You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@jakarta.apache.org by "Geir Magnusson Jr." <ge...@optonline.net> on 2003/12/23 12:49:09 UTC
Indemnification of the PMC
Here is the clearest description I've found. It's by Roy Fielding, ex
chair and board member of the ASF, and from all appearances, extremely
knowledgeable in these matters. It was posted here :
http://nagoya.apache.org/eyebrowse/ReadMsg?
listName=general@incubator.apache.org&msgNo=2642
"Indemnification is a promise by the corporation to pay the legal
expenses of an *individual* if that *individual* becomes subject
to criminal or civil proceedings as a result of their actions
under a role identified by the corporation, as long as such person
acted in good faith and in a manner that such person reasonably
believed to be in, or not be opposed to, the best interests of the
corporation. In other words, a member is only indemnified for
their actions as a member (not much). A director or officer is
only indemnified for their actions as a director or within the
scope of their mandate as an officer. A PMC member is indemnified
under the category of "who is or was serving at the request of
the corporation as an officer or director of another corporation,
partnership, joint venture, trust or other enterprise" and only
to the extent of that enterprise (the project). A committer
who is not a PMC member is not authorized by the corporation to
make decisions, and hence cannot act on behalf of the corporation,
and thus is not indemnified by the corporation for those actions
regardless of their status as a member, director, or officer.
Likewise, we should all realize and understand that the ASF's
ability to indemnify an individual is strictly limited to the
assets held by the ASF. Beyond that, we are on our own as far
as personal liability.
It is a far better defense that an outside entity cannot
successfully sue an individual for damages due to a decision
made by a PMC, so it is in everyone's best interests that all
of the people voting on an issue be officially named as members
of the PMC (or whatever entity is so defined by the bylaws)."
So in summary, a PMC member is indemnified for activities done on
behalf of the corporation. I think that this would be limited to the
official activities of the PMC - things done on behalf of the board for
the ASF, such as oversight and releases - and not general day-to-day
committer activities, such as technical discussion and personal code
commits. Of course, that will probably need to be clarified too.
However, the key thing to remember is that the indemnification is only
up to the limit of the ASFs resources, which isn't much. So try to
keep the litigation to a minimum :)
geir
--
Geir Magnusson Jr 203-247-1713(m)
geir@4quarters.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: [License] for jars in CVS
Posted by Phil Steitz <ph...@steitz.com>.
Harish Krishnaswamy wrote:
> I am with Erik on "no JARs in CVS". Unless it is a legal issue, I would
> certainly like to distribute all JARs with the distribution. It saves a
> lot of hassle and keeps uncessary traffic out of the user-list.
At the expense of lots of wasted bandwidth and disk space. I agree with
Robert. Think about how many copies of commons-collections.jar we would
have in CVS (and on our local drives) if all projects stored all of their
dependent jars in CVS. You can bundle dependent jars in the distributions
without storing them in CVS. See the tomcat and struts distros and builds.
I understand Erik's point about wanting to version the dependencies, but I
don't think that storing dependent jars in CVS is a good general policy
for Jakarta projects. As noted elsewhere on this thread, there are also
legal issues to consider for non-Apache jars.
Phil
>
> -Harish
>
> Erik Hatcher wrote:
>
>> In jakarta-tapestry/lib/ext lives all of the licenses of the embedded
>> 3rd party libraries. In that directory is a LICENSE.ognl.txt which
>> contains the full license. I believe this is all that is needed to
>> satisfy the license to redistribute the binary version. I can assure
>> that you we will never ever have a problem with OGNL (Drew is a good
>> friend of mine, and having the high profile use of OGNL in Tapestry
>> and other projects like WebWork2 is great advertising for him and
>> his genius).
>>
>> As for the larger issue of "no JARs in CVS" - I disagree. I'm
>> pragmatic and also like to have everything in CVS needed to build a
>> distribution (even Ant itself for my employers projects). It saves a
>> lot of hassle to version all source code and dependencies together.
