Are NOTICE and LICENSE files ASF policy for public code?

[sebb <se...@gmail.com>]

As the subject says:

If the ASF puts code in a public repository, AIUI that means it is
published, even if it is not formally released (and may never be).

As such, are NOTICE and LICENSE files required by ASF policy?

Sebb

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

Re: Are NOTICE and LICENSE files ASF policy for public code?

[Christopher <ct...@apache.org>]

That's exactly the kind of interpretation that I was suggesting was a bad
idea to run with. If you treat everything written to a repository as
"fixed", then there is literally *no* transitory state whatsoever, on which
we can collaborate on development in public. I'm not a lawyer, and have no
idea what a court would define as "fixed". But I think it's practical and
reasonable, and conducive to open source collaboration, to treat unreleased
code in repositories as transitory. Whether or not a court would agree, I
have no idea. But, I don't think we should waste cycles on unrealistic
interpretations that hold us to an impossible standard of keeping every
commit in any repository 100% compliant with our policies and 100% free of
license bugs.

On Thu, Feb 17, 2022 at 1:46 PM Gary Gregory <ga...@gmail.com> wrote:

> Isn't an artifact or whole file tree "fixed" if it is in a git repository
> since it has a commit hash?
>
> Gary
>
> On Thu, Feb 17, 2022, 13:11 Christopher <ct...@apache.org> wrote:
>
>> It seems to me that the reason why the ASF distinguishes between
>> "released" code and unreleased code, isn't to distinguish between
>> "published" and "unpublished", because that distinction makes no
>> difference. It makes no difference because, as you point out, they are both
>> "published" in a sense, and perhaps more importantly, copyright protections
>> apply to unpublished works as well as published ones.
>>
>> Rather, it seems to me that the real reason to draw this distinction is
>> to differentiate between "fixed" works and works in a transitory state, as
>> U.S. copyright law at least, requires works to be "fixed" to a medium for
>> more than a mere transitory state in order to be subject to copyright
>> protections. Because of the asynchronous nature of open source software
>> development, the concept of a "release" seems like a useful way to
>> distinguish between "fixed" works and transitory ones, within our domain,
>> since our transitory periods can be somewhat longer in order to collaborate
>> on development.
>>
>> So, thinking about things in terms of "transitory" and "fixed" as the
>> relevant legal principal at play, it seems reasonable to take a "best
>> effort" approach to our works in a development state, and be more strict in
>> our policies for released works. And, as far as I can tell, that *is* the
>> approach the ASF already generally takes for its policies. I think picking
>> apart whether or not we need strict policies around LICENSE/NOTICE files
>> for unreleased stuff, simply because it's publicly accessible in our
>> repositories, risks leading to an unhealthy obsession with legalistic (in
>> the excessive conformity sense,
>> https://www.merriam-webster.com/dictionary/legalism) minutia that halts
