Alan D. Cabrera wrote:
On Jul 25, 2008, at 8:50 PM, William A. Rowe, Jr. wrote:
Alan D. Cabrera wrote:
On Jul 25, 2008, at 7:38 PM, Craig L Russell wrote:
Follow-on releases can similarly be built from code checked into the
Apache repository. They just cannot be called "Apache anything". And
if they're published in the jsecurity.org download area they can be
maintained in the Apache repository.
I'm not so sure about this. Is there a precedent for this?
Of course.
Can you provide one example? Just curious.
Try any project or product that integrates ASF code. The AL's permitted
applications are clear.
Understand that it's not Apache Foo x.x.x, and that the ASF
doesn't publish or take account for the contents of such an external
package.
Which effectively means the committer (or their employer if they are
acting on the behalf of such) is assuming all responsibilities for such
a package. This is usually not the sort of personal responsibility an
individual desires, so it would probably make more sense to resolve the
issues at the project and vote on an ASF release.
The act of a tag-tar-vote-release at the ASF is an act of the foundation
(as long as the RM/PMC follows the whole process) so it is a shield, of
sorts. If the RM and project acts in good faith, the ASF backs the
release and is a much more public face to settle any later disputes.
Not that I believe that it will happen in the case of the JSecurity
project but, does this not mean that the "original" project can continue
for a potentially long time to develop their own releases off of the ASF
repo? That's ok?
"off the asf". I presume you aren't talking about ASF tags. But there's
no reason someone can't use the ASF code under the AL at any given point
in time.
What if the license for those releases was incompatible w/ AL2.0? They
could continue to make releases on their own?
The license is AL. It can be packaged in any way that is compatible with
the AL. Whatever license, it must not violate the AL.
What if there was absolutely no community involvement for those branches
and their releases?
What release? We aren't talking about the ASF.
What happens to that code base when the project graduates? I imagine
that it would probably have to stay.
Huh? Which code base, where, and why would you imagine that?
There's ASF code. There is other people's code. We care about the code
and releases from the ASF. How others use it is their prerogative and
liability.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
