incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan D. Cabrera" <>
Subject Re: SVN move
Date Sat, 26 Jul 2008 04:04:04 GMT

On Jul 25, 2008, at 8:50 PM, William A. Rowe, Jr. wrote:

> Alan D. Cabrera wrote:
>> On Jul 25, 2008, at 7:38 PM, Craig L Russell wrote:
>>> Hi Alan,
>>> On Jul 25, 2008, at 3:31 PM, Alan D. Cabrera wrote:
>>>> Some things to consider in this discussion:
>>>> - The 0.9.0 release cannot be performed off of the copy in ASF
>>>> - The 0.9.0 or earlier releases cannot be supported off of the  
>>>> copy in ASF
>>>> Maybe that's what everyone is thinking.  I just want to make sure  
>>>> that it's clear.
>>> I don't agree with either of the above opinions. We don't restrict  
>>> what people do with Apache code.
>>> I don't see anything wrong with publishing a release off the  
>>> artifacts stored in Apache. It cannot be called "an Apache  
>>> incubating release" but it can certainly be called JSecurity 0.9  
>>> whatever.
>>> Follow-on releases can similarly be built from code checked into  
>>> the Apache repository. They just cannot be called "Apache  
>>> anything". And if they're published in the download  
>>> area they can be maintained in the Apache repository.
>> I'm not so sure about this.  Is there a precedent for this?
> Of course.

Can you provide one example?  Just curious.

> Understand that it's not Apache Foo x.x.x, and that the ASF
> doesn't publish or take account for the contents of such an external
> package.
> Which effectively means the committer (or their employer if they are
> acting on the behalf of such) is assuming all responsibilities for  
> such
> a package.  This is usually not the sort of personal responsibility an
> individual desires, so it would probably make more sense to resolve  
> the
> issues at the project and vote on an ASF release.
> The act of a tag-tar-vote-release at the ASF is an act of the  
> foundation
> (as long as the RM/PMC follows the whole process) so it is a shield,  
> of
> sorts.  If the RM and project acts in good faith, the ASF backs the
> release and is a much more public face to settle any later disputes.

Not that I believe that it will happen in the case of the JSecurity  
project but, does this not mean that the "original" project can  
continue for a potentially long time to develop their own releases off  
of the ASF repo?  That's ok?

What if the license for those releases was incompatible w/ AL2.0? They  
could continue to make releases on their own?

What if there was absolutely no community involvement for those  
branches and their releases?

What happens to that code base when the project graduates?  I imagine  
that it would probably have to stay.

Again, I don't think this will occur for JSecurity but I am just  
trying to get my head in the same place a s you guys.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message