You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Martijn Dashorst <ma...@gmail.com> on 2008/03/28 00:39:14 UTC
Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF 2.0.5-incubator)
On 3/27/08, sebb <se...@gmail.com> wrote:
> > This release is tagged at:
> > http://svn.apache.org/repos/asf/incubator/cxf/tags/cxf-2.0.5-incubator/
>
> -1: there should be NOTICE and LICENSE files at the top level in SVN.
>
> -1: SVN and the source archive don't agree; there are files and
> directories in each that are not in the other.
According to my knowledge there is no policy that this has to be so.
The notice and license file MUST be in the src tar ball, but there is
no policy requiring them to be in SVN.
The policy (or rather faq, [1]) states that:
"In particular, every artifact distributed must contain appropriate
LICENSE and NOTICE files."
To the best of my knowledge an svn tag is not an artifact which is distributed.
> There are lots of files incorrectly marked as executable in SVN, and
> various other files don't have the correct properties. See attached
> script.
Again, to my knowledge there is no policy that states that this MUST
or SHOULD be so.
Martijn
[1] http://apache.org/dev/release.html#what-must-every-release-contain
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF 2.0.5-incubator)
Posted by Martijn Dashorst <ma...@gmail.com>.
On 3/28/08, William A. Rowe, Jr. <wr...@rowe-clan.net> wrote:
> > "In particular, every artifact distributed must contain appropriate
> > LICENSE and NOTICE files."
> These SHOULD be present, in any instance it should be possible to discover
> the providence of a file from an arbitrary svn checkout/export; we just
> finished a long thread along these lines, justifying why this is so.
There is still no policy for that (or please point me to the policy
document). However, iirc the files in the CXF tar ball are generated
based on the sub modules in the repository during the build. Hence the
path to these files should be clear.
> You cannot say an svn checkout is not licensed, ergo license and notice
> should be present, at least at some higher level of the tree covering
> everything in that node.
Not having the LICENSE in the root repository folder doesn't make it
unlicensed. It makes it unclear to the person checking out the code
directly.
Martijn
--
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.2 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.2
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF
2.0.5-incubator)
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Martijn Dashorst wrote:
> On 3/28/08, William A. Rowe, Jr. <wr...@rowe-clan.net> wrote:
>> "The PRIOR rules said you place/retain copyright notices on each file.
>> The NEW policy says you can skip that, move them into a NOTICE. The policy
>> *never* granted you the right to remove them altogether, or make the
>> providence of the code impossible to track down by placing it [the NOTICE
>> and LICENSE] in a meaningless location."
>>
>> and wasn't disputed. Anyone care to try?
>
> "meaningless location" is disputable. Take Wicket for example: we have
> different sub projects that are released in one distribution artifact,
> and as jars for each sub project into the maven repository. Each sub
> project depends on different code under different licenses, with
> different notice requirements.
>
> So we keep the particular notice and license file for each sub project
> in its root folder, and concatenate them all during the release build
> into a big license and notice file.
Martijn, that's completely in line with my statement. Each element is
properly attributed, and then in your release process you assemble them
all into a proper and complete attribution.
> Keeping them separate in our svn repo is better as each sub project's
> maintainer knows when/how/why to update and modify the notice/license
> files. When the release is cut, these changes are automatically
> incorporated into the big distribution. This also prevents
> wicket-spring-1.3.3.jar from having notice attributions from
> wicket-guice-1.3.3.jar, which would be rather silly and certainly
> confusing.
That was exactly my point about altogether *missing* notice and license
files that don't occur in a particular svn repository, at least at trunk/
applicable to everything within that tree, and more frequently if it's
simpler to maintain.
Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF 2.0.5-incubator)
Posted by Martijn Dashorst <ma...@gmail.com>.
On 3/28/08, William A. Rowe, Jr. <wr...@rowe-clan.net> wrote:
> "The PRIOR rules said you place/retain copyright notices on each file.
