You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by Randy Gordon <ra...@yahoo.com> on 2007/06/23 13:17:37 UTC
Re JSR170 license
Mr Fielding,
I apologize for sending this directly to the list, but since I saw your reply only on reading GMANE on the web and not in my emailed jackrabbit dev digests, I don't know where else to send it.
My reply to your comments is:
As I said, I am not a lawyer, and this is not legal advice, just simply voicing my concerns in an appropriate forum.
Basically, I just want Day software to incorpate into their license the assurances you mentioned. All Day software has to do is state unconditionally that the Apache License terms replace theirs for anyone using Apache JackRabbit or incorporating Apache JackRabbit into their products.
I am reading the license the way I think a judge would read it. Thats because.
should there be litigation, your statements are not admissible in court, only the actual licenses.
I did read the second clause, but I didn't include the second clause, because the fair use exemption only allows me reproduce one clause at a time. But since you brought it up, it is now fair game.
.2. License for the Distribution of Compliant Implementations. Licensor also grants you a perpetual, non-exclusive, non-transferable, worldwide, fully paid-up, royalty free, limited license (without the right to sublicense) under any applicable copyrights or, subject to the provisions of subsection 4 below, patent rights it may have covering the Specification to create and/or distribute an Independent Implementation of the Specification that: (a) fully implements the Specification including all its required interfaces and functionality; (b) does not modify, subset, superset or otherwise extend the Licensor Name Space, or include any public or protected packages, classes, Java interfaces, fields or methods within the Licensor Name Space other than those required/authorized by the Specification or Specifications being implemented; and (c) passes the Technology Compatibility Kit (including satisfying the requirements of the applicable TCK Users Guide) for such Specification
("Compliant Implementation"). In addition, the foregoing license is expressly conditioned on your not acting outside its scope. No license is granted hereunder for any other purpose (including, for example, modifying the Specification, other than to the extent of your fair use rights, or distributing the Specification to third parties).
a) and b) don't particularly bother me, though a definition of what constitutes "fully implements" is a little worrying. An argument can easily be made that even a single bug constitutes not fully implementing the specification, and thus invalidates the license, subjecting companies (or their customers) utilizing any software implementing the JSR-170 specification, including Jackrabbit) to the threat pf litigation.
What I am concerned about is "c", TCK compliance and "the foregoing license is expressly conditioned on your not acting outside its scope."
You see, in clause 3 (not reproduced here) the pass through conditions expressly state that any subsidiary license (such as JackRabbits Apache license) do not release users from Days softwares IP rights (which basically means anything), so it doesn't matter what the Apache License says, it appears it would be irrelevant in the case of a threat of litigation by Day software.
Day gets to define the TCK, so the license can be invalidated simply by their unsupported statement that it does not pass the requirements, again, subjecting companies (or their customers) utilizing any software implementing the JSR-170 specification, including Jackrabbit) to the threat of litigation.
More importantly, not acting outside its scope is so broad anything could invalidate the license, again, subjecting companies (or their customers) utilizing any software implementing the JSR-170 specification, including Jackrabbit) to the threat of litigation.
Think this is just mere legal quibbling? JSR-170 is a content repository, in many cases products using Jackrabbit will be holding content that is under US federal and state laws.
Consider Kennedy Kasselbaum (HIPPA) laws, state insurance laws, and various records that might be subject to various records retention laws.
Using products potentially subject to litigation by Day Software (and thus endangering retention) is a potential violation of Sarbanes Oxley (or in Europe, Basel II laws ) unless it is explicitly declared as a potential risk in Corporate filings.
Since Day software is a Swiss company, there are also various foreign product and nationality security/homeland defense laws that would require declarations and usage restrictions as well.
I keep on remembering the cautionary tale of SCO's litigations and "settlements". regarding Unix and Linux. think Jackrabbit is a wonderful product, I don't want to see that happen here.
As I said initially, the remedy is simple. Since all Day software has to do is issue a license that implements what they are publicly claiming they wont do, anyways, I really can't see why they would object to doing so.
All they have to do is state that the Apache License terms unconditionally replace theirs for anyone using Apache JackRabbit or incorporating Apache JackRabbit into their products.
---------------------------------
Sucker-punch spam with award-winning protection.
Try the free Yahoo! Mail Beta.
Re: Re JSR170 license
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Jun 23, 2007, at 4:17 AM, Randy Gordon wrote:
> Mr Fielding,
>
> I apologize for sending this directly to the list, but since I saw
> your reply only on reading GMANE on the web and not in my emailed
> jackrabbit dev digests, I don't know where else to send it.
