You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by Robert Burrell Donkin <ro...@gmail.com> on 2011/06/12 17:26:22 UTC
[REDUX] Java Service Wrappers (JSW) unfortunate license change
(This is continuation of a thread from 2008[1]. It's now impacting the
release of Apache James 3. If the topic is too far OT please shout ;-)
The JSW artifacts in Maven Central [2] now seem to lack a public
license (in other words, a unilateral license allowing the public to
distribute and download the artifact)
AFACT (please jump in if there's anything I've missed or
misunderstood) to fix this particular problem the community needs to
* Remove JSW runtime dependency from appassembler
* Remove the artifact from maven central
* Fork the source and release replacement artifacts with clean IP
* Cut a new appassembler release
My computer time is limited ATM so if any help would be really appreciated...
In this brave new world of retroactive license changes, this is a good
example of an important problem. The licenses issued by the original
authority for an artifact may change over time, and the license which
a downstream consumer of that artifact may rely upon may no longer be
issued by the upstream authority for that artifact. This allows
bait-and-switch tactics by upstream producers. To avoid potential
issues in the future for downstream users and those operating Maven
central, I think the Maven community needs to start thinking about
this problem now.
More specifically, reliable write-license meta-data in the repository
could be used to verify at release time that the dependencies have
licenses that satisfy some sort of policy. This is the sort of fits
with Rat but Rat has stalled in the Incubator since there's no
obvious way home after graduation. My recovery continues but my
computer time is still limited. Suggestions, opinions, ideas and
offers for help welcomed.
(Out of time)
Robert
[1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html
[2] http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Jochen Wiedmann <jo...@gmail.com>.
Mark, without being a lawyer, my guess is that you mean "no one can
sue you successfully", as opposed to "no one can sue you". And I'm
sure that any reasonable person would try to avoid even the former.
Jochen
On Tue, Jun 14, 2011 at 9:58 AM, Mark Struberg <st...@yahoo.de> wrote:
> No Robert!
>
> Even in the UK after enforcing a few cracy things recently, no one can sue you for downloading something in good faith.
> Of course they can force you to not use it in the future - like everywhere else.
>
> LieGrue,
> strub
>
> --- On Tue, 6/14/11, Robert Burrell Donkin <ro...@gmail.com> wrote:
>
>> From: Robert Burrell Donkin <ro...@gmail.com>
>> Subject: Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
>> To: "Maven Developers List" <de...@maven.apache.org>
>> Date: Tuesday, June 14, 2011, 7:47 AM
>> On Mon, Jun 13, 2011 at 3:09 PM,
>> Benson Margulies <bi...@gmail.com>
>> wrote:
>> > The legal risk involved in downloading and using a jar
>> of code pushed
>> > to central under false pretenses is very small.
>>
>> I live in the UK. That's now untrue here.
>>
>> Robert
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
--
Capitalism is the astounding belief that the most wickedest of men
will do the most wickedest of things for the greatest good of
everyone.
John Maynard Keynes (http://en.wikiquote.org/wiki/Keynes)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Mark Struberg <st...@yahoo.de>.
No Robert!
Even in the UK after enforcing a few cracy things recently, no one can sue you for downloading something in good faith.
Of course they can force you to not use it in the future - like everywhere else.
LieGrue,
strub
--- On Tue, 6/14/11, Robert Burrell Donkin <ro...@gmail.com> wrote:
> From: Robert Burrell Donkin <ro...@gmail.com>
> Subject: Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
> To: "Maven Developers List" <de...@maven.apache.org>
> Date: Tuesday, June 14, 2011, 7:47 AM
> On Mon, Jun 13, 2011 at 3:09 PM,
> Benson Margulies <bi...@gmail.com>
> wrote:
> > The legal risk involved in downloading and using a jar
> of code pushed
> > to central under false pretenses is very small.
>
> I live in the UK. That's now untrue here.
>
> Robert
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Robert Burrell Donkin <ro...@gmail.com>.
On Mon, Jun 13, 2011 at 3:09 PM, Benson Margulies <bi...@gmail.com> wrote:
> The legal risk involved in downloading and using a jar of code pushed
> to central under false pretenses is very small.
I live in the UK. That's now untrue here.
Robert
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Benson Margulies <bi...@gmail.com>.
The legal risk involved in downloading and using a jar of code pushed
to central under false pretenses is very small. 'Using', as opposed to
'incorporating in your release.'
