On Jul 25, 2008, at 8:50 PM, William A. Rowe, Jr. wrote:
Alan D. Cabrera wrote:
On Jul 25, 2008, at 7:38 PM, Craig L Russell wrote:
Hi Alan,
On Jul 25, 2008, at 3:31 PM, Alan D. Cabrera wrote:
Some things to consider in this discussion:
- The 0.9.0 release cannot be performed off of the copy in ASF
- The 0.9.0 or earlier releases cannot be supported off of the
copy in ASF
Maybe that's what everyone is thinking. I just want to make sure
that it's clear.
I don't agree with either of the above opinions. We don't restrict
what people do with Apache code.
I don't see anything wrong with publishing a release off the
artifacts stored in Apache. It cannot be called "an Apache
incubating release" but it can certainly be called JSecurity 0.9
whatever.
Follow-on releases can similarly be built from code checked into
the Apache repository. They just cannot be called "Apache
anything". And if they're published in the jsecurity.org download
area they can be maintained in the Apache repository.
I'm not so sure about this. Is there a precedent for this?
Of course.
Can you provide one example? Just curious.
Understand that it's not Apache Foo x.x.x, and that the ASF
doesn't publish or take account for the contents of such an external
package.
Which effectively means the committer (or their employer if they are
acting on the behalf of such) is assuming all responsibilities for
such
a package. This is usually not the sort of personal responsibility an
individual desires, so it would probably make more sense to resolve
the
issues at the project and vote on an ASF release.
The act of a tag-tar-vote-release at the ASF is an act of the
foundation
(as long as the RM/PMC follows the whole process) so it is a shield,
of
sorts. If the RM and project acts in good faith, the ASF backs the
release and is a much more public face to settle any later disputes.
Not that I believe that it will happen in the case of the JSecurity
project but, does this not mean that the "original" project can
continue for a potentially long time to develop their own releases off
of the ASF repo? That's ok?
What if the license for those releases was incompatible w/ AL2.0? They
could continue to make releases on their own?
What if there was absolutely no community involvement for those
branches and their releases?
What happens to that code base when the project graduates? I imagine
that it would probably have to stay.
Again, I don't think this will occur for JSecurity but I am just
trying to get my head in the same place a s you guys.
Regards,
Alan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