> The NEW policy says you can skip that, move them into a NOTICE. The policy
> *never* granted you the right to remove them altogether, or make the
> providence of the code impossible to track down by placing it [the NOTICE
> and LICENSE] in a meaningless location."
>
> and wasn't disputed. Anyone care to try?
"meaningless location" is disputable. Take Wicket for example: we have
different sub projects that are released in one distribution artifact,
and as jars for each sub project into the maven repository. Each sub
project depends on different code under different licenses, with
different notice requirements.
So we keep the particular notice and license file for each sub project
in its root folder, and concatenate them all during the release build
into a big license and notice file.
Keeping them separate in our svn repo is better as each sub project's
maintainer knows when/how/why to update and modify the notice/license
files. When the release is cut, these changes are automatically
incorporated into the big distribution. This also prevents
wicket-spring-1.3.3.jar from having notice attributions from
wicket-guice-1.3.3.jar, which would be rather silly and certainly
confusing.
Martijn
--
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.2 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.2
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF
2.0.5-incubator)
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Niall Pemberton wrote:
> I assume you mean the following thread:
>
> http://apache.markmail.org/message/jangmpbssvvd73az
>
> Although from memory I don't remember it being conclusive.
Is any thread on general@ really ever concluded, unless someone offers
up a [vote] ;-?
But this statement stands;
"The PRIOR rules said you place/retain copyright notices on each file.
The NEW policy says you can skip that, move them into a NOTICE. The policy
*never* granted you the right to remove them altogether, or make the
providence of the code impossible to track down by placing it [the NOTICE
and LICENSE] in a meaningless location."
and wasn't disputed. Anyone care to try?
Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF 2.0.5-incubator)
Posted by Niall Pemberton <ni...@gmail.com>.
On Fri, Mar 28, 2008 at 12:11 AM, William A. Rowe, Jr.
<wr...@rowe-clan.net> wrote:
> Martijn Dashorst wrote:
> > On 3/27/08, sebb <se...@gmail.com> wrote:
> >> > This release is tagged at:
> >> > http://svn.apache.org/repos/asf/incubator/cxf/tags/cxf-2.0.5-incubator/
> >>
> >> -1: there should be NOTICE and LICENSE files at the top level in SVN.
> >>
> > According to my knowledge there is no policy that this has to be so.
> > The notice and license file MUST be in the src tar ball, but there is
> > no policy requiring them to be in SVN.
> >
> > The policy (or rather faq, [1]) states that:
> >
> > "In particular, every artifact distributed must contain appropriate
> > LICENSE and NOTICE files."
>
> These SHOULD be present, in any instance it should be possible to discover
> the providence of a file from an arbitrary svn checkout/export; we just
> finished a long thread along these lines, justifying why this is so.
I assume you mean the following thread:
http://apache.markmail.org/message/jangmpbssvvd73az
Although from memory I don't remember it being conclusive.
Niall
> You cannot say an svn checkout is not licensed, ergo license and notice
> should be present, at least at some higher level of the tree covering
> everything in that node.
>
>
> >> -1: SVN and the source archive don't agree; there are files and
> >> directories in each that are not in the other.
> >
>
> > To the best of my knowledge an svn tag is not an artifact which is distributed.
>
> That's correct, there may be generated files in a tarball or files excluded
> in packaging a tarball. That said; there should be either script or process
> documentation on how one becomes the other, because voters should and will
> compare what the RM says they are releasing to what is in SVN.
>
> Bill
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF
2.0.5-incubator)
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Martijn Dashorst wrote:
> On 3/27/08, sebb <se...@gmail.com> wrote:
>> > This release is tagged at:
>> > http://svn.apache.org/repos/asf/incubator/cxf/tags/cxf-2.0.5-incubator/
>>
>> -1: there should be NOTICE and LICENSE files at the top level in SVN.
>>
>
> According to my knowledge there is no policy that this has to be so.