The appassembler is a weird case. You don't see the JSW as a
dependency, exactly, yet you end up with a copy in your distribution.
I think that I opened a JIRA on the appassembler a long time ago
suggesting that it would be polite for the site documentation to be
very explicit as to the license of the materials it stirs into the
pot.
People who have corporate reasons to be super-careful already have
their own mechanism for vetting everything. Normal people really don't
have to, so I for one am not very enthusiastic about adding complexity
to address it.
On Mon, Jun 13, 2011 at 9:55 AM, Robert Burrell Donkin
<ro...@gmail.com> wrote:
> On Mon, Jun 13, 2011 at 1:03 AM, Brett Porter <br...@apache.org> wrote:
>
> <snip>
>
>> None of this discussion is really relevant for this list... except maybe that pointing to a URL for a license in the POM is not a good idea.
>
> This is really what I wanted to raise here (just a bit difficult
> without context)
>
>> If someone wants to take up that issue, I would recommend changing it to a reference within the repository, so that we can ensure some list of immutable licenses.
>
> I think a limited list of standard licenses would be useful, allowing
> automated verification of license policies (for example).
>
> A key question is whether these license URLs are intended to act as
> immutable names or as links to where a license might be agreed with a
> vendor.
>
> AIUI as a user of Maven ATM I have very little control over the
> downloads. This means Maven may end up helping me break criminal law
> by facilitating the downloading artifacts for which I have no license.
> Perhaps a white list of allowed licenses in the configuration would
> allow a user to choose the risks they were willing to take.
>
> Robert
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Robert Burrell Donkin <ro...@gmail.com>.
On Mon, Jun 13, 2011 at 1:03 AM, Brett Porter <br...@apache.org> wrote:
<snip>
> None of this discussion is really relevant for this list... except maybe that pointing to a URL for a license in the POM is not a good idea.
This is really what I wanted to raise here (just a bit difficult
without context)
> If someone wants to take up that issue, I would recommend changing it to a reference within the repository, so that we can ensure some list of immutable licenses.
I think a limited list of standard licenses would be useful, allowing
automated verification of license policies (for example).
A key question is whether these license URLs are intended to act as
immutable names or as links to where a license might be agreed with a
vendor.
AIUI as a user of Maven ATM I have very little control over the
downloads. This means Maven may end up helping me break criminal law
by facilitating the downloading artifacts for which I have no license.
Perhaps a white list of allowed licenses in the configuration would
allow a user to choose the risks they were willing to take.
Robert
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Brett Porter <br...@apache.org>.
If you open up the wrapper-delta-pack that the appassembler depends on, doc/license.txt describes the license it was released under. It is not GPL or LGPL as asserted in this thread.
None of this discussion is really relevant for this list... except maybe that pointing to a URL for a license in the POM is not a good idea. If someone wants to take up that issue, I would recommend changing it to a reference within the repository, so that we can ensure some list of immutable licenses.
- Brett
On 13/06/2011, at 4:03 AM, Benson Margulies wrote:
> So, the lesson I take from this is that the appassembler would never
> have been releasable at Apache, and that releasing it at codehaus
> without getting the author (who happens to be in Japan) to provide an
> unambiguous license was perhaps ill-advised.
>
>
>
> On Sun, Jun 12, 2011 at 1:54 PM, Robert Burrell Donkin
> <ro...@gmail.com> wrote:
>> On Sun, Jun 12, 2011 at 4:32 PM, Mark Struberg <st...@yahoo.de> wrote:
>>> just an idea: what about extending the maven-release-plugin to ask for a license if the pom doesn't contain a <license> section?
>>
>> In principle, this would be a good feature to add to a verification
>> tool like Rat.
>>
>> In this case, JSW has a <license> section but that license contains
>> meta-licensing information (a way for a user to obtain a license,
>> rather than a direct license)
>>
>> Robert
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
>> For additional commands, e-mail: dev-help@maven.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Benson Margulies <bi...@gmail.com>.
So, the lesson I take from this is that the appassembler would never
have been releasable at Apache, and that releasing it at codehaus
without getting the author (who happens to be in Japan) to provide an
unambiguous license was perhaps ill-advised.
On Sun, Jun 12, 2011 at 1:54 PM, Robert Burrell Donkin
<ro...@gmail.com> wrote:
> On Sun, Jun 12, 2011 at 4:32 PM, Mark Struberg <st...@yahoo.de> wrote:
>> just an idea: what about extending the maven-release-plugin to ask for a license if the pom doesn't contain a <license> section?
