each projects
		makes sure it's jar's adhere to the guidelines
		below. All others are zapped.

	Option 1.3
		If we feel we need more time:
		Access to CVS is closed for the public while
		we discuss how to solve it - and is only
		reopened when it is clean

This step one need to happen in the next few days - if not sooner.
Unless we simply close access for the time beeing. (IMHO a bad idea).

The next step - fixing things can take more time:

2.	Getting our code to work again.

	Option 1.1
		Each project put's their jar's back in - but
		according to the guidelines below.

	Option 2.2
		We create a 'xml-third-party' repository for
		all the third party jar's. Following the
		guide lines below.

		So we keep all 3rd party and alien code in
		one place.

What exactly those guide lines are to be - I am not sure.

But the aim is to prevent .jar's to creep into the tree too easily - and
to be able to fairly quickly scan for non compliance.

Proposed guidelines for jar import
	- and feel free to comment/fix - this is not so urgent.

-	Each import is reviewed and under the ASF license.

-	If this is not the case; i.e an alien license: it needs
	to be under an ASF compatible license. In this case - you
	must Cc: the pmc@xml.apache.org in on the fact that you are
	importing alien code. (Note Cc: - not get permission - that
	you get by getting +1's from the other commiters).

-	3rd party jars are to live in:

		<xml-project-name>/lib/foem.jar

	And there MUST be a file:

		<xml-project-name>/lib/README.foem.txt

	Containing information as to where this jar was sourced. If
	the license contained special clauses; such as an advertizing
	clause, etc - this document details how that clause was met.
	I.e.
		The Foem Jar converts Bayer patterns

		Sourced from http://www.webweaving.org -> foem
		on 2002-31-02 by Peter@duckling.org

		Note that there is also an advert/link in the
		docs (see docs/dependencies.html) to the site.

		See LICENSE.foem.txt and the web site for
		more information.

	And there MUST be a file with the license:

		<xml-project-name>/lib/LICENSE.foem.txt

	With the relevant name. I.e. they should match:

		xml-([\w\-\_]+)/lib/([\w\_\-\.]+).jar
		xml-([\w\-\_]+)/lib/README.([\w\_\-\.]+).txt
		xml-([\w\-\_]+)/lib/LICENSE.([\w\_\-\.]+).txt

Again - the above is just a proposal.

And I do not really knwo what the right approach is. It is so easy to make
this into a 'bigger' thing than really is needed.

Anyway - the final aim should be:

-	Track the origin of jar's as well as we are able
	now to connect sections of code with the coder who
	wrote it through cvs commits.

Then we/the ASF is happy again.

Ok - the cat is out of the back - and the clock is ticking.....

Dw.







Below is a list of jar's.

Syntax:
<jar-name>	<version's (. means no version)>
	<projects it is used in>

Part I

Third party JAR's - which do not seem to be ASF originated (according to
my judgment/cursory scanning - I am going to be wrong !)

openorb	1.2.0
	xml-xindice
runtime	.
	xml-xalan
js	.
	xml-batik
jaxp	.
	xml-batik
bsf	. 2.2 . . .
	xml-cocoon xml-cocoon2 xml-fop xml-stylebook xml-xalan
wsdlj	4
	xml-axis
rdffilter	.
	xml-cocoon2
junit	. 3.7 .
	xml-cocoon2 xml-security xml-xerces
jstyle	.
	xml-cocoon2
rhinor2	1.5
	xml-cocoon2
jisp0_2	1
	xml-cocoon2
maybeupload0-5pre3	1
	xml-cocoon2
jimi	1.0 1.0
	xml-cocoon2 xml-fop
bsfengines	. .
	xml-cocoon xml-stylebook
w3c	.
	xml-cocoon xml-xerces
hellobean	.
	xml-soap
dom-2-cr	.
	xml-contrib
jena	.
	xml-cocoon2
openorb_tools	1.2.0
	xml-xindice
junit7	3
	xml-xindice
xmldb	20010924 .
	xml-cocoon2 xml-xindice
lucenerc2	1.2
	xml-cocoon2
idb	.
	xml-xalan
sax-bugfix	.
	xml-cocoon
java_cup	.
	xml-xalan
jaxp-javadoc	.
	xml-crimson
sisc	.
	xml-cocoon2
sax	2.0
	xml-contrib
buildtools	.
	xml-fop
dom	2
	xml-cocoon
foprc	0.20.3
	xml-cocoon2
velocity	1.2
	xml-cocoon2
xt	19991105
	xml-cocoon2
deli	20020114
	xml-cocoon2
jtidyaug2000r7-dev	04
	xml-cocoon2
BCEL	.
	xml-xalan
clutil	.
	xml-axis
hsqldb	1.61
	xml-cocoon2
xmldb-xupdate	.
	xml-xindice
JLex	.
	xml-xalan
resolver	.
	xml-cocoon2
optional	.
	xml-xerces
infozone-tools	.
	xml-xindice



Part II

Jars which I ignored - as I am fairly sure they are 100% ASF. Please
correct me if I am wrong :-)



stylebookb1	1.0
	xml-stylebook
xalan		D11,D13,D14 2.2 2
	xml-fop
	xml-cocoon2
	xml-security
xerces		. 1.4.4 3.1 4.4.1
	xml-cocoon2 xml-fop xml-stylebook xml-xalan xml-xerces xml-xerces xml-xindice
	xml-security
	xml-batik
servlet	.
	xml-xindice
xmldb-sdk	.
	xml-xindice
xalanjdoc	2
	xml-xalan
avalon-framework	20020114
	xml-cocoon2
xercesImpl	.
	xml-xalan
xml-apis	. . 1.0
	xml-cocoon2 xml-xalan xml-xindice
ant	3 1.1 4_1 . 1 1.4.1 .
	xml-cocoon2 xml-fop xml-xalan xml-xalan xml-xerces
	xml-batik
	xml-cocoon xml-xindice
axis	.
	xml-cocoon2
xalan2_2	1
	xml-cocoon
batik	.
	xml-fop
jakarta-regexp	1.2
	xml-cocoon2
avalon-excalibur	20020114
	xml-cocoon2
jakarta-oro	2.0.4
	xml-cocoon2
fop15_0	0
	xml-cocoon
commons-httpclient	20011012
	xml-cocoon2
turbine-pool	.
	xml-cocoon
jakarta-logj-1.2alpha5	4
	xml-security
stylebook	.
	xml-fop
servlet2	2 2
	xml-cocoon xml-cocoon2
fop	.
	xml-xerces
antoptional	1.4.1
	xml-cocoon2
style-apachexml	.
	xml-xerces
createPDF	.
	xml-xerces
logkit	20011212 1.0
	xml-cocoon2 xml-fop
crimson-parser	.
	xml-batik
crimson-ant	.
	xml-batik
xalan	2.0.1 . . . 2.0.1
	xml-batik xml-stylebook xml-xerces xml-xerces xml-xindice
batik-libs	. 1.1.1
	xml-cocoon xml-cocoon2
commons-collections	1.0
	xml-cocoon2
stylebookb_xalan-2	1.0 1.0 3
	xml-batik xml-xalan
stylebookb	2
	xml-cocoon xml-stylebook xml-xerces xml-xerces


-----------------------






---------------------------------------------------------------------
In case of troubles, e-mail:     webmaster@xml.apache.org
To unsubscribe, e-mail:          general-unsubscribe@xml.apache.org
For additional commands, e-mail: general-help@xml.apache.org


Mime
View raw message