> The notice and license file MUST be in the src tar ball, but there is
> no policy requiring them to be in SVN.
>
> The policy (or rather faq, [1]) states that:
>
> "In particular, every artifact distributed must contain appropriate
> LICENSE and NOTICE files."
These SHOULD be present, in any instance it should be possible to discover
the providence of a file from an arbitrary svn checkout/export; we just
finished a long thread along these lines, justifying why this is so.
You cannot say an svn checkout is not licensed, ergo license and notice
should be present, at least at some higher level of the tree covering
everything in that node.
>> -1: SVN and the source archive don't agree; there are files and
>> directories in each that are not in the other.
>
> To the best of my knowledge an svn tag is not an artifact which is distributed.
That's correct, there may be generated files in a tarball or files excluded
in packaging a tarball. That said; there should be either script or process
documentation on how one becomes the other, because voters should and will
compare what the RM says they are releasing to what is in SVN.
Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF 2.0.5-incubator)
Posted by Niclas Hedhman <ni...@hedhman.org>.
On Monday 31 March 2008 01:19, Matthieu Riou wrote:
> So what makes you pretty sure public access to a SCM amounts to
> distribution in the definition of publication? AFAICT, there's still no
> purpose of distribution.
If I take various chapters of Copyrighted material (books, music) and make it
available to the public, without the "purpose" to distribute, I am violating
the law, conciously or not... I might be wrong, but IIRC "purpose" and the
related "intent" words are not defined in Copyright law.
I.e. the fact that it was distributed is what constitutes the act of
distribution, whether you intended it or not. I assume that illegal
activities, such as theft, are excluded from my responsibility, provided I
have taken reasonable actions to prevent it (putting up a sign saying "Not
for download" is not good enough).
Cheers
--
Niclas Hedhman, Software Developer
I live here; http://tinyurl.com/2qq9er
I work here; http://tinyurl.com/2ymelc
I relax here; http://tinyurl.com/2cgsug
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release
CXF 2.0.5-incubator)
Posted by Santiago Gala <sg...@apache.org>.
El dom, 30-03-2008 a las 10:19 -0700, Matthieu Riou escribió:
>
>
> So what makes you pretty sure public access to a SCM amounts to
> distribution
> in the definition of publication? AFAICT, there's still no purpose of
> distribution. We don't offer the download of a tarball from our
> repositories. That others offer doesn't change what our source
> repository
> is.
>>From http://en.wikipedia.org/wiki/Repository , while there are a number
of things that a repository is, I stress this one: "a place where
multiple databases or files are located for distribution over a
network" (multiple -> several different tags, releases, modules, etc.)
In fact a source repository is for archival, auditing, development *and*
distribution. The fact that reading from it is 100% free (except certain
anti-DoS provisions) doesn't help claims about it not being a
distribution mechanism.
>
> Re: the purpose of further distribution, gentoo, just to give an
> > example, offers sometimes -svn/-git/-cvs versioned packages, and
> those
> > are built by accessing the SCM repository, checking out a HEAD copy,
> > building the binaries and installing. I've seen this kind of
> packages
> > (repackaged) in debian and rpm distributions too. and I've seen
> plenty
> > of XXX-patched-cvs-200XXXXX.tgz/jar files in our own distributions.
>
>
> Which means that these pakages, if they're produced and published with
> an
> intent to be distributed could very well be a publication. Still
> doesn't
> mean that offering a repository is by itself a publication.
>
The moment something is publicly out on a web site (and subversion
implements a superset of HTTP), it can be safely assumed that there was
an intent of publication of it. I think you'd had a difficult time
trying to convince a judge that it is *not* a distribution mechanism.
Regards
--
Santiago Gala
http://memojo.com/~sgala/blog/
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF 2.0.5-incubator)
Posted by Matthieu Riou <ma...@offthelip.org>.