>
> In principle, this would be a good feature to add to a verification
> tool like Rat.
>
> In this case, JSW has a <license> section but that license contains
> meta-licensing information (a way for a user to obtain a license,
> rather than a direct license)
>
> Robert
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Robert Burrell Donkin <ro...@gmail.com>.
On Sun, Jun 12, 2011 at 4:32 PM, Mark Struberg <st...@yahoo.de> wrote:
> just an idea: what about extending the maven-release-plugin to ask for a license if the pom doesn't contain a <license> section?
In principle, this would be a good feature to add to a verification
tool like Rat.
In this case, JSW has a <license> section but that license contains
meta-licensing information (a way for a user to obtain a license,
rather than a direct license)
Robert
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Benson Margulies <bi...@gmail.com>.
Um, so that's not a problem as a dependency at codehaus?, but it might
have always been an unpleasant surprise for people who suddenly
discovered themselves aggregated with it.
On Sun, Jun 12, 2011 at 11:55 AM, Brian Fox <br...@infinity.nu> wrote:
> The old versions are LGPL
>
> On Sun, Jun 12, 2011 at 11:40 AM, Benson Margulies
> <bi...@gmail.com> wrote:
>> There's no such thing as a 'retroactive license change', though
>> perhaps the Tanuki-person has managed a sufficient approximation. Is
>> there?
>>
>> Once upon a time, he/they released some version of JSW under a
>> friendly licence, and it pushed to central. The grant of that license
>> to that version is effectively irrevocable. Subsequent versions may
>> have different licenses, and the author might have removed the old
>> version -- though if it was really licensed with a permissive license
>> some other person could put it back.
>>
>>
>> On Sun, Jun 12, 2011 at 11:32 AM, Mark Struberg <st...@yahoo.de> wrote:
>>> just an idea: what about extending the maven-release-plugin to ask for a license if the pom doesn't contain a <license> section?
>>>
>>> LieGrue,
>>> strub
>>>
>>> --- On Sun, 6/12/11, Robert Burrell Donkin <ro...@gmail.com> wrote:
>>>
>>>> From: Robert Burrell Donkin <ro...@gmail.com>
>>>> Subject: [REDUX] Java Service Wrappers (JSW) unfortunate license change
>>>> To: "Maven Developers List" <de...@maven.apache.org>
>>>> Date: Sunday, June 12, 2011, 3:26 PM
>>>> (This is continuation of a thread
>>>> from 2008[1]. It's now impacting the
>>>> release of Apache James 3. If the topic is too far OT
>>>> please shout ;-)
>>>>
>>>>
>>>> The JSW artifacts in Maven Central [2] now seem to lack a
>>>> public
>>>> license (in other words, a unilateral license allowing the
>>>> public to
>>>> distribute and download the artifact)
>>>>
>>>> AFACT (please jump in if there's anything I've missed or
>>>> misunderstood) to fix this particular problem the community
>>>> needs to
>>>> * Remove JSW runtime dependency from appassembler
>>>> * Remove the artifact from maven central
>>>> * Fork the source and release replacement artifacts with
>>>> clean IP
>>>> * Cut a new appassembler release
>>>>
>>>> My computer time is limited ATM so if any help would be
>>>> really appreciated...
>>>>
>>>>
>>>>
>>>> In this brave new world of retroactive license changes,
>>>> this is a good
>>>> example of an important problem. The licenses issued by the
>>>> original
>>>> authority for an artifact may change over time, and the
>>>> license which
>>>> a downstream consumer of that artifact may rely upon may no
>>>> longer be
>>>> issued by the upstream authority for that artifact. This
>>>> allows
>>>> bait-and-switch tactics by upstream producers. To avoid
>>>> potential
>>>> issues in the future for downstream users and those
>>>> operating Maven
>>>> central, I think the Maven community needs to start
>>>> thinking about
>>>> this problem now.
>>>>
>>>>
>>>> More specifically, reliable write-license meta-data in the
>>>> repository
>>>> could be used to verify at release time that the
>>>> dependencies have
>>>> licenses that satisfy some sort of policy. This is the sort
>>>> of fits
>>>> with Rat but Rat has stalled in the Incubator since
>>>> there's no
>>>> obvious way home after graduation. My recovery continues
>>>> but my
>>>> computer time is still limited. Suggestions, opinions,
>>>> ideas and
>>>> offers for help welcomed.
