This page includes a concatenation of the reports made by the VP of Legal Affairs to the ASF Board of Directors, and -may be of interest to committers wishing to follow the progress and history of legal policy issues. -
-The following reports are included in this page: -
- -+ This page includes a concatenation of the reports and resolution + proposals made by the VP of Legal Affairs to the ASF Board of + Directors, and may be of interest to committers wishing to follow + the progress and history of legal policy issues. +
++++ + +Overview ++ The following reports are included in this page. The complete + board meeting minutes are also available. +
++
+- + March 18, 2009 +
++
+- + February 18, 2009 +
++
+- + January 21, 2009 +
++
+- + December 17, 2008 +
++
+- + November 19, 2008 +
++
+- + October 15, 2008 +
++
+- + September 17, 2008 +
++
+- + August 20, 2008 +
++
+- + July 16, 2008 +
++
+- + June 25, 2008 +
++
+- + May 21, 2008 +
++
+- + April 16, 2008 +
++
+- + Update Legal Affairs Committee Membership (approved) +
+- + March 19, 2008 +
++
+- + February 20, 2008 +
++
+- + Update Legal Affairs Committee Membership (approved) +
+- + January 16, 2008 +
++
+- + November 14, 2007 +
++
+- + October 17, 2007 +
++
+- + September 19, 2007 +
++
+- + August 29, 2007 +
++
+- + July 09, 2007 +
++
+- + Update Legal Affairs Committee Membership (approved) +
+- + Change the Apache Vice President of Legal Affairs (approved) +
+- + June 20, 2007 +
++
+- + April 25, 2007 +
++
+- + March 28, 2007 +
++
+- + Establish the Legal Affairs Committee (approved) +
+- + February 21, 2007 +
++
+- + January 17, 2007 +
++
+- + December 20, 2006 +
++
+- + November 15, 2006 +
++
+- + October 25, 2006 +
++
+- + September 20, 2006 +
++
+- + August 16, 2006 +
++
+- + July 19, 2006 +
++
+- + June 27, 2006 +
++
+- + May 24, 2006 +
++
+- + Establish guidelines for handling copyright notices and + license headers (approved) +
+- + April 26, 2006 +
++
+- + March 15, 2006 +
++
+- + January 18, 2006 +
++
+- + December 21, 2005 +
++
+- + November 11, 2005 +
++
+- + October 26, 2005 +
++
+- + September 21, 2005 +
++
+- + August 17, 2005 +
++
+- + Allow redistribution of MPL- and NPL-licensed executables + (approved) +
+- + Allow product dependencies on LGPL-licensed libraries (tabled) +
+- + July 28, 2005 +
++
+- + Allow product dependencies on LGPL-licensed libraries (tabled) +
+- + Allow redistribution of MPL- and NPL-licensed executables + (tabled) +
+- + June 22, 2005 +
++
+- + Appoint a Vice President of Legal Affairs (appointed) +
++ + +March 18, 2009 ++ 5. Additional Officer Reports + + 2. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +Active month, nothing requiring board attention beyond a passing mention of +staffing. Summary: + +internal: + LGPL optional library for testing CouchDB (OK) + DOM4J (BSD style license, accepted) + JSR 173 license (replaced with an ALv2 equiv) + Protocol Buffer License (verified as BSD) + Unicode data license (ICU: OK) + MSV license (category X: due to FOU) + License Headers question (dealing with BSD) + Question as to when CCLAs are required (QPid) + OASIS license of XSDs (not separately licensed?) + OLIO fragment cache license (MIT) + ICLA required for student under contract? (wouldn't hurt) + Use of Prolog (the language) (OK) + Abstract question on documentation (need specifics) + +outside: + Permission to reuse our CLA form itself (granted!) + Question as to whether the ECCN "conveys" to commercial users (answer: + exemption may not apply - consult a lawyer) + General question as to whether ASF code can be sublicensed commercially + (can and does) + Hypothetical Discussion between Bruce Perens and Larry Rosen (over my head) + +Referred elsewhere: + Two separate potential violation of an ASF Trademark (to PRC) + Advice for book authors (to PRC) + IP-clearance question (to incubator) +++ + +February 18, 2009 ++ 5. Additional Officer Reports + + B. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + + Sam confirmed that an open list was not a problem at this time, + and noted that he is pleased with the sharing of the load; while + Henri and Larry take on bigger shares than most (thanks!), nobody + dominates and plenty of people contribute.. + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +While traffic has picked up from last month, absolutely none of it should be +of any concern to the board. Brief summary: + + * General questions on public domain and fair use + * A question about a previously approved license (zlib/libpng) + * Two questions on IP clearance, one quick and one more involved, both + forwarded to the incubator + * A JSR spec contained obsolete licensing terms (Geir quickly dove in) + * An inquiry on trademark considerations, including the project logo and the + ASF feather from committers on an ASF project working on a book. + * An internal discussion on open letters. + +The list also attracts questions from users. While it is not something that +we are set up to do (or, in fact, a service we intend to provide), it has not +proven to be a problem in practice. Discussions of this nature from the past +month: + + * Request for advice on a project desiring to use the Apache License and + depend on code licensed under the GPL. + * A webapp developer asked a question about the MySQL license + * A developer of an application on sourceforge asked about how to structure + his LICENSE file given that his project is based on an ASF project + * A general question about defensive publication as a way to protect against + patent trolls. + * A general question on internal use of Apache projects +++ + +January 21, 2009 ++ 5. Additional Officer Reports + + 2. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +Very quiet month, nothing requiring board attention. Highlights: + +Naming discussion on JSecurity. Probably would not have given approval to +that name in the first place, but given that the name has been in use for +four years without an issue being raised, there isn't consensus on requiring +a change. That being said the naming discussion was an inevitable bikeshed. + +Discussion of whether a given W3C license was category 'B' or 'X'. Given that +the code in question was dual licensed with BSD, the question was moot. + +A discussion about a different W3C license and the policy of not allowing +non-OSS code in SVN wandered off into nowhere as hypothetical discussions are +want to do. There was a similar discussion about PDF CJK fonts, and it +appears that the direction there will be to dynamically download the data vs +polluting SVN. + +A question about dealing with the US Government was handled by Larry off-list. +++ + +December 17, 2008 ++ 5. Additional Officer Reports + + 2. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + + People are encouraged to follow up on the first issue on + legal-discuss. + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +Most significant thread has the unfortunate subject line of +"use of proprietary binaries". I say unfortunate, as it is unduly +prejudicial. The essence of the pragmatism behind "category B" is to +identify artifacts whose licenses, while different than our own, don't +affect the ability of us developing our code under our license. As long +as the dependency is clearly marked and we are not distributing these +artifacts, we should be good. Related questions such as whether such +artifacts can be checked into SVN, etc. should be examined in terms of +infrastructure burden and potential to increase confusion, and not excluded +as a blanket matter of policy. + +The context for the above is optional external APIs and compliance test +suites. While we would all love for these to be open, that's not a +requirement. The line in the sand is whether or not usage of such affects +our ability to develop our code under our license. + +By contrast, redistribution of PDF CJK fonts, for which the license clearly +states that the "contents of this file are not altered" was greeted warmly, +albeit with a separate discussion about patents. + +Other threads: + +Does working on Sun RI automatically "contaminate" developer, and preclude +them from working on ASF project? Answer: not in general, though specific +PMCs may have specific rules in place depending on the nature of the project. + +Lenya website redesign - ensuring that the contributions are under the +appropriate license. + +Obtaining licenses for testing purposes - original question dealt with +WebSphere, but wondered off to TCKs. + +Branding question ("AskApache") referred to PRC. + +Continued discussion about Google Analytics. No consensus that there is +a clear issue yet. + +A naming question for JSecurity lead to the inevitable bikeshedding... +++ + +November 19, 2008 ++ 5. Additional Officer Reports + + 2. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +It would be helpful to obtain a Notice of Allowance from Robyn in order to +pursue registering the SpamAssassin Trademark. + +Sebastian Bazley updated the mailbox drop information on CCLAs to reflect our +Wells Fargo lockbox. + +Discussed documenting privacy policies w.r.t. Google analytics and +interpreting "internal use" as our project mailing lists. Parallel discussion +occurred on site-dev. + +Advised Facelets to preserve NOTICEs and not to modify copyright claims +in files that they copy. + +Jira item created for documenting the process for choosing names for ASF +projects. Looks promising. + +Once again, a discussion of making section 5 of the Apache License, Version +2.0 more explicit via mailing list messages surfaced. Thankfully, it died +quickly. My feeling is that what we have works for us for now, and shouldn't +be changed unless there is a specific issue. + +A company offered Lucene access to archived blog data. There was a discussion +concerning us hosting a copy of this, but this made some people uncomfortable +w.r.t. potential copyright violations. + +Discussed w3c's copyright-documents-19990405.html. Overall doesn't look +open source friendly, but we may be open to further discussion of checkin +of unmodified sources with appropriate documentation. + +Reviewed Oracle's proposed revised JSR301 draft license +++ + +October 15, 2008 ++ 5. Additional Officer Reports + + 2. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +4 JIRA requests opened, 3 closed; all related to how to deal with "one off" +licenses. + +Continuing discussions on Google Analytics and legal options related to the +JCK impasse. + +Otherwise, a pretty quiet month. +++ + +September 17, 2008 ++ 5. Additional Officer Reports + + 2. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +Things continue to run smoothly. I'm pleased with the number of active +participants. + +An abstract question was asked about an ability to commit to a project given +exposure to prior ideas from a previous employer. In general, such a +situation causes us no major concerns, though the situation may vary based on +the specific projects and specific employers in question. + +PDFBox was originally BSD licensed and obtained software grants from all of +the primary authors. A question was asked regarding small contributions from +people who they are no longer able contact. Given the size of the +contributions in question, the original license, and the fact that reasonable +efforts were made to locate such people, it was determined that this was not a +concern. + +A FAQ was added that older versions of Apache software licensed under Apache +Software License 1.0 are still licensed as such. + +Creative Commons Share-Alike Attribution version 3.0 license has been +approved, provided the materials in question are unmodified. Previously, only +the 2.5 version had been approved. + +A JIRA was opened on documenting release voting procedures. No owner. + +Larry helped resolve an issue where a company wished to rewrite our CCLA. +Our policy is that we don't accept modified ICLAs or CCLAs. + +SyntaxHighlighter (LGPL) was approved for use on people.apache.org pages. + +Nobody seems to know the licensing status of BEA's StAX implementation, so +most projects are simply routing around it. + +Larry has volunteered to register SpamAssassin trademarks. Given that the PRC +and the SA PMCs are OK with this, if the board approves the expenditure, I'll +tell him to proceed. + +David Crossley has produced a first draft of a project naming document. He's +been on the list for over a year, and starting in July of this year has picked +up his participation. + +Routine copyright/notice questions from Felix, CouchDB, JAMES and the Incubator. + +RSA's implementation of MD4/MD5 says one thing in their licensing headers and +a quite different thing on their IETF IPR statement. I think we are covered, +but we still need to settle how to document this properly. + +Bluesky inquired about moving away from some (unspecified) C++ Standard +library implementation to STLPORT, presumably for licensing reasons. +Everything I have heard to date indicates that we would be comfortable with +either implementation. + +Google Analytics continues to be explored. Justin expressed an opinion that, +while a bit stronger than I recall the board expressing, is one that I'm quite +pleased and comfortable with: namely that we start from a presumption of data +of this type being open to all, and work backwards from there -- making closed +only what we must. + +A discussion has just started on the legal implications of contests involving +prizes. If the prizes themselves are donated, and are substantial, we may +have to consider such as targeted donations. +++ + +August 20, 2008 ++ 5. Additional Officer Reports + + 3. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 3 + + Jim asked if the board should request a status update + regarding the 3rd party license policy. Sam indicated that + this was not necessary based on the areas of consensus already + are published on the web site, and the items being worked + appear in JIRA. No action was taken. + +----------------------------------------- +Attachment 3: Status report for the Apache Legal Affairs Committee + +While comments were made on a half-dozen or so JIRA issues, none were either +created or closed this month. I believe that this process is working +smoothly, and does not warrant board attention. + +Notable discussions that occurred during this month: + +As reported elsewhere, Microsoft clarified their position on their Open +Specification Promise. As near as I can tell, everybody feels that this +completely resolves the issues surrounding the upcoming OOXML support by POI. + +The division of labor between the PRC, the incubator, and the Legal Affairs +Committee continues to confuse people. My understanding is that the PRC is +responsible for enforcing our claim to names, the incubator is responsible for +IP clearance (including names), and the Legal Affairs Committee helps respond +to claims made against the ASF. + +A GPL license question surfaced -- this started out with Xapian which is +licensed under GPL v2 and confusion over what the FSF claims of +"compatibility" with the Apache License means. Eventually this discussion +wandered off into the territory of hypotheticals. GPL v2 remains on the ASF's +restricted list (a.k.a. Category "X"). + +By contrast, syntax highlighter (licensed under the LGPL) was approved for the +limited purposes of non-essential enhancement of online documentation. + +There was a brief discussion on "blanket" grants and "commit by proxy". This +was resolved by citing the relevant sections of the ICLA which has explicit +provisions for the enablement of submitting code on behalf of a third party. + +There was a brief discussion as to whether an ICLA sufficient when a person +may have been exposed to ideas and alternate implementations from a previous +employer. Our position is yes. Individual PMCs are welcome to set a higher +bar for themselves. + +A permathread re-erupted: when are Apache License Headers needed? The general +guidance is that they should be added whenever practical, but only where +practical. + +There is an ongoing discussion about notice requirements when code is reused +from other projects. +++ + +July 16, 2008 ++ 5. Additional Officer Reports + + 2. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + + A brief discussion was had concerning ASF committers and members + participating as Expert Witnesses. This is a decision that only + the individual in question can make for themselves, but if there + is any concern that there might involve an ASF vulnerability, + then the individual is requested to include the ASF's legal VP + and counsel in the discussion. + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +Resolved issues: + +* Documentation about the Legal Affairs Committee has been added to + the web site (primary source: board resolutions) + +* Cobertura reports can be included in Apache distributions + +* Yahoo! DomainKeys Patent License Agreement v1.2 does not + raise any concerns. + +Significant Discussions: + +* Permathread about policy issue about shipping LGPL jars reoccurred. + again this month. + +* We are Revisiting whether or not there should be a JIRA checkbox concerning + whether or not there should be a "Grant license to the ASF" checkbox + and what the default should be. + +Other: + +* Received another inquiry from the owners of the Abator trademark. +++ + +June 25, 2008 ++ 5. Additional Officer Reports + + 2. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +Another month with little controversy. + +At this point /legal/resolved.html contains the bulk of the content +from the draft 3party text upon which there is wide consensus. This includes +the discussion of category 'A', 'B', and 'X' licenses. Henri has a real +talent for proposing text upon which people can find common ground. + +The wiki that was previously set up at my request is not seeing much use. +Relevant documents that were previously there (as well as on +people.apache.org home directories) have been migrated to the website +proper. + +A JIRA area has been established for tracking legal issues, and this has +resulted in a lot of activity and issues moving to closure. + +Two major areas of future focus: + +Nearer term is a sincere desire in a number of areas to be more proactive +about obtaining suitable licenses for potential patents. This has caused +problems as patent licensing issues are not as clear cut as copyright or +trademark issues. I'm comfortable having the Legal Affairs Committee making +the call that, for example, WSRP4J and POI pose acceptable risks for the +foundation, and downstream help PMCs mitigate those risks should these +assessments prove to be unfounded. + +Longer term, clarifying and documenting the various notice requirements +(NOTICE, LICENSE, README) needs attention. +++ + +May 21, 2008 ++ 5. Additional Officer Reports + + B. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +A fairly quiet month. + +The iBATOR trademark infringement issue seems to have been resolved +satisfactorily. + +Glassfish has now corrected the license issue with prior versions of +their product (as of the last board report, they had only addressed +the latest version). + +Andy Oliver is continuing to work quietly with myself and ASF council +to see if we can identify and resolve his concerns with the Microsoft +funding of Sourcesense to implement OOXML. + +WSRP4J appears to be in a roughly analogous place. There are no known +actively enforced patents by either IBM or WebCollege that apply to +this code, but a desire to preemptively and proactively get a +license agreement. + +As indicated in the incubator report, nobody on the Legal Affairs +Committee has expressed any concern with the changes proposed by Roy +for the procedures for IP Clearance. + +Questions on compatibility with various licenses continue to pop up +from time to time. + +No questions on third party licensing issues arose during the past +month. +++ + +April 16, 2008 ++ 5. Additional Officer Reports + + B. Apache Legal Affairs Committee [Sam Ruby] + + See Attachment 2 + + 7. Special Orders + + A. Update Legal Affairs Committee Membership + + WHEREAS, the Legal Affairs Committee of The Apache Software + Foundation (ASF) expects to better serve its purpose through the + periodic update of its membership; and + + WHEREAS, the Legal Affairs Committee is an Executive Committee + whose membership must be approved by Board resolution. + + NOW, THEREFORE, BE IT RESOLVED, that the following ASF member be + added as a Legal Affairs Committee member: + + Craig Russell <craig.russell@sun.com> + + Special order 7A, Update Legal Affairs Committee Membership, + was approved by Unanimous Vote of the directors present. + +----------------------------------------- +Attachment 2: Status report for the Apache Legal Affairs Committee + +Sun has restored Apache License headers to the Jasper code with +Glassfish V3. Craig Russell was instrumental in making this happen. +I feel this issue is now closed. + +In related news, the Legal Affairs Commitee voted to add Craig to the +committee, and it appears as resolution 7A on today's agenda. From time +to time, I see a number of smaller items that come up on the legal +mailing lists go unaddressed. I intend to continue to pursue expanding +the Legal Affairs Committee membership. + +We received more information on the trademark concern, and this has +resulted in Apache iBATIS beginning the process of renaming Apache +iBATIS Abator to Apache iBATIS iBATOR. + +The Legal Affairs committee participated in a number of JCP and Harmony +related discussions. This is already adequately covered by the report +from the VP of JCP. + +The third party licensing policy continues to remain a draft and despite +not being made into a policy, is still useful as a set of guidelines and +hasn't prevented us from making meaningful progress on actual requests +from podlings and PMCs, such as the request as to how Buildr is to treat +dependencies covered under the Ruby license. + +There has been discussion regarding WSRP with respect to patents. +While it isn't clear that there is a patent that reads on WSRP, but a +member of the portals PMC sent a request inquiring as to how certain +patents would be licensed by IBM and Web Collage. Upon review, the +consensus seems to be that the agreement presented to us by Web Collage +is not sufficient for our needs. + +POI has a situation where a committer has stated his intent to +revert commits which were made several months ago based on a feeling +that there may