On Jul 26, 2008, at 10:55 AM, Roland Weber wrote:
[bill]The act of a tag-tar-vote-release at the ASF is an act of the foundation (as long as the RM/PMC follows the whole process) so it is a shield, of[alan]Not that I believe that it will happen in the case of the JSecurity project but, does this not mean that the "original" project can continue for a potentially long time to develop their own releases off of the ASF repo? That's ok?sorts. If the RM and project acts in good faith, the ASF backs the release and is a much more public face to settle any later disputes.[roland]Yes, and why shouldn't it be? Anybody can pull Apache sources fromour public SVN repo and make releases with or without modifications under any license that is compatible with the AL 2.0.
[craig]This is a misunderstanding. The Apache license is very liberal. You can do pretty much anything you like with stuff you pull from the Apache site *except* call it an Apache release or remove notices.
[craig]You can take Apache code and relicense, redistribute, repackage, and take it closed source if you like. But in order to call it Apache you (the PMC) need to follow the Apache distribution rules.
[roland]As long as they don't claim to do an Apache release. "Anybody" includes individuals that happen to be ASF committers.[alan]What if the license for those releases was incompatible w/ AL2.0?[roland]That would be a show stopper. The code pulled from the ASF repois licensed as AL 2.0 (with few exceptions), even if there are pre-Apache copies available under an incompatible license.
[craig]No, it's not a showstopper. See above. An Apache release is covered by an Apache license. A non-Apache distribution of any kind is not.
[craig] Redistribution of Apache-licensed code under a new license can be tricky, since the license requires preserving the original notices. There is a guide that many non-Apache projects use when relicensing Apache code under a non-Apache license: http://www.softwarefreedom.org/resources/2007/gpl-non-gpl-collaboration.html
[roland]It is the responsibility of the people making the release to ensure that they obey all licensing requirements of the code they put into their release packages. The ASF has established processes to do that for Apache releases. How non-Apache releases are done is not our concern.
[roland]If we learn about licensing violations, we will contact the responsible people to resolve the issue in good faith.
[craig]Generally, Apache complains about people removing notices from code that they got from an Apache repository.
Craig
Craig L Russell Architect, Sun Java Enterprise System http://java.sun.com/products/jdo 408 276-5638 mailto:[EMAIL PROTECTED] P.S. A good JDO? O, Gasp!
smime.p7s
Description: S/MIME cryptographic signature