>>>>
>>>> (Out of time)
>>>>
>>>> Robert
>>>>
>>>> [1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html
>>>> [2] http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
>>>> For additional commands, e-mail: dev-help@maven.apache.org
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
>>> For additional commands, e-mail: dev-help@maven.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
>> For additional commands, e-mail: dev-help@maven.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Brian Fox <br...@infinity.nu>.
The old versions are LGPL
On Sun, Jun 12, 2011 at 11:40 AM, Benson Margulies
<bi...@gmail.com> wrote:
> There's no such thing as a 'retroactive license change', though
> perhaps the Tanuki-person has managed a sufficient approximation. Is
> there?
>
> Once upon a time, he/they released some version of JSW under a
> friendly licence, and it pushed to central. The grant of that license
> to that version is effectively irrevocable. Subsequent versions may
> have different licenses, and the author might have removed the old
> version -- though if it was really licensed with a permissive license
> some other person could put it back.
>
>
> On Sun, Jun 12, 2011 at 11:32 AM, Mark Struberg <st...@yahoo.de> wrote:
>> just an idea: what about extending the maven-release-plugin to ask for a license if the pom doesn't contain a <license> section?
>>
>> LieGrue,
>> strub
>>
>> --- On Sun, 6/12/11, Robert Burrell Donkin <ro...@gmail.com> wrote:
>>
>>> From: Robert Burrell Donkin <ro...@gmail.com>
>>> Subject: [REDUX] Java Service Wrappers (JSW) unfortunate license change
>>> To: "Maven Developers List" <de...@maven.apache.org>
>>> Date: Sunday, June 12, 2011, 3:26 PM
>>> (This is continuation of a thread
>>> from 2008[1]. It's now impacting the
>>> release of Apache James 3. If the topic is too far OT
>>> please shout ;-)
>>>
>>>
>>> The JSW artifacts in Maven Central [2] now seem to lack a
>>> public
>>> license (in other words, a unilateral license allowing the
>>> public to
>>> distribute and download the artifact)
>>>
>>> AFACT (please jump in if there's anything I've missed or
>>> misunderstood) to fix this particular problem the community
>>> needs to
>>> * Remove JSW runtime dependency from appassembler
>>> * Remove the artifact from maven central
>>> * Fork the source and release replacement artifacts with
>>> clean IP
>>> * Cut a new appassembler release
>>>
>>> My computer time is limited ATM so if any help would be
>>> really appreciated...
>>>
>>>
>>>
>>> In this brave new world of retroactive license changes,
>>> this is a good
>>> example of an important problem. The licenses issued by the
>>> original
>>> authority for an artifact may change over time, and the
>>> license which
>>> a downstream consumer of that artifact may rely upon may no
>>> longer be
>>> issued by the upstream authority for that artifact. This
>>> allows
>>> bait-and-switch tactics by upstream producers. To avoid
>>> potential
>>> issues in the future for downstream users and those
>>> operating Maven
>>> central, I think the Maven community needs to start
>>> thinking about
>>> this problem now.
>>>
>>>
>>> More specifically, reliable write-license meta-data in the
>>> repository
>>> could be used to verify at release time that the
>>> dependencies have
>>> licenses that satisfy some sort of policy. This is the sort
>>> of fits
>>> with Rat but Rat has stalled in the Incubator since
>>> there's no
>>> obvious way home after graduation. My recovery continues
>>> but my
>>> computer time is still limited. Suggestions, opinions,
>>> ideas and
>>> offers for help welcomed.
>>>
>>> (Out of time)
>>>
>>> Robert
>>>
>>> [1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html
>>> [2] http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
>>> For additional commands, e-mail: dev-help@maven.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
>> For additional commands, e-mail: dev-help@maven.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Oleg Gusakov <ol...@gmail.com>.
On 6/13/11 9:52 PM, Ralph Goers wrote:
> On Jun 13, 2011, at 9:02 PM, Brett Porter wrote:
>
>> On 14/06/2011, at 1:05 PM, Ralph Goers wrote:
>>
>>> On Jun 13, 2011, at 7:23 AM, Nigel Magnay wrote:
>>>
>>>> There is a fork under the old license here:
>>>>
>>>> https://bitbucket.org/ivertex/java-service-wrapper/overview
>>>>
>>> I apologize if I missed it somewhere in this thread, but as I recall commons exec was created primarily due to the license change of JSW. I don't know whether it will meet the needs of whatever it is being used for here but I thought I'd mention it in case you weren't aware.