>
> My reply to your comments is:
>
> As I said, I am not a lawyer, and this is not legal advice, just
> simply voicing my concerns in an appropriate forum.
>
> Basically, I just want Day software to incorpate into their license
> the assurances you mentioned. All Day software has to do is state
> unconditionally that the Apache License terms replace theirs for
> anyone using Apache JackRabbit or incorporating Apache JackRabbit
> into their products.
Apache Jackrabbit is under the Apache License. Every single bit.
The only stuff under the Day JSR license is the JSR specification,
which consists of an interface jar and documentation under the
broadest possible terms allowed by Sun Microsystems for Java standards).
The JCR jar is intended to be part of the Java infrastructure, just
like servlets, and thus not redistributed with every application.
It is not included with Jackrabbit. The official interface jar is
not open source because Sun does not allow us to release it as such.
Any copy of Apache Jackrabbit, including anything you might create
through derivation of the Apache Jackrabbit code, is only under the
Apache License. The fact that there exists some other license out
there for some other piece of code is irrelevant. Day licensed the
Jackrabbit implementation to the ASF under the Apache contribution
agreement and the ASF licenses it to everyone under the Apache License.
> I am reading the license the way I think a judge would read it.
> Thats because.
> should there be litigation, your statements are not admissible in
> court, only the actual licenses.
Please seek a lawyer's opinion. A lawyer will tell you that anything
is admissible in court, especially written communication like this one.
> I did read the second clause, but I didn't include the second
> clause, because the fair use exemption only allows me reproduce one
> clause at a time. But since you brought it up, it is now fair game.
The "fair use" exemption applies to copyrightable work, not the text
of a license to you (which is inherently unrestricted by copyright),
and in any case there is no such thing as a "reproduce one clause at
a time" limitation to fair use. You don't need an exemption to have
a public conversation about a public document offered to you as a
license. Seriously, stop making this stuff up.
> .2. License for the Distribution of Compliant Implementations.
> Licensor also grants you a perpetual, non-exclusive, non-
> transferable, worldwide, fully paid-up, royalty free, limited
> license (without the right to sublicense) under any applicable
> copyrights or, subject to the provisions of subsection 4 below,
> patent rights it may have covering the Specification to create and/
> or distribute an Independent Implementation of the Specification
> that: (a) fully implements the Specification including all its
> required interfaces and functionality; (b) does not modify, subset,
> superset or otherwise extend the Licensor Name Space, or include
> any public or protected packages, classes, Java interfaces, fields
> or methods within the Licensor Name Space other than those required/
> authorized by the Specification or Specifications being
> implemented; and (c) passes the Technology Compatibility Kit
> (including satisfying the requirements of the applicable TCK Users
> Guide) for such Specification
> ("Compliant Implementation"). In addition, the foregoing license
> is expressly conditioned on your not acting outside its scope. No
> license is granted hereunder for any other purpose (including, for
> example, modifying the Specification, other than to the extent of
> your fair use rights, or distributing the Specification to third
> parties).
>
> a) and b) don't particularly bother me, though a definition of what
> constitutes "fully implements" is a little worrying. An argument
> can easily be made that even a single bug constitutes not fully
> implementing the specification, and thus invalidates the license,
> subjecting companies (or their customers) utilizing any software
> implementing the JSR-170 specification, including Jackrabbit) to
> the threat pf litigation.
Please go to <http://www.jcp.org/> and lodge your complaint. These
terms are mandated by Sun on all specification leads in order to
retain Java compatibility. Day has no choice in the matter aside
from the choice of choosing more restrictive terms. The specification
license is only one of many licenses issued by Day.
> What I am concerned about is "c", TCK compliance and "the
> foregoing license is expressly conditioned on your not acting
> outside its scope."
>
> You see, in clause 3 (not reproduced here) the pass through
> conditions expressly state that any subsidiary license (such as
> JackRabbits Apache license) do not release users from Days
> softwares IP rights (which basically means anything), so it doesn't
> matter what the Apache License says, it appears it would be
> irrelevant in the case of a threat of litigation by Day software.
Again, this applies to the Specification, not to Apache Jackrabbit.
> Day gets to define the TCK, so the license can be invalidated
> simply by their unsupported statement that it does not pass the
> requirements, again, subjecting companies (or their customers)
> utilizing any software implementing the JSR-170 specification,
> including Jackrabbit) to the threat of litigation.