be patents which read on the code in question. + +Portions of the legal site are in flux, and meta discussion as to when +and who can update the site occur from time to time. This is normal +and healthy. +++ + +March 19, 2008 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Sam Ruby] + + See Attachment 1 + +----------------------------------------- +Attachment 1: Report from the VP of Legal Affairs + +The third party draft has been a significant distraction. This document +serves a quite useful purpose -- as a guide. Shortly after this month's +board meeting, I plan to publish a short document describing how it +is useful as a guide and identifying a few places where hard distinctions +it attempts to make are overreaching and will not (yet) be enforced. + +Meanwhile, focus will return to concrete, tangible, and near-term +decisions. The first two of which which will be resolved this week +deal with code licensed for use "in the creation of products supporting +the Unicode Standard" and an optional LGPL "deployer" distributed in +source form. + +Other activities: + * WSRP4J is looking into potential patent claims + * Ongoing crypto notice work + * Discussion on maintenance of the year on copyright notices + * Question as to whether we would allow projects to dual license (answer: no) + * Discussion of various open specification pledges, particularly Microsoft's + * OSGI bundle requirements will require ServiceMix to create, maintain, and + distribute a small amount of CDDL licensed descriptions. + * Continuing confusion over the split between the NOTICE and LICENSE files, + this needs to be dealt with by the Legal Affairs Committee + * Fielded a question from a non-profit that wanted to base their license + off of ours. + * A growing list of open legal questions, mostly related to third party + licensing. + * Glassfish still hasn't restored the Apache License headers to Jasper + files, despite some encouraging words that they were going to. Yet + another letter was sent to Simon Phipps and the legal contact at Sun + he provided me with. +++ + +February 20, 2008 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Sam Ruby] + + See Attachment 1 + + Approved by General Consent. + +7. Special Orders + + E. Update Legal Affairs Committee Membership + + WHEREAS, the Legal Affairs Committee of The Apache Software + Foundation (ASF) expects to better serve its purpose through the + periodic update of its membership; and + + WHEREAS, the Legal Affairs Committee is an Executive Committee + whose membership must be approved by Board resolution. + + NOW, THEREFORE, BE IT RESOLVED, that the following ASF member be + added as a Legal Affairs Committee member: + + Henri Yandell <bayard@apache.org> + + Special order 7D, Update Legal Affairs Committee Membership, + was approved by Unanimous Vote. + +----------------------------------------- +Attachment 1: Report from the VP of Legal Affairs + +Last month, I mentioned a potential trademark infringment issue that was +brought to our attention. I contacted the individual requesting more +information, and have not heard back. Until I hear more, I have no +plans of pursing this further. + +Sun continues to ignore our request that the licence headers be restored +on the portions of Glassfish. I have sent a third request (the first +was in September) that Sun follow the FSF's recommendations on this matter. +If Sun continues to drag their feed on this matter, it is time to explore +other options to get Sun to comply. + +While this work has been ongoing for some time, this month there has +been a marked uptick in the export classification activities and general +awareness of these ECCN related issues. + +Most of the efforts of this month were on trying to refine the ASF's +Third Party Licensing policy, primarily by attempting to create an +informal poll. I seeded this with three hypothetical positions, and +mostly people were divided into two camps. One camp didn't see much +of a dividing line between the first two positions, but clearly saw +position three as distinct and reacted negatively towards it. The +other saw little difference between positions two and three, but reacted +equally negatively to position 1 as the first camp did to position 3. + +A bare minimum that I believe that we can achieve ready consensus on is +a policy that all sofware developed at the ASF from here on is to be licensed +under the Apache License, Version 2.0, and that we will take no actions +that limit our ability to distribute our software under this license. +Roy has indicated that this may not have been the policy in the distant +past, but as near as I can tell, it has been the way that we have been +operating for quite some time now, hence the conclusion that this should +be able to readily gain consensus. + +One world view is that that bare minimum is not enough. One can argue +that it makes little sense if our software is licensed under a pragmatic +license if that sofware is entangled with dependencies that effectively +eliminate all the pragmatic aspects of our license. + +The other world view is that our software is, well, soft; i.e., maleable. +Our licensees are welcome to modify, combine, and optionally contribute +back to our code bases. Furthermore, no matter how hard we try, our +licensees are operate under a variety of different constraints or have a +differing interpretations of license compatibility. + +Choosing between these two world views is difficult; but given that the +former can only be executed if there are ample exceptions for "system" or +"soft" dependencies -- concepts that are both undefinable and