You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by Michael Miklavcic <mi...@gmail.com> on 2017/02/02 19:22:40 UTC
Apache Metron (Incubating) - copying Apache licensed code into codebase
Hi Apache community,
My name is Michael Miklavcic. I'm a committer on the Apache Metron
(Incubating) project and we have a dependency that we would like to copy
into the Metron codebase. The project in question is an Apache V2 licensed
project that has not been maintained in a couple years, and the artifacts
are not in Maven Central. https://github.com/nchovy/kraken
The motivation for doing so is that we are currently depending on another
third party for hosting the packaged jar files. This may be fine for the
short-term, however we would like stronger guarantees that every build of
our project will be able to access those libraries. In addition, we would
like reliable access to the source code in the event that any bugs or
security issues are found that need fixing.
Per this thread -
http://mail-archives.apache.org/mod_mbox/incubator-metron-dev/201701.mbox/browser
- our mentor, Billie Rinaldi, has stated that an IP clearance process
requires permission from the original authors. I reached out to the Kraken
developers about a month ago and have not received any response. What steps
do we need to take in order to comply with any legal requirements to
copy/fork this project into our codebase?
Thanks,
Michael Miklavcic
Apache Metron (Incubating) committer
Re: Apache Metron (Incubating) - copying Apache licensed code into codebase
Posted by "John D. Ament" <jo...@apache.org>.
Interesting question. Looking at their code, it's already Apache licensed
(as you note). That aligns to how C/C++/BSD/Perl/Python etc would bring in
the source dependencies. I wouldn't see this as any different.
John
On Thu, Feb 2, 2017 at 2:22 PM Michael Miklavcic <
michael.miklavcic@gmail.com> wrote:
> Hi Apache community,
>
> My name is Michael Miklavcic. I'm a committer on the Apache Metron
> (Incubating) project and we have a dependency that we would like to copy
> into the Metron codebase. The project in question is an Apache V2 licensed
> project that has not been maintained in a couple years, and the artifacts
> are not in Maven Central. https://github.com/nchovy/kraken
>
> The motivation for doing so is that we are currently depending on another
> third party for hosting the packaged jar files. This may be fine for the
> short-term, however we would like stronger guarantees that every build of
> our project will be able to access those libraries. In addition, we would
> like reliable access to the source code in the event that any bugs or
> security issues are found that need fixing.
>
> Per this thread -
> http://mail-archives.apache.org/mod_mbox/incubator-metron-dev/201701.mbox/browser
> - our mentor, Billie Rinaldi, has stated that an IP clearance process
> requires permission from the original authors. I reached out to the Kraken
> developers about a month ago and have not received any response. What steps
> do we need to take in order to comply with any legal requirements to
> copy/fork this project into our codebase?
>
> Thanks,
> Michael Miklavcic
> Apache Metron (Incubating) committer
>