>> Yes, we could make the Maven repository argument, but I personally
>> prefer the complete offline usability of a CVS snapshot. When
>> Tapestry came to Jakarta, it's dependencies were vetted extensively
>> and several were removed from CVS - so it is still a PITA to build
>> Tapestry from CVS (and according to Howard, his attempts to Mavenize
>> the build have been unsuccessful to date).
>>
>> Erik
>>
>>
>> On Dec 24, 2003, at 3:47 AM, Henri Yandell wrote:
>>
>>>
>>> As I just happened to notice this on Incubator [AltRMI in fact]:
>>>
>>> "Is all source code distributed by the project covered by one or
>>> more of
>>> the following approved licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C,
>>> MPL 1.1, or something with essentially the same terms?"
>>>
>>> The below is, to my quick glance, a BSD licence, so approved. I'm
>>> with you
>>> on the no jars in CVS, but each to community to their own. Whether
>>> Tapestry is properly fulfilling the licence by listing their use of
>>> ognl
>>> in their documentation would be something to check on.
>>>
>>> Hen
>>>
>>> On Wed, 24 Dec 2003, Robert Leland wrote:
>>>
>>>> Can we really store non Apache licensed jars in the CVS ?
>>>>
>>>> My personal preference is to store no jars in CVS
>>>>
>>>> For Example I noticed ognl stored in Tapestry CVS :
>>>>
>>>> /
>>>> /---------------------------------------------------------------------
>>>> -----
>>>> // Copyright (c) 2002, Drew Davidson and Luke Blanshard
>>>> // All rights reserved.
>>>> //
>>>> // Redistribution and use in source and binary forms, with or
>>>> without
>>>> // modification, are permitted provided that the following
>>>> conditions are
>>>> // met:
>>>> //
>>>> // Redistributions of source code must retain the above
>>>> copyright notice,
>>>> // this list of conditions and the following disclaimer.
>>>> // Redistributions in binary form must reproduce the above
>>>> copyright
>>>> // notice, this list of conditions and the following disclaimer in
>>>> the
>>>> // documentation and/or other materials provided with the
>>>> distribution.
>>>> // Neither the name of the Drew Davidson nor the names of its
>>>> contributors
>>>> // may be used to endorse or promote products derived from this
>>>> software
>>>> // without specific prior written permission.
>>>> //
>>>> // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
>>>> CONTRIBUTORS
>>>> // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
>>>> // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
>>>> // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
>>>> // COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
>>>> INDIRECT,
>>>> // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
>>>> (INCLUDING,
>>>> // BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
>>>> SERVICES; LOSS
>>>> // OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
>>>> // AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
>>>> LIABILITY,
>>>> // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
>>>> OUT OF
>>>> // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>>>> SUCH
>>>> // DAMAGE.
>>>> //--------------------------------------------------------
>>>>
>>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: [License] for jars in CVS
Posted by Erik Hatcher <er...@ehatchersolutions.com>.
On Dec 24, 2003, at 5:47 PM, Danny Angus wrote:
> In the case of most of the licences we'd be likely to consider in this
> context it is usually perfectly OK to distribute Jars in a
> distribution because that gives you the opportunity to comply with
> licence conditions regarding distribution of their licence and other
> materials.
>
> The problem boils down to the fact that some licences, and I know that
> JavaMail and Activation are cases of this, do allow re-distribution as
> part of a complete product, but don't allow re-distribution in any
> other case. Similarly OS licences require that a copy of the licence
> be distributed along with the binary, and simply placing both in cvs
> doesn't compel anyone to download or read the licence.
Understood. Perhaps a nice compromise is to allow projects to keep a
.zip of the dependency JAR's in CVS which includes the license files,
so there is no way to download just the JAR's themselves directly. It
would be a simple Ant target to have this unzipped locally and used
from then on out.