all too open +to gaming -- clearly the latter is easiest to understand and administer. +Or there is a belief that a "spec" from an industry consortia and with +no independent implementations somehow makes copyright and patent issues +less relevant. In any case, add to all this the evident divide, and the +first world view becomes not only harder to understand and administer, +it becomes absolutely unworkable. Simply put, an excemption for "system" +dependencies that is based on a "I'll know it when I see it" policy doesn't +work if a substantial portion of the people who may be drawn upon to express +an opinion on the subject simply don't believe that any such distinction is +either necessary or even makes sense as a policy. + +Therefore it appears that the only workable policy is one where we continue +to require PMCs to compile a comprehensive set of LICENSEs to accompany each +of our releases so that our licensees can make an informed decision. That, +and perhaps to we can increase our efforts to educate PMCs as to the effects +such dependencies have on community size. + +While this approach is workable, it is one that may be difficult to reverse. +Hence, a slow and cautious approach is warranted. Should there be any +as of yet unexpressed feedback, now would be a good time to provide it. + +I have reviewed the minutes for the meetings of 2005/06/22 and 2007/03/28 +establishing the VP of Legal Affairs and the Legal Affairs Committee +respectively, and believe that no board resolution and/or explicit approval +is required for the Legal Affairs Committee to proceed on this matter. +++ + +January 16, 2008 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Sam Ruby] + + See Attachment 1 + + Request was made that legal/status be updated. + + Approved by General Consent. + +----------------------------------------- +Attachment 1: Report from the VP of Legal Affairs + +The requested FAQ additions have been completed and posted. These +additions did attract quite a few comments of support, and everybody had +more than ample time to comment. I've seen no negative fallout as of yet +of these additions. I mention this because these additions were initially +controversial, but my impression is that over time some of the participants +simply got less vocal rather than converted. + +Jason Schultz has left his staff attorney position at the EFF. Fred von +Lohmann of the EFF has agreed to support us in his place. + +We have been informed of a potential tradmark infringment issue. I shoud +have more details by the next meeting. + +There is a backlog of items that need to be addressed, preferably in +parallel rather than serially. Rather than waste report time on what +I perceive to be the biggest item, namely competing the Third Party +Licensing policy, time permitting, I've added a discussion item in the +hopes that we can come to a quick consensus on the approach. If quick +consensus isn't achievable here, then the hope is that this will serve +as a heads up so that the interested parties can participate in the +discussion on legal-discuss. + +Other items in the backlog: + Third Party Licensing: + Minor update to to add OSOA as category A + Additional updates to cover notices of optional dependencies (log4cxx, apr) + Need a policy on whether depencencies on Ruby Gems are permissable (Buildr) + WSRP4J licensing issues (Portals) + Fork FAQ +++ + +November 14, 2007 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Sam Ruby] + + No written report submitted. + + Brief discussion on the possibility of doing a BOF at ApacheCon. +++ + +October 17, 2007 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Sam Ruby] + + See Attachment 1 + + Approved by General Consent. + +----------------------------------------- +Attachment 1: Report from the VP of Legal Affairs + +After an extended quiet period, I thought I would collect up a +few updates to the website, but that re-awoke the discussion. +What's cool is that this time around, there actually are more +people than Doug actually proposing actual wording. I'm +convinced that we are continuing to make forward progress. + +Backlog of items include following up with Sun on following the +licensing terms for Jasper, and a "fork FAQ". +++ + +September 19, 2007 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Sam Ruby] + + Brief discussion concerning the possible need to change the bylaws. + We decided not to pursue such a change. + + Approved by General Consent. + +----------------------------------------- +Attachment 1: Report from the VP of Legal Affairs + +Relatively quiet (and short) month. + +I believe that we are making progress on the Y! proposed additions to the +FAQ, and should be able to close shortly. Short summary of the key issue: +while the ASF as a whole does not confer any official status to +"subprojects", this proposed FAQ would officially recognize that a PMC +may, in fact, produce a number of independent "products". + +Simon Phipps forwarded to me a writeup by the FSF on how to retain +appropriate copyright headers on works derived from non-GPL codebases +and incorporated into GPL codebases. I posted this link on +legal-internal, and it didn't provoke any objections, so I asked +Simon to follow these instructions on the Jasper/Glassfish code. I +will follow up to ensure that this is done. +++ + +August 29, 2007 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Sam Ruby] + + See Attachment 1 + + Approved by General Consent. + +----------------------------------------- +Attachment 1: Report from the VP of Legal Affairs + +* Continuing to work on Yahoo! patent scope FAQ. +* Updated web page