You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Roman Shaposhnik (Jira)" <ji...@apache.org> on 2020/05/05 23:29:00 UTC
[jira] [Commented] (LEGAL-515) Requesting guidance on MXNet's
compliance with Apache Legal requirements
[ https://issues.apache.org/jira/browse/LEGAL-515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17100318#comment-17100318 ]
Roman Shaposhnik commented on LEGAL-515:
----------------------------------------
Hi [~l33zu] let me answer question-by-question:
| Further, from a brand management and trademark perspective: Such third-party distributions contain references to Apache MXNet. Could you clarify how and if third-party distributions may mention that they
redistribute Apache MXNet (eg. with a disclaimer that they contain closed-source components)?
Any 3d party can redistribute the artifacts that are released by a given PMC and then use that Apache Foo name. IOW, a simple act of redistribution doesn't forbid them from (in fact they have to!) use the proper name of what is being distributed which is Apache Foo. A simple act of rebuilding a source that came from a PMC also still allows them to use Apache Foo name.
However, the moment they change the source and/or add additional binary components our policy prevents them from using Apache Foo name.
| exposed as https://dist.mxnet.io/python/cu102. Some of binaries (corresponding to RC and release versions commits) are also uploaded to Pypi, for example at https://pypi.org/project/mxnet-cu102/
The question here is who do these distribution channels belong to. If they belong to an MXNet PMC (collectively speaking) then we need to make sure that whatever gets distributed through them follows ASF guidelines. If, on the other hand, they belong to a 3d party then the question is different: more along the lines of whether that 3d party can use the ASF branding. Both of these questions need to be brought back to MXNet PMC.
| An example is https://pypi.org/project/mxnet-cu102/. I do find a reference on legal-discuss where Marvin Humphrey suggests that anyone using the Apache trademark must not redistribute closed-source components, but I'm not sure if that reference is the conclusion on the issue and how it relates to "fair use" of the Apache trademarks.
That is correct. Anything that gets distributed under the ASF branding HAS to come from an official PMC voted release. By definition, such a release can NOT include closed-source components.
| Finally, I believe the MXNet project website would need to be updated to clarify that such binaries are provided by third parties and not associated with the ASF. Is that correct? It is currently not done: https://mxnet.apache.org/get_started/?platform=linux&language=python&processor=gpu&environ=pip&
Correct. You need to start with MXNet PMC though to address this question
Hope this help.
> Requesting guidance on MXNet's compliance with Apache Legal requirements
> ------------------------------------------------------------------------
>
> Key: LEGAL-515
> URL: https://issues.apache.org/jira/browse/LEGAL-515
> Project: Legal Discuss
> Issue Type: Question
> Reporter: Leonard Lausen
> Priority: Major
>
> Hi Apache Legal,
> MXNet project is well aware that no Apache project is allowed to redistribute closed source components. However, third parties have started to distribute Apache MXNet binaries with closed-source components provided by various hardware manufacturers (eg. Intel MKL or NVidia Cuda), enabling optimized performance on these platforms.
> Can such a third-party distribution result from a continuous delivery pipeline (operated by the third-party) whose source is managed by the project? Or would the source code of such continuous delivery pipeline need to be managed by the third-party outside the ASF source code?
> For example, [https://github.com/apache/incubator-mxnet/tree/master/cd] contains code currently run on machines sponsored by Amazon Web Services that builds various variants of MXNet (including some with closed source components) and places the resulting binaries in a S3 bucket sponsored by Amazon Web Services, exposed as [https://dist.mxnet.io/python/cu102]. Some of binaries (corresponding to RC and release versions commits) are also uploaded to Pypi, for example at [https://pypi.org/project/mxnet-cu102/]
> Further, from a brand management and trademark perspective: Such third-party distributions contain references to Apache MXNet. Could you clarify how and if third-party distributions may mention that they redistribute Apache MXNet (eg. with a disclaimer that they contain closed-source components)?
> An example is [https://pypi.org/project/mxnet-cu102/]. I do find a [reference on legal-discuss|https://lists.apache.org/thread.html/da8290a4f087aa63daf7499ba5b869f94cc9ee3f3427f15032deb803%40%3Clegal-discuss.apache.org%3E] where Marvin Humphrey suggests that anyone using the Apache trademark must not redistribute closed-source components, but I'm not sure if that reference is the conclusion on the issue and how it relates to "fair use" of the Apache trademarks.
> Finally, I believe the MXNet project website would need to be updated to clarify that such binaries are provided by third parties and not associated with the ASF. Is that correct? It is currently not done: [https://mxnet.apache.org/get_started/?platform=linux&language=python&processor=gpu&environ=pip&]
> Thank you for your time and help clarifying these questions.
> Leonard
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org