On 3/29/08, Santiago Gala <sg...@apache.org> wrote:
>
>
> El jue, 27-03-2008 a las 21:42 -0700, Matthieu Riou escribió:
> (...snip...)
>
> > From what I understand of copyright law, it's not (of course IANAL,
> > etc...).
> > Distribution (or publication in copyright lingo) is defined as:
> >
> > "Publication" is the distribution of copies or phonorecords of a
> > work
> > to the public by sale or other transfer of ownership, or by
> > rental,
> > lease,
> > or lending. The offering to distribute copies or phonorecords to a
> > group
> >
> > of persons for purposes of further distribution, public
> > performance, or
> > public display, constitutes publication. A public performance or
> > display
> >
> > of a work does not of itself constitute publication.
> >
>
>
> The way it is written I take performance/display in the sense of
> "executing" the score (for music), playing the play (for theater),
> showing the movie, reading the poetry, exhibiting (displaying, for
> paintings)...
>
>
>
> > A source repository is in the category of "public performance or
> > display",
> > there's no purpose of further distribution. It doesn't constitute
> > publication.
> >
>
>
> I'd say that "performance" of software is executing it (like in music or
> theater, software is a "dynamic art"). Now I'm not sure if the "public"
> word stretches the meaning too much. But I'm pretty much sure that
> giving public access to a SCM repository amounts to distribution. Just
> notice how trac, git, mercurial and other UIs for SCM offer the download
> of a tarball for arbitrary revisions, for instance.
So what makes you pretty sure public access to a SCM amounts to distribution
in the definition of publication? AFAICT, there's still no purpose of
distribution. We don't offer the download of a tarball from our
repositories. That others offer doesn't change what our source repository
is.
Re: the purpose of further distribution, gentoo, just to give an
> example, offers sometimes -svn/-git/-cvs versioned packages, and those
> are built by accessing the SCM repository, checking out a HEAD copy,
> building the binaries and installing. I've seen this kind of packages
> (repackaged) in debian and rpm distributions too. and I've seen plenty
> of XXX-patched-cvs-200XXXXX.tgz/jar files in our own distributions.
Which means that these pakages, if they're produced and published with an
intent to be distributed could very well be a publication. Still doesn't
mean that offering a repository is by itself a publication.
Cheers,
Matthieu
Regards
> Santiago
>
>
> > Cheers,
> > Matthieu
>
>
> --
> Santiago Gala
> http://memojo.com/~sgala/blog/
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release
CXF 2.0.5-incubator)
Posted by Santiago Gala <sg...@apache.org>.
El jue, 27-03-2008 a las 21:42 -0700, Matthieu Riou escribió:
(...snip...)
> From what I understand of copyright law, it's not (of course IANAL,
> etc...).
> Distribution (or publication in copyright lingo) is defined as:
>
> "Publication" is the distribution of copies or phonorecords of a
> work
> to the public by sale or other transfer of ownership, or by
> rental,
> lease,
> or lending. The offering to distribute copies or phonorecords to a
> group
>
> of persons for purposes of further distribution, public
> performance, or
> public display, constitutes publication. A public performance or
> display
>
> of a work does not of itself constitute publication.
>
The way it is written I take performance/display in the sense of
"executing" the score (for music), playing the play (for theater),
showing the movie, reading the poetry, exhibiting (displaying, for
paintings)...
> A source repository is in the category of "public performance or
> display",
> there's no purpose of further distribution. It doesn't constitute
> publication.
>
I'd say that "performance" of software is executing it (like in music or
theater, software is a "dynamic art"). Now I'm not sure if the "public"
word stretches the meaning too much. But I'm pretty much sure that
giving public access to a SCM repository amounts to distribution. Just
notice how trac, git, mercurial and other UIs for SCM offer the download
of a tarball for arbitrary revisions, for instance.