concerning Apache License and GPL compatibility +* Updated 3rd party policy, resolving Geronimo and MyFaces issue +* Participated in two call with ASF council regarding JCK/FOU issue +* Continuing to work with Sun over ASF license code issues in Glassfish + +My goal continues to be to delegate more of this. If necessary, +I will recruit more people onto the legal committee in order to +make this happen. +++ + +July 18, 2007 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Cliff Schmidt / Henning] + + See Attachment 1 + + Approved by General Consent. + + 7. Special Orders + + E. Update Legal Affairs Committee Membership + + WHEREAS, the Legal Affairs Committee of The Apache Software + Foundation (ASF) expects to better serve its purpose through the + periodic update of its membership; and + + WHEREAS, the Legal Affairs Committee is an Executive Committee + whose membership must be approved by Board resolution. + + NOW, THEREFORE, BE IT RESOLVED, that the following ASF member be + added as a Legal Affairs Committee members: + Sam Ruby <rubys@apache.org> + + Special order 7E, Update Legal Affairs Committee Membership, was + approved by Unanimous Vote. + + + F. Change the Apache Vice President of Legal Affairs + + WHEREAS, the Board of Directors heretofore appointed + Cliff Schmidt to the office of Vice President, Legal Affairs, + and + + WHEREAS, the Board of Directors is in receipt of the resignation + of Cliff Schmidt from the office of Vice President, Legal + Affairs, and + + WHEREAS, the Legal Affairs Committee has recommended Sam Ruby as + the successor to the post; + + NOW, THEREFORE, BE IT RESOLVED, that Cliff Schmidt is relieved + and discharged from the duties and responsibilities of the office + of Vice President, Legal Affairs, and + + BE IT FURTHER RESOLVED, that Sam Ruby be and hereby is appointed + to the office of Vice President, Legal Affairs, to serve in + accordance with and subject to the direction of the Board of + Directors and the Bylaws of the Foundation until death, + resignation, retirement, removal or disqualification, or until a + successor is appointed. + + Special order 7F, Change the Apache Vice President of Legal Affairs, was + approved by Unanimous Vote. + +----------------------------------------- +Attachment 1: Report from the VP of Legal Affairs + +As mentioned in last month's report, I wish to resign as VP of Legal +Affairs. The Legal Affairs Committee has discussed possible +replacements over the last month and have reached consensus on Sam +Ruby, who is not currently on the committee. Therefore, I have +prepared two resolutions for the board to vote on: one to add Sam to +the committee (being a board/executive committee) and one to have him +replace me as VP. + +There are no other issues requring board attention this month. +++ + +June 20, 2007 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Cliff Schmidt / Greg] + + See Attachment 1 + + Approved by General Consent. + +----------------------------------------- +Attachment 1: Report from the VP of Legal Affairs + +On May 31st, the FSF released its "last call draft" of the +GPLv3. In this draft and its associated press releases, the +FSF prominently states that there is no longer a concern +about the Apache License being "incompatible" with the GPLv3. +The compatibility issue is describing whether they see a +problem with an Apache-Licensed component being included +within a larger GPLv3-licensed work. This is what they no +longer see a problem with. Of course, there would still be +much concern and debate about the licensing restrictions of a +larger Apache-Licensed work that included a GPLv3-licensed +component. + +The only other issue to report is that the legal affairs +committee has been up and running for well over a month. In +fact, I coordinated approval of the FSF's proposed GPLv3 +wording with the committee (although sadly didn't plan far +enough advance to coordinate this report). I will soon be +asking the committee for nominations and an election of a +new VP of Legal Affairs, with a proposed resolution before +the Board by next month's meeting. +++ + +April 25, 2007 ++ 5. Other Reports + + A. VP of Legal Affairs [Cliff] + + See Attachment 1 + + Cliff indicated that, assuming the current "incompatibility" + between GPLv3 and AL 2.0 is resolved, he does not foresee any + further potential conflicts. + + Approved by General Consent. + +----------------------------------------- +Attachment 1: Report from the VP of Legal Affairs + +As I mentioned in my post to the board@ list shortly after last Board +meeting, the FSF's third discussion draft of GPLv3 included a note +that GPLv3 would not be compatible with the Apache License due to the +indemnification provision. Both Larry Rosen and I have been in touch +with the FSF and SFLC and expect this statement of incompatibility +will soon be reversed without any change in the Apache License. + +The Board approved my resolution to establish a Legal Affairs +Committee at last month's meeting. However, I have been lame in +getting things started due to a shortage of available time in the last +few weeks. I'll start getting the ball rolling this week. +++ + +March 28, 2007 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Cliff] + + I have proposed a new Legal Affairs Committee to + distribute the current legal affairs workload to a + coordinated group ASF members, to assign responsibility + for legal policy deliberation and decision making to the + same group under the supervision of the board, and to + provide a structured means of participation and + familiarization for those interested in