Please read up on the JCP. The TCK is approved by the expert group
and all such cases are subject to the defined exception review process.
> More importantly, not acting outside its scope is so broad anything
> could invalidate the license, again, subjecting companies (or their
> customers) utilizing any software implementing the JSR-170
> specification, including Jackrabbit) to the threat of litigation.
Again, it is a license to the Specification. In any case, anyone is
"subjected to the threat of litigation" simply by residing within a
given legal jurisdiction. Anybody can sue anyone in the US.
> Think this is just mere legal quibbling? JSR-170 is a content
> repository, in many cases products using Jackrabbit will be holding
> content that is under US federal and state laws.
And so is the software -- anything in the US is subject to US laws.
> Consider Kennedy Kasselbaum (HIPPA) laws, state insurance laws,
> and various records that might be subject to various records
> retention laws.
>
> Using products potentially subject to litigation by Day Software
> (and thus endangering retention) is a potential violation of
> Sarbanes Oxley (or in Europe, Basel II laws ) unless it is
> explicitly declared as a potential risk in Corporate filings.
>
> Since Day software is a Swiss company, there are also various
> foreign product and nationality security/homeland defense laws that
> would require declarations and usage restrictions as well.
Sorry, that is absolute crap. Microsoft is sued on a regular basis
for just about every product they release. Litigation does not effect
third parties in the way that you have imagined. Besides, the company
that pays my salary (Day Software, Inc.) is a US corporation based in
Newport Beach, California, and the software that Day produces is
no more subject to "usage restrictions" than any Java JVM (which are
almost all developed outside the US).
> I keep on remembering the cautionary tale of SCO's litigations and
> "settlements". regarding Unix and Linux. think Jackrabbit is a
> wonderful product, I don't want to see that happen here.
And I don't want to hear nonsense spouted by trolls for the sake
of casting FUD in our community.
> As I said initially, the remedy is simple. Since all Day software
> has to do is issue a license that implements what they are
> publicly claiming they wont do, anyways, I really can't see why
> they would object to doing so.
>
> All they have to do is state that the Apache License terms
> unconditionally replace theirs for anyone using Apache JackRabbit
> or incorporating Apache JackRabbit into their products.
THIS HAS NOTHING TO DO WITH APACHE JACKRABBIT. Is that clear yet?
Now, go read
http://www.day.com/maven/jsr170/jars/LICENSE.txt
and note that it was placed there on 04-Jun-2007 13:34. Day already
has answered that question because some other projects politely
asked David to do so.
This is not the "Day Software Support Community". If you have any
further questions about the JSR legal conditions, please follow the
guidance on jcp.org or contact the spec lead in private. Apache only
supplies software that is open source and redistributable under the
Apache License.
....Roy
Re: Re JSR170 license
Posted by robert burrell donkin <ro...@gmail.com>.
On 6/23/07, Randy Gordon <ra...@yahoo.com> wrote:
>
> Mr Fielding,
>
> I apologize for sending this directly to the list, but since I saw your
> reply only on reading GMANE on the web and not in my emailed jackrabbit dev
> digests, I don't know where else to send it.
i'm going to jump in and assume that this is up for public debate since it's
posted to a public list
IANAL and i'm speaking purely personally (no apache hat on)
My reply to your comments is:
>
> As I said, I am not a lawyer, and this is not legal advice, just simply
> voicing my concerns in an appropriate forum.
>
after reading your post the matters you raise are common to JCP
specification, perhaps you might also consider posting something to the open
list apache has created to discuss JCP issues. see
http://www.apache.org/jcp/ but note the list is now open to all
Basically, I just want Day software to incorpate into their license the
> assurances you mentioned. All Day software has to do is state
> unconditionally that the Apache License terms replace theirs for anyone
> using Apache JackRabbit or incorporating Apache JackRabbit into their
> products.
apache jackrabbit has only one license - the apache license, version 2.0
certain additional rights are granted by the JCP to any compliant
implementations of a JSR and i assume that this is what you're talking about
with respect to day
I am reading the license the way I think a judge would read it. Thats
> because.
> should there be litigation, your statements are not admissible in court,
> only the actual licenses.
true but there is only one license issued by apache: the apache license,
version 2.0
I did read the second clause, but I didn't include the second clause,
> because the fair use exemption only allows me reproduce one clause at a
> time. But since you brought it up, it is now fair game.