> As far as OGNL is concerned, from my lurking on the Tapestry lists I'd
> say that it is pretty clear that there is a close association between
> the projects, and if you want to continue to have OGNL in cvs I'd get
> Drew to send a mail to the Tapestry dev list, or the PMC confirming
> that they are happy for this to happen.
I have e-mailed Drew to request he send an "all is well" message. I
have yet to hear back from him, but we have a couple of reasons to rest
easy on this one: Drew is a good friend of mine, so would not stir up
any trouble related to this, and he gets great publicity from having
OGNL embedded in Tapestry and other places.
> FWIW on a previous occasion that this subject came up I got a similar
> assurance from Mark Mathews regarding the mm.mysql jdbc drivers, he
> was quite happy with the way we were doing things and this seemed to
> be acceptable. Leastways no-one here complained.
Again, I don't think we have any worries about OGNL. But your point is
well taken with respect to other JAR's which disallow direct
redistribution. Would the .zip solution be acceptable in these cases?
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: [License] for jars in CVS
Posted by Harish Krishnaswamy <hk...@comcast.net>.
I see what you are saying, but why is this an issue only with OGNL? Is it because of license
incompatibilities? 'Cause there are other jars in CVS both Apache and non-Apache.
-Harish
Danny Angus wrote:
>>I am with Erik on "no JARs in CVS". Unless it is a legal issue, I
>>would certainly like to distribute
>>all JARs with the distribution.
>
>
> In the case of most of the licences we'd be likely to consider in this context it is usually perfectly OK to distribute Jars in a distribution because that gives you the opportunity to comply with licence conditions regarding distribution of their licence and other materials.
>
> The problem boils down to the fact that some licences, and I know that JavaMail and Activation are cases of this, do allow re-distribution as part of a complete product, but don't allow re-distribution in any other case. Similarly OS licences require that a copy of the licence be distributed along with the binary, and simply placing both in cvs doesn't compel anyone to download or read the licence.
>
> As far as OGNL is concerned, from my lurking on the Tapestry lists I'd say that it is pretty clear that there is a close association between the projects, and if you want to continue to have OGNL in cvs I'd get Drew to send a mail to the Tapestry dev list, or the PMC confirming that they are happy for this to happen.
>
> FWIW on a previous occasion that this subject came up I got a similar assurance from Mark Mathews regarding the mm.mysql jdbc drivers, he was quite happy with the way we were doing things and this seemed to be acceptable. Leastways no-one here complained.
>
> d.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
RE: [License] for jars in CVS
Posted by Danny Angus <da...@apache.org>.
> I am with Erik on "no JARs in CVS". Unless it is a legal issue, I
> would certainly like to distribute
> all JARs with the distribution.
In the case of most of the licences we'd be likely to consider in this context it is usually perfectly OK to distribute Jars in a distribution because that gives you the opportunity to comply with licence conditions regarding distribution of their licence and other materials.
The problem boils down to the fact that some licences, and I know that JavaMail and Activation are cases of this, do allow re-distribution as part of a complete product, but don't allow re-distribution in any other case. Similarly OS licences require that a copy of the licence be distributed along with the binary, and simply placing both in cvs doesn't compel anyone to download or read the licence.
As far as OGNL is concerned, from my lurking on the Tapestry lists I'd say that it is pretty clear that there is a close association between the projects, and if you want to continue to have OGNL in cvs I'd get Drew to send a mail to the Tapestry dev list, or the PMC confirming that they are happy for this to happen.
FWIW on a previous occasion that this subject came up I got a similar assurance from Mark Mathews regarding the mm.mysql jdbc drivers, he was quite happy with the way we were doing things and this seemed to be acceptable. Leastways no-one here complained.
d.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: [License] for jars in CVS
Posted by Harish Krishnaswamy <hk...@comcast.net>.
