www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Yandell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-342) Repackaging non-apache artifacts and the licensing consequences
Date Mon, 04 Jun 2018 02:36:00 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16499681#comment-16499681

Henri Yandell commented on LEGAL-342:

It would depend on how it's being done.

If one took CDDL source code (comments, code, function params etc), removed source headers,
added different source headers; then that seems pretty suspect to me.

If one cleanly reimplemented a different version of a specification, then that seems okay
(but the devil is in the details - what is the specification, was it reimplemented cleanly

I could see a CDDL binary being used as an input to javap then manually or automatically plugging
in new code inside the stubs that javap has spat out.

> Repackaging non-apache artifacts and the licensing consequences
> ---------------------------------------------------------------
>                 Key: LEGAL-342
>                 URL: https://issues.apache.org/jira/browse/LEGAL-342
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Raymond Augé
>            Priority: Major
> From an Apache project, I would like to re-package an artifact who's license/code/sources
did not originate from Apache but I want to ensure I don't infringe the original's license.
> This brings me to question the legitimacy of the process followed by some Apache projects
to repackage similar artifacts.
> Without wanting to pick on anyone an example will be helpful [1]. (Note that I've discovered
several such occurrences.)
> The artifact who's pom I referenced [1] seems to have been produced by repackaging a
non-Apache licensed source artifact (actually licensed as CDDL+GPL-1.1). (The resulting artifact
does not seem to refer to the original license.)
> I'm tempted to do something similar but would like to know if there any risk with this
approach? Is there risk of infringing the original license?
> [1] http://repo1.maven.org/maven2/org/apache/servicemix/specs/org.apache.servicemix.specs.jsr339-api-2.0.1/2.9.0/org.apache.servicemix.specs.jsr339-api-2.0.1-2.9.0.pom

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message