>
> .2. License for the Distribution of Compliant Implementations. Licensor
> also grants you a perpetual, non-exclusive, non-transferable, worldwide,
> fully paid-up, royalty free, limited license (without the right to
> sublicense) under any applicable copyrights or, subject to the provisions of
> subsection 4 below, patent rights it may have covering the Specification to
> create and/or distribute an Independent Implementation of the Specification
> that: (a) fully implements the Specification including all its required
> interfaces and functionality; (b) does not modify, subset, superset or
> otherwise extend the Licensor Name Space, or include any public or protected
> packages, classes, Java interfaces, fields or methods within the Licensor
> Name Space other than those required/authorized by the Specification or
> Specifications being implemented; and (c) passes the Technology
> Compatibility Kit (including satisfying the requirements of the applicable
> TCK Users Guide) for such Specification
> ("Compliant Implementation"). In addition, the foregoing license is
> expressly conditioned on your not acting outside its scope. No license is
> granted hereunder for any other purpose (including, for example, modifying
> the Specification, other than to the extent of your fair use rights, or
> distributing the Specification to third parties).
>
> a) and b) don't particularly bother me, though a definition of what
> constitutes "fully implements" is a little worrying. An argument can easily
> be made that even a single bug constitutes not fully implementing the
> specification, and thus invalidates the license, subjecting companies (or
> their customers) utilizing any software implementing the JSR-170
> specification, including Jackrabbit) to the threat pf litigation.
AIUI this is how the JCP works (rather than anything to do with day in
particular
they agree to license additional rights to anyone who creates a compliant
implementation. yes, i agree that IMHO it's suboptimal but that's how these
standards work. this is tested by a TCK and any approved implementations are
granted these rights. but this is not transitive - though it's open source,
a fork does not transitively inherit the rights conferred by passing the
TCK.
i personally have some sympathy with your opinions and think that the
process could be improved but that requires lobbying the JCP
What I am concerned about is "c", TCK compliance and "the foregoing license
> is expressly conditioned on your not acting outside its scope."
>
> You see, in clause 3 (not reproduced here) the pass through conditions
> expressly state that any subsidiary license (such as JackRabbits Apache
> license) do not release users from Days softwares IP rights (which basically
> means anything), so it doesn't matter what the Apache License says, it
> appears it would be irrelevant in the case of a threat of litigation by Day
> software.
not so - the apache license is not subsidiary: apache licenses jackrabbit to
you under the apache license, version 2.0
apache has a CCLA from day which covers their contributions to jackrabbit.
this contract allow apache to license jackrabbit to you under the apache
license
the license for the JCP rights is separate and distinct
Day gets to define the TCK, so the license can be invalidated simply by
> their unsupported statement that it does not pass the requirements, again,
> subjecting companies (or their customers) utilizing any software
> implementing the JSR-170 specification, including Jackrabbit) to the threat
> of litigation.
the additional JCP license is granted by a process
More importantly, not acting outside its scope is so broad anything could
> invalidate the license, again, subjecting companies (or their customers)
> utilizing any software implementing the JSR-170 specification, including
> Jackrabbit) to the threat of litigation.
get used to 21st century US patent law: every company is threatened by this
issue but the apache license gives limited safeguards against submarining by
contributors (including day)
Think this is just mere legal quibbling? JSR-170 is a content repository, in
> many cases products using Jackrabbit will be holding content that is under
> US federal and state laws.
>
> Consider Kennedy Kasselbaum (HIPPA) laws, state insurance laws, and
> various records that might be subject to various records retention laws.
>
> Using products potentially subject to litigation by Day Software (and thus
> endangering retention) is a potential violation of Sarbanes Oxley (or in
> Europe, Basel II laws ) unless it is explicitly declared as a potential risk
> in Corporate filings.
until the US adopts sensible patent laws, all software is a potential risk
and so should be filled as such
Since Day software is a Swiss company, there are also various foreign
> product and nationality security/homeland defense laws that would require
> declarations and usage restrictions as well.
>
> I keep on remembering the cautionary tale of SCO's litigations and
> "settlements". regarding Unix and Linux. think Jackrabbit is a wonderful
> product, I don't want to see that happen here.
>
> As I said initially, the remedy is simple. Since all Day software has to
> do is issue a license that implements what they are publicly claiming they
> wont do, anyways, I really can't see why they would object to doing so.
this wouldn't work
All they have to do is state that the Apache License terms unconditionally
> replace theirs for anyone using Apache JackRabbit or incorporating Apache
> JackRabbit into their products.
day do not own apache jackrabbit. day do not control the licensing of apache
jackrabbit.
the apache software foundation licenses apache jackrabbit to you under the
terms of the apache license
- robert