I am with Erik on "no JARs in CVS". Unless it is a legal issue, I would certainly like to distribute
all JARs with the distribution. It saves a lot of hassle and keeps uncessary traffic out of the
user-list.
-Harish
Erik Hatcher wrote:
> In jakarta-tapestry/lib/ext lives all of the licenses of the embedded
> 3rd party libraries. In that directory is a LICENSE.ognl.txt which
> contains the full license. I believe this is all that is needed to
> satisfy the license to redistribute the binary version. I can assure
> that you we will never ever have a problem with OGNL (Drew is a good
> friend of mine, and having the high profile use of OGNL in Tapestry and
> other projects like WebWork2 is great advertising for him and his genius).
>
> As for the larger issue of "no JARs in CVS" - I disagree. I'm
> pragmatic and also like to have everything in CVS needed to build a
> distribution (even Ant itself for my employers projects). It saves a
> lot of hassle to version all source code and dependencies together.
> Yes, we could make the Maven repository argument, but I personally
> prefer the complete offline usability of a CVS snapshot. When Tapestry
> came to Jakarta, it's dependencies were vetted extensively and several
> were removed from CVS - so it is still a PITA to build Tapestry from
> CVS (and according to Howard, his attempts to Mavenize the build have
> been unsuccessful to date).
>
> Erik
>
>
> On Dec 24, 2003, at 3:47 AM, Henri Yandell wrote:
>
>>
>> As I just happened to notice this on Incubator [AltRMI in fact]:
>>
>> "Is all source code distributed by the project covered by one or more of
>> the following approved licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C,
>> MPL 1.1, or something with essentially the same terms?"
>>
>> The below is, to my quick glance, a BSD licence, so approved. I'm
>> with you
>> on the no jars in CVS, but each to community to their own. Whether
>> Tapestry is properly fulfilling the licence by listing their use of ognl
>> in their documentation would be something to check on.
>>
>> Hen
>>
>> On Wed, 24 Dec 2003, Robert Leland wrote:
>>
>>> Can we really store non Apache licensed jars in the CVS ?
>>>
>>> My personal preference is to store no jars in CVS
>>>
>>> For Example I noticed ognl stored in Tapestry CVS :
>>>
>>> /
>>> /---------------------------------------------------------------------
>>> -----
>>> // Copyright (c) 2002, Drew Davidson and Luke Blanshard
>>> // All rights reserved.
>>> //
>>> // Redistribution and use in source and binary forms, with or
>>> without
>>> // modification, are permitted provided that the following
>>> conditions are
>>> // met:
>>> //
>>> // Redistributions of source code must retain the above copyright
>>> notice,
>>> // this list of conditions and the following disclaimer.
>>> // Redistributions in binary form must reproduce the above copyright
>>> // notice, this list of conditions and the following disclaimer in the
>>> // documentation and/or other materials provided with the
>>> distribution.
>>> // Neither the name of the Drew Davidson nor the names of its
>>> contributors
>>> // may be used to endorse or promote products derived from this
>>> software
>>> // without specific prior written permission.
>>> //
>>> // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
>>> CONTRIBUTORS
>>> // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
>>> // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
>>> // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
>>> // COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
>>> // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
>>> (INCLUDING,
>>> // BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
>>> LOSS
>>> // OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
>>> // AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
>>> LIABILITY,
>>> // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
>>> OUT OF
>>> // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>>> SUCH
>>> // DAMAGE.
>>> //--------------------------------------------------------
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: general-help@jakarta.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: general-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
RE: [License] for jars in CVS
Posted by Danny Angus <da...@apache.org>.
Erik
> As for the larger issue of "no JARs in CVS" - I disagree.
I don't believe that there is room for opinion on this, the fact is it is possible for people to download jars using viewcvs without having read the licence therefore it is not acceptable.
UNLESS you have *specific* dispensation from the licensor to do this for your project.
d.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: [License] for jars in CVS
Posted by Erik Hatcher <er...@ehatchersolutions.com>.