>> That's not what commons-exec does. Maybe you are thinking of commons-daemon?
>>
>> That easily predates the JSW license change, though.
> Yes, sorry - wrong project. Now I'm scratching my head. I specifically remember a project starting up somewhere a year or two ago in response to the license change. I did find the email from Jason in 2008 on this list but I can't find the project I'm thinking of.
>
http://yajsw.sourceforge.net/ I believe
Oleg
> Ralph
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Ralph Goers <ra...@dslextreme.com>.
On Jun 13, 2011, at 9:02 PM, Brett Porter wrote:
>
> On 14/06/2011, at 1:05 PM, Ralph Goers wrote:
>
>>
>> On Jun 13, 2011, at 7:23 AM, Nigel Magnay wrote:
>>
>>> There is a fork under the old license here:
>>>
>>> https://bitbucket.org/ivertex/java-service-wrapper/overview
>>>
>>
>> I apologize if I missed it somewhere in this thread, but as I recall commons exec was created primarily due to the license change of JSW. I don't know whether it will meet the needs of whatever it is being used for here but I thought I'd mention it in case you weren't aware.
>
> That's not what commons-exec does. Maybe you are thinking of commons-daemon?
>
> That easily predates the JSW license change, though.
Yes, sorry - wrong project. Now I'm scratching my head. I specifically remember a project starting up somewhere a year or two ago in response to the license change. I did find the email from Jason in 2008 on this list but I can't find the project I'm thinking of.
Ralph
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Brett Porter <br...@apache.org>.
On 14/06/2011, at 1:05 PM, Ralph Goers wrote:
>
> On Jun 13, 2011, at 7:23 AM, Nigel Magnay wrote:
>
>> There is a fork under the old license here:
>>
>> https://bitbucket.org/ivertex/java-service-wrapper/overview
>>
>
> I apologize if I missed it somewhere in this thread, but as I recall commons exec was created primarily due to the license change of JSW. I don't know whether it will meet the needs of whatever it is being used for here but I thought I'd mention it in case you weren't aware.
That's not what commons-exec does. Maybe you are thinking of commons-daemon?
That easily predates the JSW license change, though.
- Brett
--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Ralph Goers <ra...@dslextreme.com>.
On Jun 13, 2011, at 7:23 AM, Nigel Magnay wrote:
> There is a fork under the old license here:
>
> https://bitbucket.org/ivertex/java-service-wrapper/overview
>
I apologize if I missed it somewhere in this thread, but as I recall commons exec was created primarily due to the license change of JSW. I don't know whether it will meet the needs of whatever it is being used for here but I thought I'd mention it in case you weren't aware.
Ralph
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Nigel Magnay <ni...@gmail.com>.
There is a fork under the old license here:
https://bitbucket.org/ivertex/java-service-wrapper/overview
On Sun, Jun 12, 2011 at 4:40 PM, Benson Margulies <bi...@gmail.com>wrote:
> There's no such thing as a 'retroactive license change', though
> perhaps the Tanuki-person has managed a sufficient approximation. Is
> there?
>
> Once upon a time, he/they released some version of JSW under a
> friendly licence, and it pushed to central. The grant of that license
> to that version is effectively irrevocable. Subsequent versions may
> have different licenses, and the author might have removed the old
> version -- though if it was really licensed with a permissive license
> some other person could put it back.
>
>
> On Sun, Jun 12, 2011 at 11:32 AM, Mark Struberg <st...@yahoo.de> wrote:
> > just an idea: what about extending the maven-release-plugin to ask for a
> license if the pom doesn't contain a <license> section?
> >
> > LieGrue,
> > strub
> >
> > --- On Sun, 6/12/11, Robert Burrell Donkin <
> robertburrelldonkin@gmail.com> wrote:
> >
> >> From: Robert Burrell Donkin <ro...@gmail.com>
> >> Subject: [REDUX] Java Service Wrappers (JSW) unfortunate license change
> >> To: "Maven Developers List" <de...@maven.apache.org>
> >> Date: Sunday, June 12, 2011, 3:26 PM
> >> (This is continuation of a thread
> >> from 2008[1]. It's now impacting the
> >> release of Apache James 3. If the topic is too far OT
> >> please shout ;-)
> >>
> >>
> >> The JSW artifacts in Maven Central [2] now seem to lack a
> >> public
> >> license (in other words, a unilateral license allowing the
> >> public to
> >> distribute and download the artifact)
> >>
> >> AFACT (please jump in if there's anything I've missed or
> >> misunderstood) to fix this particular problem the community
> >> needs to
> >> * Remove JSW runtime dependency from appassembler
> >> * Remove the artifact from maven central
> >> * Fork the source and release replacement artifacts with
> >> clean IP
> >> * Cut a new appassembler release
> >>
> >> My computer time is limited ATM so if any help would be
> >> really appreciated...
