Please see below. On Tue, Mar 27, 2012 at 5:50 AM, Roy T. Fielding <field...@gbiv.com> wrote: > On Mar 27, 2012, at 2:15 AM, sebb wrote: >> On 26 March 2012 16:20, Roy T. Fielding <field...@gbiv.com> wrote: >>> On Mar 26, 2012, at 4:41 PM, Karl Wright wrote: >>>> On Mon, Mar 26, 2012 at 10:24 AM, sebb <seb...@gmail.com> wrote: >>>>> On 26 March 2012 02:38, Shinichiro Abe <shinichiro.ab...@gmail.com> wrote: >>>>>> Hello Incubator IPMC, >>>>>> >>>>>> Please vote on whether or not to release ManifoldCF 0.5-incubating, RC0. >>>>>> This RC has passed our podling vote and awaits your inspection. >>>>>> You can find the artifact at >>>>>> http://people.apache.org/~shinichiro/apache-manifoldcf-0.5-incubating-RC0/, >>>>>> or >>>>>> in svn at >>>>>> https://svn.apache.org/repos/asf/incubator/lcf/tags/release-0.5-incubating-RC0/. >>>>> >>>>> The NOTICE file says: >>>>> Apache ManifoldCF >>>>> Copyright 2010-2011 The Apache Software Foundation >>>>> >>>>> The LICENSE file includes references to lots of jars that are dual >>>>> licensed under CDDL v1.0 and GPL v2. >>>>> However, there is no indication which license has been chosen by the >>>>> project. >>>>> >>>>> I think this is a blocker. >>> >>> A project does not choose a license. The license is provided by the >>> copyright >>> owner. We do not change that license, nor do we reduce the number of the >>> available licenses to choose from, for downstream recipients. Therefore, >>> it doesn't make any sense to indicate which one is "chosen". >>> >>> In any case, the indicated artifacts are only included in binary packages. >>> We don't release binaries, so none of these licenses belong in our source >>> product's LICENSE file. We need to be clear that the source code package >>> does not include these dependencies. They only exist in binary >>> distributions. >> >> That's not the case with this product at present; all the jars are >> actually in SVN and they are also in the source and binary archives. > > Do I really need to explain what "source code" means? > > http://www.apache.org/dev/release.html#what > > "All releases are in the form of the source materials needed to make changes > to the software being released." > > Apache releases open source and ONLY open source. Our releases are absolutely > forbidden to contain anything other than the open source code that is in our > vcs-of-record, meaning code that is in the form most likely to be edited by > recipients for the sake of modifying the product, and in some specific cases > the generated (and open) source code of build scripts. > > Binary distributions and binary/jar dependencies MUST be separate packages > that are not voted on by the PMC during the release vote, because they are > not part of our product and are not released by the ASF. No PMC has been > granted the authority to publish binary releases on behalf of the ASF. > It would be contrary to the mission of the foundation. They may distribute > binary build packages of existing source releases, but these are not ASF > releases -- they are just builds provided by the project for user convenience.
ManifoldCF does not distribute binary build packages that do not have a separately-published source release somewhere, and never did. > Likewise for jar files of dependencies -- they are NOT our product and they > MUST NOT be present in the source code package that is voted on for release. > If this is the case, you basically imply that binary distributions of other released open source packages cannot be checked into SVN as part of a project. Is this what you are claiming? If so, I suggest you audit all Apache projects because in my estimation well over 50% of then do not adhere to this rule. > If podlings get this wrong, fix them. If TLPs get this wrong, fix them. > No project should ever leave incubator before this is drilled into their > collective skull: The ASF produces open source software! > > If any ASF member is aware of an Apache release package that is not 100% > open source code, you are hereby instructed to DELETE it from our servers. > Nobody, not even me, has the right to place a compiled class in one of > our packages and call that a source release. > I am aware of no Apache release that is not 100% open source software, but I am aware of many that include binary distributions of other open source released works. Can you please clarify if such projects should be deleted immediately? I really have to ask for clarification on this issue because this is entirely at odds with what I'd read and been told in some 2+ years being involved with ASF projects. > Is that clear? > No, please clarify. Karl > ....Roy > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