In jakarta-tapestry/lib/ext lives all of the licenses of the embedded
3rd party libraries. In that directory is a LICENSE.ognl.txt which
contains the full license. I believe this is all that is needed to
satisfy the license to redistribute the binary version. I can assure
that you we will never ever have a problem with OGNL (Drew is a good
friend of mine, and having the high profile use of OGNL in Tapestry and
other projects like WebWork2 is great advertising for him and his
genius).
As for the larger issue of "no JARs in CVS" - I disagree. I'm
pragmatic and also like to have everything in CVS needed to build a
distribution (even Ant itself for my employers projects). It saves a
lot of hassle to version all source code and dependencies together.
Yes, we could make the Maven repository argument, but I personally
prefer the complete offline usability of a CVS snapshot. When Tapestry
came to Jakarta, it's dependencies were vetted extensively and several
were removed from CVS - so it is still a PITA to build Tapestry from
CVS (and according to Howard, his attempts to Mavenize the build have
been unsuccessful to date).
Erik
On Dec 24, 2003, at 3:47 AM, Henri Yandell wrote:
>
> As I just happened to notice this on Incubator [AltRMI in fact]:
>
> "Is all source code distributed by the project covered by one or more
> of
> the following approved licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C,
> MPL 1.1, or something with essentially the same terms?"
>
> The below is, to my quick glance, a BSD licence, so approved. I'm with
> you
> on the no jars in CVS, but each to community to their own. Whether
> Tapestry is properly fulfilling the licence by listing their use of
> ognl
> in their documentation would be something to check on.
>
> Hen
>
> On Wed, 24 Dec 2003, Robert Leland wrote:
>
>> Can we really store non Apache licensed jars in the CVS ?
>>
>> My personal preference is to store no jars in CVS
>>
>> For Example I noticed ognl stored in Tapestry CVS :
>>
>> /
>> /---------------------------------------------------------------------
>> -----
>> // Copyright (c) 2002, Drew Davidson and Luke Blanshard
>> // All rights reserved.
>> //
>> // Redistribution and use in source and binary forms, with or
>> without
>> // modification, are permitted provided that the following
>> conditions are
>> // met:
>> //
>> // Redistributions of source code must retain the above copyright
>> notice,
>> // this list of conditions and the following disclaimer.
>> // Redistributions in binary form must reproduce the above
>> copyright
>> // notice, this list of conditions and the following disclaimer in
>> the
>> // documentation and/or other materials provided with the
>> distribution.
>> // Neither the name of the Drew Davidson nor the names of its
>> contributors
>> // may be used to endorse or promote products derived from this
>> software
>> // without specific prior written permission.
>> //
>> // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
>> CONTRIBUTORS
>> // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
>> // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
>> // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
>> // COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
>> INDIRECT,
>> // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
>> (INCLUDING,
>> // BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
>> LOSS
>> // OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
>> // AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
>> LIABILITY,
>> // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
>> OUT OF
>> // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>> SUCH
>> // DAMAGE.
>> //--------------------------------------------------------
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: general-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: [License] for jars in CVS
Posted by Henri Yandell <ba...@generationjava.com>.
As I just happened to notice this on Incubator [AltRMI in fact]:
"Is all source code distributed by the project covered by one or more of
the following approved licenses: Apache, BSD, Artistic, MIT/X, MIT/W3C,
MPL 1.1, or something with essentially the same terms?"
The below is, to my quick glance, a BSD licence, so approved. I'm with you
on the no jars in CVS, but each to community to their own. Whether
Tapestry is properly fulfilling the licence by listing their use of ognl
in their documentation would be something to check on.
Hen
On Wed, 24 Dec 2003, Robert Leland wrote:
> Can we really store non Apache licensed jars in the CVS ?