>> progress, rather than enables collaboration and progress.
>>
>> What's wrong with strict policies around releases, and flexible "best
>> effort" approach for unreleased stuff? Do we really need anything more
>> strict than that for unreleased stuff?
>>
>> Note: I'm not a lawyer, and this is all my personal perspective, which
>> could be entirely wrong in every way. :)
>>
>> On Thu, Feb 17, 2022 at 11:26 AM sebb <se...@gmail.com> wrote:
>>
>>> Also found:
>>>
>>> https://issues.apache.org/jira/browse/LEGAL-26
>>>
>>> and this, which is possibly what I was remembering:
>>>
>>> https://lists.apache.org/thread/57z9wct9nvrn9dzhkh0qnskfz9rfdjp5
>>>
>>> On Thu, 17 Feb 2022 at 15:59, sebb <se...@gmail.com> wrote:
>>> >
>>> > On Thu, 17 Feb 2022 at 13:27, Roman Shaposhnik <ro...@shaposhnik.org>
>>> wrote:
>>> > >
>>> > > On Thu, Feb 17, 2022 at 1:49 PM sebb <se...@gmail.com> wrote:
>>> > >>
>>> > >> On Thu, 17 Feb 2022 at 11:34, Roman Shaposhnik <
>>> roman@shaposhnik.org> wrote:
>>> > >> >
>>> > >> > On Thu, Feb 17, 2022 at 12:46 AM sebb <se...@gmail.com> wrote:
>>> > >> >>
>>> > >> >> As the subject says:
>>> > >> >>
>>> > >> >> If the ASF puts code in a public repository, AIUI that means it
>>> is
>>> > >> >> published, even if it is not formally released (and may never
>>> be).
>>> > >> >
>>> > >> >
>>> > >> > No. We've discussed it in the past and the answer always comes
>>> back to: the legal policy ONLY applies to officially released (AKA PMC
>>> approved) code.
>>> > >>
>>> > >> There have been dissenting opinions regarding the scope of the
>>> policy,
>>> > >> for example: [1]
>>> > >
>>> > >
>>> > > Sure. But I see no reason to re-open the discussion (since I don't
>>> think anything has materially changed).
>>> >
>>> > I think it has, bsed on [1]
>>> >
>>> > >>
>>> > >> And I'm pretty sure that Roy once said that code repos need N & L
>>> > >> files. (it will take some digging to find the email ...).
>>> > >
>>> > >
>>> > > I don't remember that.
>>> > >
>>> > >>
>>> > >> It would be helpful to have the policy formally clarified.
>>> > >
>>> > >
>>> > > What part of the *release* policy is unclear?
>>> > >
>>> > > For the rest -- I don't think we should be in the business of
>>> proving the negative so to speak -- our understanding of what release is
>>> needs to be clearly defined, but we shouldn't really burn any energy trying
>>> to talk about things that are NOT a release.
>>> > >
>>> > >>
>>> > >> > Now, the mechanism for publishing that artifact could vary, but
>>> unless PMC approved to publish something -- it ain't released.
>>> > >> >
>>> > >> >> As such, are NOTICE and LICENSE files required by ASF policy?
>>> > >> >
>>> > >> >
>>> > >> > No.
>>> > >>
>>> > >> But license headers are, according to [1]
>>> > >>
>>> > >> > Thanks,
>>> > >> > Roman.
>>> > >>
>>> > >> [1]
>>> > >
>>> > >
>>> > > Seems that the link didn't survive.
>>> >
>>> > (Or I forgot it)
>>> >
>>> > Please see here:
>>> >
>>> > https://lists.apache.org/thread/j6bxkmz2qnb95tf78cfxks2nyspygyz9
>>> >
>>> > > Thanks,
>>> > > Roman.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>> For additional commands, e-mail: legal-discuss-help@apache.org
>>>
>>>

