On Fri, Nov 9, 2012 at 3:39 PM, Chip Childers <chip.child...@sungard.com> wrote: > On Wed, Nov 7, 2012 at 7:27 AM, Rohit Yadav <rohit.ya...@citrix.com> wrote: >> >> On 07-Nov-2012, at 4:50 PM, David Nalley <da...@gnsa.us> wrote: >> >>> Rohit: >>> >>> I saw the below commit, and then this: >>> >>> http://pypi.python.org/pypi/cloudmonkey/0.0.4 >>> >>> Is this a release of a portion of the CloudStack codebase? (This >>> wasn't in the 4.0.0-incubating release was it?) >>> Did I miss a discussion of the publication on list somewhere? >> >> I released it on pypi (cheese shop) without asking anyone. I did that so a >> user can simply get the cli using pip or easy_install. >> >> Do I need to go through some process to release the cli on pypi, think like >> maven snapshots? >> I'm sorry if I did anything wrong, I'm unsure and don't know the release >> process for distributing client snapshots or python libs such as marvin >> which are within the source code. Starting 4.1.0 we can distribute cli etc. >> along with the release. >> >> Regards. > > First, let me say that I love the CLI, and am really happy to see it > under development. Though now that I look at this closely, I think > there might be a couple of issues to discuss here. This is IMO, so > others should chime in. > > In reality, we're using the very permissive ASLv2 license for the > project, and technically, on pypi, you've not identified the package > as an official CloudStack project. You could consider that listing on > Pypi as the "Rohit distro" of the tool. Also, you retain the > copyright to your work and just grant a liberal license to the ASF. > INAL, but AFAIK you did nothing *legally* wrong.
This is largerly where my concern stems from. On pypi, you list the project home as the project site. Which would seem to infer that it's an ASF project. There's a 'release' with a release number; but the project has not voted on that release, (and in our case, the IPMC hasn't sanctioned such a release either). While I agree with Chip that there is nothing legally wrong here, and if it was clearer that you were doing this as an individual effort, and not publishing a release on behalf of the project, it would be a non-issue; the process problem within the ASF is problematic IMO. > > Here's the part where I think we can work together to improve things: > > Obviously, Apache has not *released* any code that includes the > cloudmonkey CLI tool yet, so that's one concern for us to consider. > Second, what I've seen other projects do with package distro sites > like this is to tie the updates / changes to the release process. For > example, Deltacloud uploads their gems after voting and releasing the > source. > > Should we consider operating in that way? Should we further consider > posting to Pypi with The Apache Software Foundation as the listed > author?