>
> My personal preference is to store no jars in CVS
>
> For Example I noticed ognl stored in Tapestry CVS :
>
> //--------------------------------------------------------------------------
> // Copyright (c) 2002, Drew Davidson and Luke Blanshard
> // All rights reserved.
> //
> // Redistribution and use in source and binary forms, with or without
> // modification, are permitted provided that the following conditions are
> // met:
> //
> // Redistributions of source code must retain the above copyright notice,
> // this list of conditions and the following disclaimer.
> // Redistributions in binary form must reproduce the above copyright
> // notice, this list of conditions and the following disclaimer in the
> // documentation and/or other materials provided with the distribution.
> // Neither the name of the Drew Davidson nor the names of its
> contributors
> // may be used to endorse or promote products derived from this software
> // without specific prior written permission.
> //
> // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
> // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
> // COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
> // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
> // BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
> // OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
> // AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
> // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
> // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
> // DAMAGE.
> //--------------------------------------------------------
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
[License] for jars in CVS
Posted by Robert Leland <rl...@apache.org>.
Can we really store non Apache licensed jars in the CVS ?
My personal preference is to store no jars in CVS
For Example I noticed ognl stored in Tapestry CVS :
//--------------------------------------------------------------------------
// Copyright (c) 2002, Drew Davidson and Luke Blanshard
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
// Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the distribution.
// Neither the name of the Drew Davidson nor the names of its
contributors
// may be used to endorse or promote products derived from this software
// without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
// OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
// AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
// DAMAGE.
//--------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
RE: Indemnification of the PMC
Posted by Danny Angus <da...@apache.org>.
Stephen wrote,
> For example, am I in writing this email, acting in the capacity of a PMC
> member, a committer, or an individual?
Seems to me that part of the reason it is difficult to resolve the issues confronting Jakarta is that several initial assumptions are required, and that these are not stated or clearly implied anywhere.
Greg assures us that the board aren't likely to act precipitately (if thats how you spell it), and we haven't had "official" communications from The Members of The Board on the topic, yet there are a lot of hints about the unsuitability of Jakarta's present organisation.
I think we could do with some concrete direction, or at least an affirmation of our mandate to continue what we are currently doing. Because to me it is increasingly feeling like we're trying to fix something which (apart from a few details like the bylaws) isn't broken on the basis of speculation and conjecture, and the danger in that is obvious, we'll end up breaking the thing we're trying to fix, or failing to fix the parts which are broken.
And with the utmost respect for Sam hopefully that is something a new Chairman, with more time and fresh enthusiasm for the role, will be able to provide.
d.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: Indemnification of the PMC
Posted by Stephen McConnell <mc...@apache.org>.
Noel J. Bergman wrote:
>Stephen McConnell wrote:
>
>
>
>>If I understand correctly, the opinions of an individual are not the
>>same as a motion passed by the BOD.
>>
>>
>
>Correct.
>
>
>
>>In fact, my understanding is that the role of PMC implies
>>no rights at all - just extra responsibility.
>>
>>
>
>
>
>>Is there anything concrete to suggest otherwise?
>>
>>
>
>Did you read the two messages, one from Roy, the other from Greg in his
>official capacity as ASF Chairman? If not, please do so.
>
Yes I have read the posts from Roy and Greg.
>If so, and you
>still have some questions that you feel you must have answered, perhaps it
>would be best for you to addressed them directly with the Board. I don't
>believe that it would be appropriate for anyone else to pose an
>authoritative sounding answer.
>
I think I disagee - let me explain why.
Based on my reading of Board minutes and the corporation documents there
is identification of the notion of ASF officers and member and
protection that the ASF provides to individuals within these roles.
However, a PMC member may not necessarily be an ASF member. In this
particular case the PMC member, while recognized by the Board as
contributing to project oversite, is IMO not formally granted any
protection by the ASF beyond actions clearly bound to a board directive.