Re: Are NOTICE and LICENSE files ASF policy for public code?

[Gary Gregory <ga...@gmail.com>]

Isn't an artifact or whole file tree "fixed" if it is in a git repository
since it has a commit hash?

Gary

On Thu, Feb 17, 2022, 13:11 Christopher <ct...@apache.org> wrote:

> It seems to me that the reason why the ASF distinguishes between
> "released" code and unreleased code, isn't to distinguish between
> "published" and "unpublished", because that distinction makes no
> difference. It makes no difference because, as you point out, they are both
> "published" in a sense, and perhaps more importantly, copyright protections
> apply to unpublished works as well as published ones.
>
> Rather, it seems to me that the real reason to draw this distinction is to
> differentiate between "fixed" works and works in a transitory state, as
> U.S. copyright law at least, requires works to be "fixed" to a medium for
> more than a mere transitory state in order to be subject to copyright
> protections. Because of the asynchronous nature of open source software
> development, the concept of a "release" seems like a useful way to
> distinguish between "fixed" works and transitory ones, within our domain,
> since our transitory periods can be somewhat longer in order to collaborate
> on development.
>
> So, thinking about things in terms of "transitory" and "fixed" as the
> relevant legal principal at play, it seems reasonable to take a "best
> effort" approach to our works in a development state, and be more strict in
> our policies for released works. And, as far as I can tell, that *is* the
> approach the ASF already generally takes for its policies. I think picking
> apart whether or not we need strict policies around LICENSE/NOTICE files
> for unreleased stuff, simply because it's publicly accessible in our
> repositories, risks leading to an unhealthy obsession with legalistic (in
> the excessive conformity sense,
> https://www.merriam-webster.com/dictionary/legalism) minutia that halts
> progress, rather than enables collaboration and progress.
>
> What's wrong with strict policies around releases, and flexible "best
> effort" approach for unreleased stuff? Do we really need anything more
> strict than that for unreleased stuff?
>
> Note: I'm not a lawyer, and this is all my personal perspective, which
> could be entirely wrong in every way. :)
>
> On Thu, Feb 17, 2022 at 11:26 AM sebb <se...@gmail.com> wrote:
>
>> Also found:
>>
>> https://issues.apache.org/jira/browse/LEGAL-26
>>
>> and this, which is possibly what I was remembering:
>>
>> https://lists.apache.org/thread/57z9wct9nvrn9dzhkh0qnskfz9rfdjp5
>>
>> On Thu, 17 Feb 2022 at 15:59, sebb <se...@gmail.com> wrote:
>> >
>> > On Thu, 17 Feb 2022 at 13:27, Roman Shaposhnik <ro...@shaposhnik.org>
>> wrote:
>> > >
>> > > On Thu, Feb 17, 2022 at 1:49 PM sebb <se...@gmail.com> wrote:
>> > >>
>> > >> On Thu, 17 Feb 2022 at 11:34, Roman Shaposhnik <ro...@shaposhnik.org>
>> wrote:
>> > >> >
>> > >> > On Thu, Feb 17, 2022 at 12:46 AM sebb <se...@gmail.com> wrote:
>> > >> >>
>> > >> >> As the subject says:
>> > >> >>
>> > >> >> If the ASF puts code in a public repository, AIUI that means it is
>> > >> >> published, even if it is not formally released (and may never be).
>> > >> >
>> > >> >
>> > >> > No. We've discussed it in the past and the answer always comes
>> back to: the legal policy ONLY applies to officially released (AKA PMC
>> approved) code.
>> > >>
>> > >> There have been dissenting opinions regarding the scope of the
>> policy,
>> > >> for example: [1]
>> > >
>> > >
>> > > Sure. But I see no reason to re-open the discussion (since I don't
>> think anything has materially changed).
>> >
>> > I think it has, bsed on [1]
>> >
>> > >>
>> > >> And I'm pretty sure that Roy once said that code repos need N & L
>> > >> files. (it will take some digging to find the email ...).
>> > >
>> > >
>> > > I don't remember that.
>> > >
>> > >>
>> > >> It would be helpful to have the policy formally clarified.
>> > >
>> > >
>> > > What part of the *release* policy is unclear?
>> > >
>> > > For the rest -- I don't think we should be in the business of proving
>> the negative so to speak -- our understanding of what release is needs to
>> be clearly defined, but we shouldn't really burn any energy trying to talk
>> about things that are NOT a release.
>> > >
>> > >>
>> > >> > Now, the mechanism for publishing that artifact could vary, but
>> unless PMC approved to publish something -- it ain't released.
>> > >> >
>> > >> >> As such, are NOTICE and LICENSE files required by ASF policy?
>> > >> >
>> > >> >
>> > >> > No.
>> > >>
>> > >> But license headers are, according to [1]
>> > >>
>> > >> > Thanks,
>> > >> > Roman.
>> > >>
>> > >> [1]
>> > >
>> > >
>> > > Seems that the link didn't survive.
>> >
>> > (Or I forgot it)
>> >
>> > Please see here:
>> >
>> > https://lists.apache.org/thread/j6bxkmz2qnb95tf78cfxks2nyspygyz9
>> >
>> > > Thanks,
>> > > Roman.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>>

Re: Are NOTICE and LICENSE files ASF policy for public code?