> >>
> >>
> >>
> >> In this brave new world of retroactive license changes,
> >> this is a good
> >> example of an important problem. The licenses issued by the
> >> original
> >> authority for an artifact may change over time, and the
> >> license which
> >> a downstream consumer of that artifact may rely upon may no
> >> longer be
> >> issued by the upstream authority for that artifact. This
> >> allows
> >> bait-and-switch tactics by upstream producers. To avoid
> >> potential
> >> issues in the future for downstream users and those
> >> operating Maven
> >> central, I think the Maven community needs to start
> >> thinking about
> >> this problem now.
> >>
> >>
> >> More specifically, reliable write-license meta-data in the
> >> repository
> >> could be used to verify at release time that the
> >> dependencies have
> >> licenses that satisfy some sort of policy. This is the sort
> >> of fits
> >> with Rat but Rat has stalled in the Incubator since
> >> there's no
> >> obvious way home after graduation. My recovery continues
> >> but my
> >> computer time is still limited. Suggestions, opinions,
> >> ideas and
> >> offers for help welcomed.
> >>
> >> (Out of time)
> >>
> >> Robert
> >>
> >> [1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html
> >> [2]
> http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> >> For additional commands, e-mail: dev-help@maven.apache.org
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> > For additional commands, e-mail: dev-help@maven.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Robert Burrell Donkin <ro...@gmail.com>.
On Sun, Jun 12, 2011 at 4:40 PM, Benson Margulies <bi...@gmail.com> wrote:
> There's no such thing as a 'retroactive license change', though
> perhaps the Tanuki-person has managed a sufficient approximation. Is
> there?
IMO enough of a sufficient approximation to worry :-/
(more detail in line)
> Once upon a time, he/they released some version of JSW under a
> friendly licence, and it pushed to central.
AFAICT The compressed artifact lacks substantial license information.
The license meta-data indicates that the artifact is licensed under
the "Tanuki Software license". This is not a license but a reference
to a web page where a license might be obtained from "Tanuki
Software". AIUI this trick means that maven central does not have a
license but people can obtain a license by visiting that page.
> The grant of that license
> to that version is effectively irrevocable. Subsequent versions may
> have different licenses, and the author might have removed the old
> version -- though if it was really licensed with a permissive license
> some other person could put it back.
AIUI a rights holder could just stop issuing public licenses for an
artifact at any time, and require new licensees agree new terms.
Anyone who previously obtained a public license from "Tanuki Software"
could publish the artifact under the old public license. Issuing a
public license directly to maven central would therefore protect
everyone downstream. This doesn't seem to have happened in this case
:-/
(FWIW I doubt "Tanuki Software" would act against maven central under
US copyright law. I'm more worried about liability for maven users in
places (like England) with different copyright laws where justice is
pay-to-play.)
Robert
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Mark Struberg <st...@yahoo.de>.
Nah sorry, I think I was not clear enough:
What I was talking about: IF a lot more artifacts would have an explicit <license> section in their poms, then it would be easier for tools (e.g. apache-rat and the maven-dependency-plugin) to check those dependencies and list/evaluate em.
By asking the user for the licenses (a numbered bullet list like we have in the archetype plugin + an option for a free string entry) we could possibly heavily increase the amount of artifacts with a <license> section. This would certainly take some time, but after 1 year, this should really take off.
Another way would be to parse for META-INF/Manifest info and LICENSE files inside the artifacts and propagate it to the poms. But this is rather delicate to handle...
I know this is not directly solving your current problem, but it could help to preventing us from getting this problem in the future.
LieGrue,
strub
--- On Sun, 6/12/11, Benson Margulies <bi...@gmail.com> wrote:
> From: Benson Margulies <bi...@gmail.com>
> Subject: Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
> To: "Maven Developers List" <de...@maven.apache.org>
> Date: Sunday, June 12, 2011, 3:40 PM
> There's no such thing as a
> 'retroactive license change', though
> perhaps the Tanuki-person has managed a sufficient
> approximation. Is
> there?
