You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by "Marco de Abreu (JIRA)" <ji...@apache.org> on 2018/12/12 14:10:00 UTC

[jira] [Updated] (LEGAL-427) Released artifacts with code stored outside the Apache repositories

     [ https://issues.apache.org/jira/browse/LEGAL-427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marco de Abreu updated LEGAL-427:
---------------------------------
    Description: 
Hello Apache legal,

I've just had a discussion with my colleagues around publishing artifacts with code thats outside of the control of the Apache project. The use case is the following:

Our project does not only offer the source releases using the typical Apache process but also prepackaged convenience releases to distribution platforms like Maven or PyPi.

 

The current idea is to add support for DockerHub. For this, a new (non-trivial) pipeline would be created and used to generate the images and publish them to DockerHub. The developers do not want to donate the source of that pipeline to the Apache project and instead want to maintain their own public GitHub repository that's under their control. The code would still be under the Apache 2 license, but the project's committers and PMC members would have no permissions to it.

 

How is the situation here?
 * Are these outside contributors allowed to publish these Docker images to DockerHub under the brand of Apache MXNet without being a PMC member?
 * Would the permission of a PMC member be sufficient to allow them the publishing although the source code is still outside of the PMCs control?
 * Would it be sufficient if just one PMC member has control over that source code?
 * Would it be sufficient if the person who publishes the images is a PMC member?
 * Would it be allowed to publish the images under a different name than Apache MXNet?

 

Thanks for your assistance!

 

  was:
Hello Apache legal,

I've just had a discussion with my colleagues around publishing artifacts with code thats outside of the control of the Apache project. The use case is the following:

Our project does not only offer the source releases using the typical Apache process but also prepackaged convenience releases to distribution platforms like Maven or PyPi.

 

The current idea is to add support for DockerHub. For this, a new (non-trivial) pipeline would be created and used to generate the images and publish them to DockerHub. The developers do not want to donate the source of that pipeline to the Apache project and instead want to maintain their own public GitHub repository that's under their control. The code would still be under the Apache 2 license, but the project's committers and PMC members would have no permissions to it.

 

How is the situation here?
 * Are these outside contributors allowed to publish these Docker images to DockerHub under the brand of Apache MXNet without being a PMC member?
 * Would the permission of a PMC member be sufficient to allow them the publishing although the source code is still outside of the PMCs control?
 * Would it be allowed to publish the images under a different name than Apache MXNet?

 

Thanks for your assistance!

 


> Released artifacts with code stored outside the Apache repositories
> -------------------------------------------------------------------
>
>                 Key: LEGAL-427
>                 URL: https://issues.apache.org/jira/browse/LEGAL-427
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Marco de Abreu
>            Priority: Major
>
> Hello Apache legal,
> I've just had a discussion with my colleagues around publishing artifacts with code thats outside of the control of the Apache project. The use case is the following:
> Our project does not only offer the source releases using the typical Apache process but also prepackaged convenience releases to distribution platforms like Maven or PyPi.
>  
> The current idea is to add support for DockerHub. For this, a new (non-trivial) pipeline would be created and used to generate the images and publish them to DockerHub. The developers do not want to donate the source of that pipeline to the Apache project and instead want to maintain their own public GitHub repository that's under their control. The code would still be under the Apache 2 license, but the project's committers and PMC members would have no permissions to it.
>  
> How is the situation here?
>  * Are these outside contributors allowed to publish these Docker images to DockerHub under the brand of Apache MXNet without being a PMC member?
>  * Would the permission of a PMC member be sufficient to allow them the publishing although the source code is still outside of the PMCs control?
>  * Would it be sufficient if just one PMC member has control over that source code?
>  * Would it be sufficient if the person who publishes the images is a PMC member?
>  * Would it be allowed to publish the images under a different name than Apache MXNet?
>  
> Thanks for your assistance!
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org