["Roy T. Fielding" <fi...@gbiv.com>]

> On Feb 17, 2022, at 10:11 AM, Christopher <ct...@apache.org> wrote:
> 
> It seems to me that the reason why the ASF distinguishes between "released" code and unreleased code, isn't to distinguish between "published" and "unpublished", because that distinction makes no difference. It makes no difference because, as you point out, they are both "published" in a sense, and perhaps more importantly, copyright protections apply to unpublished works as well as published ones.
> 
> Rather, it seems to me that the real reason to draw this distinction is to differentiate between "fixed" works and works in a transitory state, as U.S. copyright law at least, requires works to be "fixed" to a medium for more than a mere transitory state in order to be subject to copyright protections. Because of the asynchronous nature of open source software development, the concept of a "release" seems like a useful way to distinguish between "fixed" works and transitory ones, within our domain, since our transitory periods can be somewhat longer in order to collaborate on development.

Not really, no. That is just trying to distinguish expressions from ideas.

We have a release policy to create a distinction between our work in progress and
a release to the public, since our work is already published. It's a process distinction.
The reason it matters is because the intended audience matters to copyright
infringement and due diligence (or lack thereof), as do penalties (in theory).
And because it is a good idea regardless of law.

Regarding the original question, an external entity might require LICENSE and/or
NOTICE files be present anywhere that their owned copyright applies, since
that is their condition of publication. When that is true, we must comply, and
it doesn't matter whether such a file is on a website, svn, or github, nor does
it matter whether it is a place controlled by a PMC or Infra. What matters is
that we don't control the copyright and thus must adhere to their terms.

But that requirement is separate from our release policies. If we are talking
about files where "we" own the copyright, "we" are not going to sue ourselves
for infringement, and thus can do anything we like (within some scope of "we").
We generally choose to follow the terms of our own license because we
want people who download our stuff to comply with our licensed work
by default. But that's not a policy -- it's just common sense.

....Roy


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

Re: Are NOTICE and LICENSE files ASF policy for public code?

[Christopher <ct...@apache.org>]

It seems to me that the reason why the ASF distinguishes between "released"
code and unreleased code, isn't to distinguish between "published" and
"unpublished", because that distinction makes no difference. It makes no
difference because, as you point out, they are both "published" in a sense,
and perhaps more importantly, copyright protections apply to unpublished
works as well as published ones.

Rather, it seems to me that the real reason to draw this distinction is to
differentiate between "fixed" works and works in a transitory state, as
U.S. copyright law at least, requires works to be "fixed" to a medium for
more than a mere transitory state in order to be subject to copyright
protections. Because of the asynchronous nature of open source software
development, the concept of a "release" seems like a useful way to
distinguish between "fixed" works and transitory ones, within our domain,
since our transitory periods can be somewhat longer in order to collaborate
on development.

So, thinking about things in terms of "transitory" and "fixed" as the
relevant legal principal at play, it seems reasonable to take a "best
effort" approach to our works in a development state, and be more strict in
our policies for released works. And, as far as I can tell, that *is* the
approach the ASF already generally takes for its policies. I think picking
apart whether or not we need strict policies around LICENSE/NOTICE files
for unreleased stuff, simply because it's publicly accessible in our
repositories, risks leading to an unhealthy obsession with legalistic (in
the excessive conformity sense,
https://www.merriam-webster.com/dictionary/legalism) minutia that halts
progress, rather than enables collaboration and progress.

What's wrong with strict policies around releases, and flexible "best
effort" approach for unreleased stuff? Do we really need anything more
strict than that for unreleased stuff?