>
> Once upon a time, he/they released some version of JSW
> under a
> friendly licence, and it pushed to central. The grant of
> that license
> to that version is effectively irrevocable. Subsequent
> versions may
> have different licenses, and the author might have removed
> the old
> version -- though if it was really licensed with a
> permissive license
> some other person could put it back.
>
>
> On Sun, Jun 12, 2011 at 11:32 AM, Mark Struberg <st...@yahoo.de>
> wrote:
> > just an idea: what about extending the
> maven-release-plugin to ask for a license if the pom
> doesn't contain a <license> section?
> >
> > LieGrue,
> > strub
> >
> > --- On Sun, 6/12/11, Robert Burrell Donkin <ro...@gmail.com>
> wrote:
> >
> >> From: Robert Burrell Donkin <ro...@gmail.com>
> >> Subject: [REDUX] Java Service Wrappers (JSW)
> unfortunate license change
> >> To: "Maven Developers List" <de...@maven.apache.org>
> >> Date: Sunday, June 12, 2011, 3:26 PM
> >> (This is continuation of a thread
> >> from 2008[1]. It's now impacting the
> >> release of Apache James 3. If the topic is too far
> OT
> >> please shout ;-)
> >>
> >>
> >> The JSW artifacts in Maven Central [2] now seem to
> lack a
> >> public
> >> license (in other words, a unilateral license
> allowing the
> >> public to
> >> distribute and download the artifact)
> >>
> >> AFACT (please jump in if there's anything I've
> missed or
> >> misunderstood) to fix this particular problem the
> community
> >> needs to
> >> * Remove JSW runtime dependency from appassembler
> >> * Remove the artifact from maven central
> >> * Fork the source and release replacement
> artifacts with
> >> clean IP
> >> * Cut a new appassembler release
> >>
> >> My computer time is limited ATM so if any help
> would be
> >> really appreciated...
> >>
> >>
> >>
> >> In this brave new world of retroactive license
> changes,
> >> this is a good
> >> example of an important problem. The licenses
> issued by the
> >> original
> >> authority for an artifact may change over time,
> and the
> >> license which
> >> a downstream consumer of that artifact may rely
> upon may no
> >> longer be
> >> issued by the upstream authority for that
> artifact. This
> >> allows
> >> bait-and-switch tactics by upstream producers. To
> avoid
> >> potential
> >> issues in the future for downstream users and
> those
> >> operating Maven
> >> central, I think the Maven community needs to
> start
> >> thinking about
> >> this problem now.
> >>
> >>
> >> More specifically, reliable write-license
> meta-data in the
> >> repository
> >> could be used to verify at release time that the
> >> dependencies have
> >> licenses that satisfy some sort of policy. This is
> the sort
> >> of fits
> >> with Rat but Rat has stalled in the Incubator
> since
> >> there's no
> >> obvious way home after graduation. My recovery
> continues
> >> but my
> >> computer time is still limited. Suggestions,
> opinions,
> >> ideas and
> >> offers for help welcomed.
> >>
> >> (Out of time)
> >>
> >> Robert
> >>
> >> [1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html
> >> [2] http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22
> >>
> >>
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> >> For additional commands, e-mail: dev-help@maven.apache.org
> >>
> >>
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> > For additional commands, e-mail: dev-help@maven.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Benson Margulies <bi...@gmail.com>.
There's no such thing as a 'retroactive license change', though
perhaps the Tanuki-person has managed a sufficient approximation. Is
there?
Once upon a time, he/they released some version of JSW under a
friendly licence, and it pushed to central. The grant of that license
to that version is effectively irrevocable. Subsequent versions may
have different licenses, and the author might have removed the old
version -- though if it was really licensed with a permissive license
some other person could put it back.
On Sun, Jun 12, 2011 at 11:32 AM, Mark Struberg <st...@yahoo.de> wrote:
> just an idea: what about extending the maven-release-plugin to ask for a license if the pom doesn't contain a <license> section?