While I know that Greg has specifically stated that PMC members shall be
granted protection by the ASF, there is Roy's qualified "who is or was
serving at the request of ..." statement, and as such - I think that we
dealing with a definition that is rather subjective.
For example, am I in writing this email, acting in the capacity of a PMC
member, a committer, or an individual? One could argue that no officer
of the foundation has requested that I raise this question therefore I
am not acting in accordance with Roy's definition. On the otherhand I
could be asking this question in order to clarify this question in order
to properly represent the interests of the developers in the Avalon
community in which case I could argue that I am asking this question in
my capacity as a member of the Avalon PMC (protected under Greg's
comments and possibly protected subject to the opinion of an officer of
the corporation under Roy's definition). But what if an officer of the
corporation disagrees with my question - do I loose the protection that
is asserted?
I think this comes down to the fact that the general definition of a PMC
member in terms of responsibilities (and thereby liabilities and
commensurate need for protection) at the level of PMC establishment by
the Board are minimal - but sufficient to enable a PMC as a body to
qualify these aspects - and through this process (involving the
establishment of policies and procedures) - establish tangible and
quantifiable protection towards its members in a manner that is
representative of the resonsibilities (and corresponding liabilities)
that PMC membership encompasses.
Stephen.
--
Stephen J. McConnell
mailto:mcconnell@apache.org
|------------------------------------------------|
| Magic by Merlin |
| Production by Avalon |
| |
| http://avalon.apache.org/merlin |
| http://dpml.net/ |
|------------------------------------------------|
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
RE: Indemnification of the PMC
Posted by "Noel J. Bergman" <no...@devtech.com>.
Stephen McConnell wrote:
> If I understand correctly, the opinions of an individual are not the
> same as a motion passed by the BOD.
Correct.
> In fact, my understanding is that the role of PMC implies
> no rights at all - just extra responsibility.
> Is there anything concrete to suggest otherwise?
Did you read the two messages, one from Roy, the other from Greg in his
official capacity as ASF Chairman? If not, please do so. If so, and you
still have some questions that you feel you must have answered, perhaps it
would be best for you to addressed them directly with the Board. I don't
believe that it would be appropriate for anyone else to pose an
authoritative sounding answer.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: Indemnification of the PMC
Posted by Stephen McConnell <mc...@apache.org>.
Geir :
If I understand correctly, the opinions of an individual are not the
same as a motion passed by the BOD. It is my understanding the BOD has
not passed any resolution that grants a PMC member any of the rights
implied by the message quoted below. In fact, my understanding is that
the role of PMC implies no rights at all - just extra responsibility.
Is there anything concrete to suggest otherwise?
Cheers, Stephen.
Geir Magnusson Jr. wrote:
> Here is the clearest description I've found. It's by Roy Fielding,
> ex chair and board member of the ASF, and from all appearances,
> extremely knowledgeable in these matters. It was posted here :
>
> http://nagoya.apache.org/eyebrowse/ReadMsg?
> listName=general@incubator.apache.org&msgNo=2642
>
> "Indemnification is a promise by the corporation to pay the legal
> expenses of an *individual* if that *individual* becomes subject
> to criminal or civil proceedings as a result of their actions
> under a role identified by the corporation, as long as such person
> acted in good faith and in a manner that such person reasonably
> believed to be in, or not be opposed to, the best interests of the
> corporation. In other words, a member is only indemnified for
> their actions as a member (not much). A director or officer is
> only indemnified for their actions as a director or within the
> scope of their mandate as an officer. A PMC member is indemnified
> under the category of "who is or was serving at the request of
> the corporation as an officer or director of another corporation,
> partnership, joint venture, trust or other enterprise" and only
> to the extent of that enterprise (the project). A committer
> who is not a PMC member is not authorized by the corporation to
> make decisions, and hence cannot act on behalf of the corporation,
> and thus is not indemnified by the corporation for those actions
> regardless of their status as a member, director, or officer.