Note: I'm not a lawyer, and this is all my personal perspective, which
could be entirely wrong in every way. :)

On Thu, Feb 17, 2022 at 11:26 AM sebb <se...@gmail.com> wrote:

> Also found:
>
> https://issues.apache.org/jira/browse/LEGAL-26
>
> and this, which is possibly what I was remembering:
>
> https://lists.apache.org/thread/57z9wct9nvrn9dzhkh0qnskfz9rfdjp5
>
> On Thu, 17 Feb 2022 at 15:59, sebb <se...@gmail.com> wrote:
> >
> > On Thu, 17 Feb 2022 at 13:27, Roman Shaposhnik <ro...@shaposhnik.org>
> wrote:
> > >
> > > On Thu, Feb 17, 2022 at 1:49 PM sebb <se...@gmail.com> wrote:
> > >>
> > >> On Thu, 17 Feb 2022 at 11:34, Roman Shaposhnik <ro...@shaposhnik.org>
> wrote:
> > >> >
> > >> > On Thu, Feb 17, 2022 at 12:46 AM sebb <se...@gmail.com> wrote:
> > >> >>
> > >> >> As the subject says:
> > >> >>
> > >> >> If the ASF puts code in a public repository, AIUI that means it is
> > >> >> published, even if it is not formally released (and may never be).
> > >> >
> > >> >
> > >> > No. We've discussed it in the past and the answer always comes back
> to: the legal policy ONLY applies to officially released (AKA PMC approved)
> code.
> > >>
> > >> There have been dissenting opinions regarding the scope of the policy,
> > >> for example: [1]
> > >
> > >
> > > Sure. But I see no reason to re-open the discussion (since I don't
> think anything has materially changed).
> >
> > I think it has, bsed on [1]
> >
> > >>
> > >> And I'm pretty sure that Roy once said that code repos need N & L
> > >> files. (it will take some digging to find the email ...).
> > >
> > >
> > > I don't remember that.
> > >
> > >>
> > >> It would be helpful to have the policy formally clarified.
> > >
> > >
> > > What part of the *release* policy is unclear?
> > >
> > > For the rest -- I don't think we should be in the business of proving
> the negative so to speak -- our understanding of what release is needs to
> be clearly defined, but we shouldn't really burn any energy trying to talk
> about things that are NOT a release.
> > >
> > >>
> > >> > Now, the mechanism for publishing that artifact could vary, but
> unless PMC approved to publish something -- it ain't released.
> > >> >
> > >> >> As such, are NOTICE and LICENSE files required by ASF policy?
> > >> >
> > >> >
> > >> > No.
> > >>
> > >> But license headers are, according to [1]
> > >>
> > >> > Thanks,
> > >> > Roman.
> > >>
> > >> [1]
> > >
> > >
> > > Seems that the link didn't survive.
> >
> > (Or I forgot it)
> >
> > Please see here:
> >
> > https://lists.apache.org/thread/j6bxkmz2qnb95tf78cfxks2nyspygyz9
> >
> > > Thanks,
> > > Roman.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>

Re: Are NOTICE and LICENSE files ASF policy for public code?

[sebb <se...@gmail.com>]

Also found:

https://issues.apache.org/jira/browse/LEGAL-26

and this, which is possibly what I was remembering:

