You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Henri Yandell (JIRA)" <ji...@apache.org> on 2017/10/02 04:45:00 UTC
[jira] [Commented] (LEGAL-333) Maven Central Repository terms are
incompatible with the Apache License
[ https://issues.apache.org/jira/browse/LEGAL-333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16187658#comment-16187658 ]
Henri Yandell commented on LEGAL-333:
-------------------------------------
It's an interesting point imo. Any redistribution site is going to have terms like that - they'd be idjits not to. Sonatype can't sit there and do a deep review on every jar file that is sent to them in a vain effort to identify licensing risks. So they point put that the entity publishing the jar is the one who is responsible for the jar, they're only responsible for the redistribution (etc etc). Ideally they would argue that they're not even the redistributor, rather they provide a platform on which entities redistribute their products.
That said, does accepting indemnification to the redistribution platform mean any kind of implied liability is created, in contradiction to section 8's limitations of liability. I suspect that in our (Apache's) opinion it has not. Sonatype can point a complaint back to us, and we point to the software license's note of limited liability.
I notice btw that Carte/CSS4j depends on Apache Commons Codec. I suspect that Carte has the same opinion as Sonatype, if a complaint comes to them regarding Codec, they feel the complaint should go to Apache and not be something they have to handle. ie) I don't think there's anything unreasonable in either Sonatype or Apache's legalese, rather a question of whether there is any reason to be concerned over their compatibility.
> Maven Central Repository terms are incompatible with the Apache License
> -----------------------------------------------------------------------
>
> Key: LEGAL-333
> URL: https://issues.apache.org/jira/browse/LEGAL-333
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Carte Project
> Assignee: Chris A. Mattmann
>
> All or nearly all of the ASF's Java software projects are distributed through the Maven Central Repository operated by Sonatype, Inc. Their "full terms of service" (as they are described in [this page|http://central.sonatype.org/pages/ossrh-guide.html]) can be found here:
> [http://central.sonatype.org/pages/central-repository-producer-terms.html]
> The "Indemnity for Submissions" clause states:
> bq. You agree to indemnify and hold harmless Sonatype and its affiliates, suppliers, partners, officers, agents, and employees from and against any claim, demand, losses, damages or expenses (including reasonable attorney's fees) arising from your Submissions.
> To me, the obligation to indemnify against any claim "arising from your Submissions" sounds somewhat incompatible with the 8 and 9 clauses of the [Apache License 2.0|http://www.apache.org/licenses/LICENSE-2.0]. And my understanding is that all of the ASF's Maven artifacts are nearly-automatically deployed on that repository.
> Am I missing something? Any comments?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org