Bug 479598
Summary: | Review Request: aopalliance - AOP offers a better solution to many problems than do existing technologies | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Sandro Mathys <sandro> |
Component: | Package Review | Assignee: | Nobody's working on this, feel free to take it <nobody> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | akurtako, christoph.wickert, fche, fedora-package-review, herrold, jlewis, mcepl, mefoster, notting, orion, starksm64, supercyper1, tcallawa |
Target Milestone: | --- | Flags: | sandro:
fedora-review-
|
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-10-20 12:24:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sandro Mathys
2009-01-11 22:40:40 UTC
This is the worst summary I have ever seen! Why not use: "AOP saves the world" as summary? ;) Package version is wrong, see http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Snapshot_packages Spec URL: http://red.fedorapeople.org/SRPMS/aopalliance.spec SRPM URL: http://red.fedorapeople.org/SRPMS/aopalliance-1.0-1.20090111cvs.fc11.src.rpm Thanks for the comments. I tried to address both issues in the new version. Writing a good summary for this is tough, though ;) This package claims to be public domain, but I don't see any mention of that in the source. The upstream web site says LICENCE: all the source code provided by AOP Alliance is Public Domain. but my understanding is that you have to explicitly disclaim your copyright (if you are even legally allowed to do so) and I see no such disclaimer anywhere. Many of the contributors are French (according to http://aopalliance.sourceforge.net/members.html), and I've seen it said before that EU citizens may not have the legal right to place works in the public domain. Blocking FE-Legal (again, sorry spot) for an opinion. The short answer is that French citizens cannot put works into the Public Domain: http://en.wikipedia.org/wiki/French_copyright_law#Moral_rights "Any agreement to waive an author's moral rights is null and void, although the author cannot be forced to protect his work." Basically, what this means is that we need the AOP Alliance to actually give us licensing terms, even if they're extremely permissive ones. I would suggest the MIT license. spot: Wouldn't the WTFPL be much closer to 'public domain' and be fine for integration into Fedora? Technically, yes, but the WTFPL is a ... poorly drafted license. MIT achieves the same end result and is far less offensive. I took the time to contact upstream over their mailing list, trying to explain the issue at hand and how to best solve it. I'll wait for an answer and then get back to this ticket. Upstream is dead, no activity on the mailing list at all. I don't think they'll ever re-license anything. Does that mean this pkg is a no-go? FYI: JBoss depends on aopalliance ;) That's unfortunate for JBoss. You might try reaching out to the members individually: http://aopalliance.sourceforge.net/members.html Also, you could try emailing Andrei Popovici directly: popovici.ch That would mean that every single member would have to agree with the license chance, wouldn't it? I doubt that's even possible because most members didn't leave any contact information. As for the contact information von Andrei Popovici - he left the ETHZ (where I work nowadays) years ago, i.e. that email address doesn't work anymore for a long time already. It depends on who the copyright holder is. If the AOP Alliance is a legal entity, then that entity could be the copyright holder. If so, then whomever legally speaks for that group could relicense the work. If the AOP Alliance is just a name that these individuals gave to themselves, but is not legally recognized as an entity (a company or a non-profit), then all of the individuals who committed code would have to give permission to relicense. Because of: http://www.systems.ethz.ch/people/alumni I'm pretty sure that this is the right Andrei Popovici: http://www.linkedin.com/pub/andrei-popovici/0/26b/735 . You might be able to contact him through that URL. I've brought this to the attention of the folks at SpringSource (specifically Rod Johnson, who was one of the original developers) and Adam Fitzgerald (who is their community liaison now). A lot of projects are including this jar because Spring depends on it, so it is in their interest to deal with this. Hopefully they will be able to get an appropriately permissive license attached to this library soon. *** Bug 532519 has been marked as a duplicate of this bug. *** Just checking in to see if there is any update here. Nothing from my side but John said he's trying to get in touch with folks so maybe he has an update. I haven't heard anything further from the folks at SpringSource, but I did just send them another email to bump the issue again. Why don't people simply use upstreams that are alive? Sometimes it would take less time to migrate to dependency that is alive than to fix legal issues. (In reply to comment #5) > The short answer is that French citizens cannot put works into the Public > Domain: > > http://en.wikipedia.org/wiki/French_copyright_law#Moral_rights > > "Any agreement to waive an author's moral rights is null and void, although the > author cannot be forced to protect his work." Wait, upon what do you base your opinion that their own designation of it as "public domain" is somehow an attempted waiver of the *moral rights* involved? Well, the legal definition of Public Domain is: "the realm or status of property rights that belong to the community at large, are unprotected by copyright or patent, and are subject to appropriation by anyone" (source: Merriam-Webster's Dictionary of Law ©1996.) You cannot simultaneously have a work be unprotected by copyright (or subject to appropriation by anyone) and retain moral rights on that work. The moral rights are tied into the copyright. Now, the copyright holder(s) could grant an extremely permissive license on that work, CC-0 is an excellent example of a license specifically crafted to work around precisely this issue and come to the same practical end-result as a public domain declaration where the copyright holder is in a jurisdiction without moral rights. Is redhat/fedora legal also advising that an american law dictionary entry is sufficiently relevant to the stated intentions of a french author? Just curious whether we're holding back because of an overabundance of caution. Well, you asked for a definition of what Public Domain means. That's what it means. It has the same meaning in Europe, except that you CANT just put works in the Public Domain in most of Europe, because those countries (notably France) do not permit copyright holders to waive their moral rights. CC-0 exists specifically because this is a problem. So is anyone still working on this and seeing any type of progress? If not I'm going to close this. I never got a response from the SpringSource guys. Maybe if someone from RedHat directly contacted them? If someone wants to do that, email me and I'll help you get hold of them. (In reply to comment #24) > So is anyone still working on this and seeing any type of progress? If not I'm > going to close this. Would mind to contact Cédric Beust? It seems he is still active now. http://beust.com/weblog/ http://twitter.com/cbeust I sent a note to Cédric asking if he could give this concern some attention. Dropping this review request because of the legal issues. There is no dependency on this project by jboss, or any of it's thirdparty dependencies. I cannot see any current j2ee project depending on the aopalliance code as it is seven years old, and the concepts have largely been integrated into the various j2ee specs. Even the current versions (3.x) do not seem to have any dependency on aopalliance, and jboss never had any dependency on spring or spring aop. Given Fedora's revised position on Public Domain code, this package is now considered legally permissible in Fedora. I am dropping the FE-Legal blocker, but I am not reopening this old bug. If Sandro wants to reopen this request, he can do so, or a new review bug can be opened by an interested maintainer. |