https://lists.apache.org/thread/57z9wct9nvrn9dzhkh0qnskfz9rfdjp5

On Thu, 17 Feb 2022 at 15:59, sebb <se...@gmail.com> wrote:
>
> On Thu, 17 Feb 2022 at 13:27, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
> >
> > On Thu, Feb 17, 2022 at 1:49 PM sebb <se...@gmail.com> wrote:
> >>
> >> On Thu, 17 Feb 2022 at 11:34, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
> >> >
> >> > On Thu, Feb 17, 2022 at 12:46 AM sebb <se...@gmail.com> wrote:
> >> >>
> >> >> As the subject says:
> >> >>
> >> >> If the ASF puts code in a public repository, AIUI that means it is
> >> >> published, even if it is not formally released (and may never be).
> >> >
> >> >
> >> > No. We've discussed it in the past and the answer always comes back to: the legal policy ONLY applies to officially released (AKA PMC approved) code.
> >>
> >> There have been dissenting opinions regarding the scope of the policy,
> >> for example: [1]
> >
> >
> > Sure. But I see no reason to re-open the discussion (since I don't think anything has materially changed).
>
> I think it has, bsed on [1]
>
> >>
> >> And I'm pretty sure that Roy once said that code repos need N & L
> >> files. (it will take some digging to find the email ...).
> >
> >
> > I don't remember that.
> >
> >>
> >> It would be helpful to have the policy formally clarified.
> >
> >
> > What part of the *release* policy is unclear?
> >
> > For the rest -- I don't think we should be in the business of proving the negative so to speak -- our understanding of what release is needs to be clearly defined, but we shouldn't really burn any energy trying to talk about things that are NOT a release.
> >
> >>
> >> > Now, the mechanism for publishing that artifact could vary, but unless PMC approved to publish something -- it ain't released.
> >> >
> >> >> As such, are NOTICE and LICENSE files required by ASF policy?
> >> >
> >> >
> >> > No.
> >>
> >> But license headers are, according to [1]
> >>
> >> > Thanks,
> >> > Roman.
> >>
> >> [1]
> >
> >
> > Seems that the link didn't survive.
>
> (Or I forgot it)
>
> Please see here:
>
> https://lists.apache.org/thread/j6bxkmz2qnb95tf78cfxks2nyspygyz9
>
> > Thanks,
> > Roman.

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

Re: Are NOTICE and LICENSE files ASF policy for public code?

[sebb <se...@gmail.com>]

On Thu, 17 Feb 2022 at 13:27, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
>
> On Thu, Feb 17, 2022 at 1:49 PM sebb <se...@gmail.com> wrote:
>>
>> On Thu, 17 Feb 2022 at 11:34, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
>> >
>> > On Thu, Feb 17, 2022 at 12:46 AM sebb <se...@gmail.com> wrote:
>> >>
>> >> As the subject says:
>> >>
>> >> If the ASF puts code in a public repository, AIUI that means it is
>> >> published, even if it is not formally released (and may never be).
>> >
>> >
>> > No. We've discussed it in the past and the answer always comes back to: the legal policy ONLY applies to officially released (AKA PMC approved) code.
>>
>> There have been dissenting opinions regarding the scope of the policy,
>> for example: [1]
>
>
> Sure. But I see no reason to re-open the discussion (since I don't think anything has materially changed).

I think it has, bsed on [1]

>>
>> And I'm pretty sure that Roy once said that code repos need N & L
>> files. (it will take some digging to find the email ...).
>
>
> I don't remember that.
>
>>
>> It would be helpful to have the policy formally clarified.
>
>
> What part of the *release* policy is unclear?
>
> For the rest -- I don't think we should be in the business of proving the negative so to speak -- our understanding of what release is needs to be clearly defined, but we shouldn't really burn any energy trying to talk about things that are NOT a release.
>
>>
>> > Now, the mechanism for publishing that artifact could vary, but unless PMC approved to publish something -- it ain't released.
>> >
>> >> As such, are NOTICE and LICENSE files required by ASF policy?
>> >
>> >
>> > No.
>>
>> But license headers are, according to [1]
>>
>> > Thanks,
>> > Roman.
>>
>> [1]
>
>
> Seems that the link didn't survive.

(Or I forgot it)

Please see here:

https://lists.apache.org/thread/j6bxkmz2qnb95tf78cfxks2nyspygyz9

> Thanks,
> Roman.

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

Re: Are NOTICE and LICENSE files ASF policy for public code?

