incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paolo Castagna <>
Subject Re: [Proposal] Accept Jena into the Incubator
Date Mon, 15 Nov 2010 11:02:08 GMT

Steve Loughran wrote:
> On 13/11/10 04:17, Paolo Castagna wrote:
>> Jeremy Carroll wrote:
>>> On 11/12/2010 11:51 AM, Paolo Castagna wrote:
>>>> Also (from the JenaProposal):
>>>> "The Jena GRDDL Reader has some additional dependencies:
>>>> BrowserLauncher2 could be removed in favor of a much simpler approach
>>>> (i.e. write it in a file!).
>>> That is actually superseded by a Java6 facility, so I should do a
>>> small piece of recoding and remove the dependency
>> +1
>> (and, if I can help, let me know.)
>> Of course, it would be even easier/less work, to remove the click
>> through altogether (this is probably my favorite option).
>>>> What other Apache projects do in a similar situation (i.e. you want
>>>> to warn the user about some potential security issues and therefore
>>>> you ask the user to actively agree, press a button, etc. to make sure
>>>> the user reads it (I know, I know...))?
>>> The GRDDL component runs XSLT from the Web, in a sandbox.
>>> The HP lawyer who advised, understanding the risks of running 3rd
>>> party code, wanted an explicit user action to agree to the BSD license
>>> terms, to have a firmer leg to stand on if the the 3rd party code
>>> proved malicious, and the sandbox inadequate.
>>> (The browser launcher is used only for the click through agreement to
>>> BSD)
>> I was not able to find a single Apache project which requires a click
>> through to 'ensure' users agree to the license.
> it really screws up things like transitive ivy/maen downloads too, you 
> make an enemy of people downstream. That's why Sun JARs with click 
> through licenses aren't there.
> For Jena, maybe untrusted XSL is some feature that should be turned on 
> via a config option, not click-through.

GRDDL is just one (small) module within Jena.
Jena GRDDL implements stuff specified here:
Jena GRDDL artifacts are not published in Maven Central at the moment.

More importantly, Jena does not use any click through.

This is just to avoid confusion.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message