You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ant.apache.org by Peter Donald <do...@apache.org> on 2000/12/07 03:07:17 UTC
Re: cvs commit: jakarta-ant/proposal/anteater/lib
crimson.jarjaxp.jar
At 05:55 6/12/00 -0800, Jon Stevens wrote:
>on 12/6/2000 5:42 PM, "Peter Donald" <do...@apache.org> wrote:
>
>> Well not about that but more due to legal thing. I would never touch
>> something that has Suns license attached. I thought Apache had a clean tree
>> policy - ie only Apache copyright source is allowed to exist in CVS.
>> However Crimson has Sun copyright stuff in the tree - this seems silly -
>> especially as xml-xerces has similar source (the jaxp parser package) that
>> could be easily adpated to jaxp1.1 and we could do away with unclean tree
>> and that silly license.
>>
>> I guess it is a little anal but I have seen the results of discarding
>> legality (thou I live in a particularly restrictive country so YMMV).
>
>Turbine is totally illegal with regards to what it distributes. We are legal
>with regards to GPL (we don't include any GPL software), but not with
>regards to Sun's .jar files (ie: mail.jar, activation.jar, etc...)
I thought they were covered by "Binary Code License Agreement" + the
standard extention Supplemental. I agree you break some parts .. namely you
don't
1. comply with export restrictions to embargoes countries
2. allow it to be used within nuclear facilties ;)
3. possibly the strictures set out for US gov software (which I don't know
anything about)
Stefano said ages ago that (1) would be fixed (ie block ftp/cvs connections
from "bad" countries). You can comply with (2) by adding a simple
disclaimer (Not for use in nuclear facilties ;]). About 3 I don't know but
it could be looked into if it was an issue.
However jaxp1.1 is an early release and thus covered by the "Pre-Release
Binary Software Evaluation Agreement" which explictly disallows
distribution (among other things). Thats why I *thought* that distributing
mail.jar is legal but jaxp1.1.jar is not - thou IANAL so ... ;)
Cheers,
Pete
*-----------------------------------------------------*
| "Faced with the choice between changing one's mind, |
| and proving that there is no need to do so - almost |
| everyone gets busy on the proof." |
| - John Kenneth Galbraith |
*-----------------------------------------------------*
Re: cvs commit: jakarta-ant/proposal/anteater/libcrimson.jarjaxp.jar
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Jon Stevens wrote:
> we don't have export restrictions on
> security code anymore which is nice.
Would that this were true :-(
There are still country restrictions that have to be respected. See questions
6-9 of the JSSE FAQ at <http://java.sun.com/products/jsse/FAQ.html>.
Because there is no reasonable way to enforce the country restrictions (do you
really want to see a click-through "I am not a crook" page to download it :-),
this is why Tomcat doesn't include the JSSE stuff in its binary distros.
>
> thanks,
>
> -jon
Craig
Re: cvs commit: jakarta-ant/proposal/anteater/lib
crimson.jarjaxp.jar
Posted by Jon Stevens <jo...@latchkey.com>.
on 12/6/2000 6:07 PM, "Peter Donald" <do...@apache.org> wrote:
> Thats why I *thought* that distributing
> mail.jar is legal but jaxp1.1.jar is not - thou IANAL so ... ;)
No way, we are still illegal. :-)
http://www.working-dogs.com/turbine/cvsweb/index.cgi/turbine/lib/mail-1.2ea.
jar
1.2EarlyAccess.
:-)
As for the rest of it, blocking by IP address is really only possible if Sun
would like to share the IP's they want blocked. As for nuclear...give me a
break. As for US gov, I have no idea...we don't have export restrictions on
security code anymore which is nice.
thanks,
-jon
Re: cvs commit: jakarta-ant/proposal/anteater/lib
crimson.jarjaxp.jar
Posted by James Duncan Davidson <du...@x180.net>.
On 12/6/00 6:07 PM, "Peter Donald" <do...@apache.org> wrote:
> I thought they were covered by "Binary Code License Agreement" + the
> standard extention Supplemental. I agree you break some parts .. namely you
> don't
>
> 1. comply with export restrictions to embargoes countries
> 2. allow it to be used within nuclear facilties ;)
> 3. possibly the strictures set out for US gov software (which I don't know
> anything about)
1. Well, we take about the same precautions as anyone else on the net --
that's what the gov't requires for technology. Everyone tries to log crypto
stuff.. But banning the 7 bad countries is another thing. Maybe we should IP
block em -- but when they get aol.com accounts, the gig is up anyway.
2. The nuclear stuff is legal "don't sue Sun if you do that" language. If a
nuke plant blows and it's cause they were running Java, Sun can point to
that and say "They weren't supposed to do that!"... That's about all it
means. It's like telling you that you aren't supposed to cross the street on
red. If you do it, it's your own damn fault for getting hit by a car.
3. Those restrictions only mean something to Gov't employees and
contractors. They don't apply to normal citizens. This is because the US
Gov't has interesting ways in which they require stuff to be made available
to them.
> However jaxp1.1 is an early release and thus covered by the "Pre-Release
> Binary Software Evaluation Agreement" which explictly disallows
> distribution (among other things). Thats why I *thought* that distributing
> mail.jar is legal but jaxp1.1.jar is not - thou IANAL so ... ;)
Were we distributing? I didn't see a release being made of Crimson with jaxp
1.1 yet. Not a final release. Until then, it's development software and not
released. :)
--
James Duncan Davidson duncan@x180.net
!try; do()