Re: the purpose of further distribution, gentoo, just to give an
example, offers sometimes -svn/-git/-cvs versioned packages, and those
are built by accessing the SCM repository, checking out a HEAD copy,
building the binaries and installing. I've seen this kind of packages
(repackaged) in debian and rpm distributions too. and I've seen plenty
of XXX-patched-cvs-200XXXXX.tgz/jar files in our own distributions.
Regards
Santiago
> Cheers,
> Matthieu
--
Santiago Gala
http://memojo.com/~sgala/blog/
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF 2.0.5-incubator)
Posted by Matthieu Riou <ma...@offthelip.org>.
On 3/27/08, sebb <se...@gmail.com> wrote:
>
> On 27/03/2008, Martijn Dashorst <ma...@gmail.com> wrote:
> > On 3/27/08, sebb <se...@gmail.com> wrote:
> > > > This release is tagged at:
> > > >
> http://svn.apache.org/repos/asf/incubator/cxf/tags/cxf-2.0.5-incubator/
> > >
> > > -1: there should be NOTICE and LICENSE files at the top level in SVN.
> > >
> > > -1: SVN and the source archive don't agree; there are files and
> > > directories in each that are not in the other.
> >
> > According to my knowledge there is no policy that this has to be so.
> > The notice and license file MUST be in the src tar ball, but there is
> > no policy requiring them to be in SVN.
> >
> > The policy (or rather faq, [1]) states that:
> >
> > "In particular, every artifact distributed must contain appropriate
> > LICENSE and NOTICE files."
> >
> > To the best of my knowledge an svn tag is not an artifact which is
> distributed.
> >
>
>
> SVN URLs are published on most sites; this is effectivel distribution.
>From what I understand of copyright law, it's not (of course IANAL, etc...).
Distribution (or publication in copyright lingo) is defined as:
"Publication" is the distribution of copies or phonorecords of a work
to the public by sale or other transfer of ownership, or by rental,
lease,
or lending. The offering to distribute copies or phonorecords to a group
of persons for purposes of further distribution, public performance, or
public display, constitutes publication. A public performance or display
of a work does not of itself constitute publication.
A source repository is in the category of "public performance or display",
there's no purpose of further distribution. It doesn't constitute
publication.
Cheers,
Matthieu
> > There are lots of files incorrectly marked as executable in SVN, and
> > > various other files don't have the correct properties. See attached
> > > script.
> >
> > Again, to my knowledge there is no policy that states that this MUST
> > or SHOULD be so.
> >
> > Martijn
> >
> > [1] http://apache.org/dev/release.html#what-must-every-release-contain
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: general-help@incubator.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: Source tar ball != svn tag (was: Re: [VOTE] Approve release CXF 2.0.5-incubator)
Posted by sebb <se...@gmail.com>.
On 27/03/2008, Martijn Dashorst <ma...@gmail.com> wrote:
> On 3/27/08, sebb <se...@gmail.com> wrote:
> > > This release is tagged at:
> > > http://svn.apache.org/repos/asf/incubator/cxf/tags/cxf-2.0.5-incubator/
> >
> > -1: there should be NOTICE and LICENSE files at the top level in SVN.
> >
> > -1: SVN and the source archive don't agree; there are files and
> > directories in each that are not in the other.
>
> According to my knowledge there is no policy that this has to be so.
> The notice and license file MUST be in the src tar ball, but there is
> no policy requiring them to be in SVN.
>
> The policy (or rather faq, [1]) states that:
>
> "In particular, every artifact distributed must contain appropriate
> LICENSE and NOTICE files."
>
> To the best of my knowledge an svn tag is not an artifact which is distributed.
>
SVN URLs are published on most sites; this is effectivel distribution.
> > There are lots of files incorrectly marked as executable in SVN, and
> > various other files don't have the correct properties. See attached
> > script.
>
> Again, to my knowledge there is no policy that states that this MUST
> or SHOULD be so.
>
> Martijn
>
> [1] http://apache.org/dev/release.html#what-must-every-release-contain
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org