>
> Likewise, we should all realize and understand that the ASF's
> ability to indemnify an individual is strictly limited to the
> assets held by the ASF. Beyond that, we are on our own as far
> as personal liability.
>
> It is a far better defense that an outside entity cannot
> successfully sue an individual for damages due to a decision
> made by a PMC, so it is in everyone's best interests that all
> of the people voting on an issue be officially named as members
> of the PMC (or whatever entity is so defined by the bylaws)."
>
> So in summary, a PMC member is indemnified for activities done on
> behalf of the corporation. I think that this would be limited to the
> official activities of the PMC - things done on behalf of the board
> for the ASF, such as oversight and releases - and not general
> day-to-day committer activities, such as technical discussion and
> personal code commits. Of course, that will probably need to be
> clarified too.
>
> However, the key thing to remember is that the indemnification is
> only up to the limit of the ASFs resources, which isn't much. So try
> to keep the litigation to a minimum :)
>
> geir
>
--
Stephen J. McConnell
mailto:mcconnell@apache.org
|------------------------------------------------|
| Magic by Merlin |
| Production by Avalon |
| |
| http://avalon.apache.org/merlin |
| http://dpml.net/ |
|------------------------------------------------|
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: Indemnification of the PMC
Posted by "Geir Magnusson Jr." <ge...@optonline.net>.
Oh, and thanks to Noel for the links...
On Dec 23, 2003, at 6:49 AM, Geir Magnusson Jr. wrote:
> Here is the clearest description I've found. It's by Roy Fielding, ex
> chair and board member of the ASF, and from all appearances, extremely
> knowledgeable in these matters. It was posted here :
>
> http://nagoya.apache.org/eyebrowse/ReadMsg?
> listName=general@incubator.apache.org&msgNo=2642
>
> "Indemnification is a promise by the corporation to pay the legal
> expenses of an *individual* if that *individual* becomes subject
> to criminal or civil proceedings as a result of their actions
> under a role identified by the corporation, as long as such
> person
> acted in good faith and in a manner that such person reasonably
> believed to be in, or not be opposed to, the best interests of
> the
> corporation. In other words, a member is only indemnified for
> their actions as a member (not much). A director or officer is
> only indemnified for their actions as a director or within the
> scope of their mandate as an officer. A PMC member is
> indemnified
> under the category of "who is or was serving at the request of
> the corporation as an officer or director of another corporation,
> partnership, joint venture, trust or other enterprise" and only
> to the extent of that enterprise (the project). A committer
> who is not a PMC member is not authorized by the corporation to
> make decisions, and hence cannot act on behalf of the
> corporation,
> and thus is not indemnified by the corporation for those actions
> regardless of their status as a member, director, or officer.
>
> Likewise, we should all realize and understand that the ASF's
> ability to indemnify an individual is strictly limited to the
> assets held by the ASF. Beyond that, we are on our own as far
> as personal liability.
>
> It is a far better defense that an outside entity cannot
> successfully sue an individual for damages due to a decision
> made by a PMC, so it is in everyone's best interests that all
> of the people voting on an issue be officially named as members
> of the PMC (or whatever entity is so defined by the bylaws)."
>
> So in summary, a PMC member is indemnified for activities done on
> behalf of the corporation. I think that this would be limited to the
> official activities of the PMC - things done on behalf of the board
> for the ASF, such as oversight and releases - and not general
> day-to-day committer activities, such as technical discussion and
> personal code commits. Of course, that will probably need to be
> clarified too.
>
> However, the key thing to remember is that the indemnification is only
> up to the limit of the ASFs resources, which isn't much. So try to
> keep the litigation to a minimum :)
>
> geir
>
> --
> Geir Magnusson Jr 203-247-1713(m)
> geir@4quarters.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
>
>
--
Geir Magnusson Jr 203-247-1713(m)
geir@4quarters.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org