>
> LieGrue,
> strub
>
> --- On Sun, 6/12/11, Robert Burrell Donkin <ro...@gmail.com> wrote:
>
>> From: Robert Burrell Donkin <ro...@gmail.com>
>> Subject: [REDUX] Java Service Wrappers (JSW) unfortunate license change
>> To: "Maven Developers List" <de...@maven.apache.org>
>> Date: Sunday, June 12, 2011, 3:26 PM
>> (This is continuation of a thread
>> from 2008[1]. It's now impacting the
>> release of Apache James 3. If the topic is too far OT
>> please shout ;-)
>>
>>
>> The JSW artifacts in Maven Central [2] now seem to lack a
>> public
>> license (in other words, a unilateral license allowing the
>> public to
>> distribute and download the artifact)
>>
>> AFACT (please jump in if there's anything I've missed or
>> misunderstood) to fix this particular problem the community
>> needs to
>> * Remove JSW runtime dependency from appassembler
>> * Remove the artifact from maven central
>> * Fork the source and release replacement artifacts with
>> clean IP
>> * Cut a new appassembler release
>>
>> My computer time is limited ATM so if any help would be
>> really appreciated...
>>
>>
>>
>> In this brave new world of retroactive license changes,
>> this is a good
>> example of an important problem. The licenses issued by the
>> original
>> authority for an artifact may change over time, and the
>> license which
>> a downstream consumer of that artifact may rely upon may no
>> longer be
>> issued by the upstream authority for that artifact. This
>> allows
>> bait-and-switch tactics by upstream producers. To avoid
>> potential
>> issues in the future for downstream users and those
>> operating Maven
>> central, I think the Maven community needs to start
>> thinking about
>> this problem now.
>>
>>
>> More specifically, reliable write-license meta-data in the
>> repository
>> could be used to verify at release time that the
>> dependencies have
>> licenses that satisfy some sort of policy. This is the sort
>> of fits
>> with Rat but Rat has stalled in the Incubator since
>> there's no
>> obvious way home after graduation. My recovery continues
>> but my
>> computer time is still limited. Suggestions, opinions,
>> ideas and
>> offers for help welcomed.
>>
>> (Out of time)
>>
>> Robert
>>
>> [1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html
>> [2] http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
>> For additional commands, e-mail: dev-help@maven.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [REDUX] Java Service Wrappers (JSW) unfortunate license change
Posted by Mark Struberg <st...@yahoo.de>.
just an idea: what about extending the maven-release-plugin to ask for a license if the pom doesn't contain a <license> section?
LieGrue,
strub
--- On Sun, 6/12/11, Robert Burrell Donkin <ro...@gmail.com> wrote:
> From: Robert Burrell Donkin <ro...@gmail.com>
> Subject: [REDUX] Java Service Wrappers (JSW) unfortunate license change
> To: "Maven Developers List" <de...@maven.apache.org>
> Date: Sunday, June 12, 2011, 3:26 PM
> (This is continuation of a thread
> from 2008[1]. It's now impacting the
> release of Apache James 3. If the topic is too far OT
> please shout ;-)
>
>
> The JSW artifacts in Maven Central [2] now seem to lack a
> public
> license (in other words, a unilateral license allowing the
> public to
> distribute and download the artifact)
>
> AFACT (please jump in if there's anything I've missed or
> misunderstood) to fix this particular problem the community
> needs to
> * Remove JSW runtime dependency from appassembler
> * Remove the artifact from maven central
> * Fork the source and release replacement artifacts with
> clean IP
> * Cut a new appassembler release
>
> My computer time is limited ATM so if any help would be
> really appreciated...
>
>
>
> In this brave new world of retroactive license changes,
> this is a good
> example of an important problem. The licenses issued by the
> original
> authority for an artifact may change over time, and the
> license which
> a downstream consumer of that artifact may rely upon may no
> longer be
> issued by the upstream authority for that artifact. This
> allows
> bait-and-switch tactics by upstream producers. To avoid
> potential
> issues in the future for downstream users and those
> operating Maven
> central, I think the Maven community needs to start
> thinking about
> this problem now.
>
>
> More specifically, reliable write-license meta-data in the
> repository
> could be used to verify at release time that the
> dependencies have
> licenses that satisfy some sort of policy. This is the sort
> of fits
> with Rat but Rat has stalled in the Incubator since
> there's no
> obvious way home after graduation. My recovery continues
> but my
> computer time is still limited. Suggestions, opinions,
> ideas and
> offers for help welcomed.
>
> (Out of time)
>
> Robert
>
> [1] http://www.mail-archive.com/dev@maven.apache.org/msg74005.html
> [2] http://search.maven.org/#search|gav|1|g%3A%22tanukisoft%22%20AND%20a%3A%22wrapper-delta-pack%22
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org