[Roman Shaposhnik <ro...@shaposhnik.org>]

On Thu, Feb 17, 2022 at 1:49 PM sebb <se...@gmail.com> wrote:

> On Thu, 17 Feb 2022 at 11:34, Roman Shaposhnik <ro...@shaposhnik.org>
> wrote:
> >
> > On Thu, Feb 17, 2022 at 12:46 AM sebb <se...@gmail.com> wrote:
> >>
> >> As the subject says:
> >>
> >> If the ASF puts code in a public repository, AIUI that means it is
> >> published, even if it is not formally released (and may never be).
> >
> >
> > No. We've discussed it in the past and the answer always comes back to:
> the legal policy ONLY applies to officially released (AKA PMC approved)
> code.
>
> There have been dissenting opinions regarding the scope of the policy,
> for example: [1]
>

Sure. But I see no reason to re-open the discussion (since I don't think
anything has materially changed).


> And I'm pretty sure that Roy once said that code repos need N & L
> files. (it will take some digging to find the email ...).
>

I don't remember that.


> It would be helpful to have the policy formally clarified.
>

What part of the *release* policy is unclear?

For the rest -- I don't think we should be in the business of proving the
negative so to speak -- our understanding of what release is needs to be
clearly defined, but we shouldn't really burn any energy trying to talk
about things that are NOT a release.


> > Now, the mechanism for publishing that artifact could vary, but unless
> PMC approved to publish something -- it ain't released.
> >
> >> As such, are NOTICE and LICENSE files required by ASF policy?
> >
> >
> > No.
>
> But license headers are, according to [1]
>
> > Thanks,
> > Roman.
>
> [1]
>

Seems that the link didn't survive.

Thanks,
Roman.

Re: Are NOTICE and LICENSE files ASF policy for public code?

[sebb <se...@gmail.com>]

On Thu, 17 Feb 2022 at 11:34, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
>
> On Thu, Feb 17, 2022 at 12:46 AM sebb <se...@gmail.com> wrote:
>>
>> As the subject says:
>>
>> If the ASF puts code in a public repository, AIUI that means it is
>> published, even if it is not formally released (and may never be).
>
>
> No. We've discussed it in the past and the answer always comes back to: the legal policy ONLY applies to officially released (AKA PMC approved) code.

There have been dissenting opinions regarding the scope of the policy,
for example: [1]
And I'm pretty sure that Roy once said that code repos need N & L
files. (it will take some digging to find the email ...).

It would be helpful to have the policy formally clarified.

> Now, the mechanism for publishing that artifact could vary, but unless PMC approved to publish something -- it ain't released.
>
>> As such, are NOTICE and LICENSE files required by ASF policy?
>
>
> No.

But license headers are, according to [1]

> Thanks,
> Roman.

[1]

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

Re: Are NOTICE and LICENSE files ASF policy for public code?

[Roman Shaposhnik <ro...@shaposhnik.org>]

On Thu, Feb 17, 2022 at 12:46 AM sebb <se...@gmail.com> wrote:

> As the subject says:
>
> If the ASF puts code in a public repository, AIUI that means it is
> published, even if it is not formally released (and may never be).
>

No. We've discussed it in the past and the answer always comes back to: the
legal policy ONLY applies to officially released (AKA PMC approved) code.

Now, the mechanism for publishing that artifact could vary, but unless PMC
approved to publish something -- it ain't released.

As such, are NOTICE and LICENSE files required by ASF policy?
>

No.

Thanks,
Roman.

Re: Are NOTICE and LICENSE files ASF policy for public code?

[David Jencks <da...@gmail.com>]

I think your premise is questionable.  

When you generate modern javadoc, the results include an Oracle javascript file with a GPL3 or similar license.  Some time ago I asked if it was acceptable to include this file in ASF project websites and the conclusion was that since the code was not part of a release, it was acceptable.  Obviously we can’t subject this file to our license, but the source for our websites is definitely in public repositories.

David Jencks

> On Feb 16, 2022, at 3:46 PM, sebb <se...@gmail.com> wrote:
> 
> As the subject says:
> 
> If the ASF puts code in a public repository, AIUI that means it is
> published, even if it is not formally released (and may never be).
> 
> As such, are NOTICE and LICENSE files required by ASF policy?
> 
> Sebb
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org