taking over the + Legal VP job one day. The resolution is on the agenda. + It is currently written as an Executive committee, but + we can discuss if that is best. + + I've worked with Geir on issues related to the JCK + licensing problems, but I will let him report on that. + + 8. Special Orders + + C. Establish the Legal Affairs Committee + + WHEREAS, the Board of Directors deems it to be in the best + interests of the Foundation and consistent with the + Foundation's purpose to create an Executive Committee charged + with establishing and managing legal policies based on the + advice of legal counsel and the interests of the Foundation; + and + + WHEREAS, the Board of Directors believes the existing office of + Vice President of Legal Affairs will remain a valuable role + within the Foundation and would benefit from the creation of such + a committee. + + NOW, THEREFORE, BE IT RESOLVED, that an ASF Executive Committee, + to be known as the "Legal Affairs Committee", be and hereby is + established pursuant to the Bylaws of the Foundation; and be it + further + + RESOLVED, that the Legal Affairs Committee be and hereby is + responsible for establishing and managing legal policies based + on the advice of legal counsel and the interests of the + Foundation; and be it further + + RESOLVED, that the responsibilities of the Vice President of + Legal Affairs shall henceforth include management of the Legal + Affairs Committee as its chair; and be it further + + RESOLVED, that the persons listed immediately below be and + hereby are appointed to serve as the initial members of the + Legal Affairs Committee: + + Cliff Schmidt + Davanum Srinivas + Garrett Rooney + Geir Magnusson + Jim Jagielski + Justin Erenkrantz + Noel Bergman + Robert Burrell Donkin + Roy Fielding + William Rowe + + Special Order 6C, Establish the Legal Affairs Committee, + was approved by Unanimous Vote. +++ + +February 21, 2007 ++ 5. Additional Officer Reports + + A. VP of Legal Affairs [Cliff] + + The CLA FAQ proposed at last month's meeting was reviewed + by our counsel. Small changes were made and an additional + Q&A was added to clarify the future patent claims issue. + The FAQs have been posted to legal-discuss where there is + some discussion to make a very minor clarification. In short, + I believe this issue is pretty much resolved. + + A pretty bad trademark violation was reported, which I forwarded + to the PRC and assisted them in an initial draft (with a review + through counsel). +++ + +January 17, 2007 ++ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + + The only issue to report this month is the patent license FAQ. + Following the plan I suggested in October, I've taken the FAQ + proposed by Doug and agreed to by Roy (which addresses the + concern for consistency with Roy's public statements on the topic + while he served as ASF Chairman) and asked our counsel to review + and advise. Barring any legal concerns from counsel, I recommend + posting this FAQ. Incidentally, the question part of the FAQ is + nearly identical to the one proposed in our September meeting; + however, the answer no longer has the problem raised by some + directors (that it was attempting to answer more than the + question). +++ + +December 20, 2006 ++ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + + CLA UPDATE: I sent an update to legal-discuss last week to + let everyone know that the plan is to publish a document + that describes the original intention behind some of the + ambiguities in the CLA and then to discuss the idea of + a new version. Roy has agreed to write the "original + intention" doc based on what statements he had made about + the CLA's interpretation while he was ASF chair. + + GPLv3 COMPATIBILITY: The SFLC contacted me about the latest + proposed changes to the patent licensing in the next + draft of GPLv3. I am reviewing now to ensure these + changes would still allow Apache-Licensed works to be + included in GPLv3-licensed works. + + STANDARDS LICENSING: I reviewed the BPEL specification patent + licenses for Apache ODE. The licenses would not be + acceptable by the ASF; however, there do not currently + appear to be any patents to license. So, I see no problem + with ODE implementing the BPEL spec. Another spec reviewed + was the Yahoo-submitted IETF RFC on DomainKeys. Noel + submitted this to legal-internal by Noel for review during + ApacheCon US. I reviewed and commented on it there; while + not ideal, it appears reasonable and should not hold back + our development. My analyses for both BPEL and DomainKeys + was approved by our legal counsel on legal-internal. +++ + +November 15, 2006 ++ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + + Cliff reported that work is continuing on the "crypto export" + clarifications for use within the ASF. Also being worked on + is the standards licensing. Cliff noted that SenderID is + covered under the Open Specification promise, and therefore + removes any restrictions on use. +++ + +October 25, 2006 ++ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + + Cliff reported that during ApacheCon, the CCLA issue was further + discussed with many people, especially Roy and Doug Cutting. Both + Roy and Doug were happy with the approach taken and Roy committed + to "writing up" what his intents were with the CCLA, so that + misinterpretation of the letter and spirit of the CCLA no longer + exists. + + Cliff indicated his desire to create a sort of Legal Committee, + similar to the PRC or Security Team, to allow for a wider + range of volunteers to help with the various legal issues and + questions still being worked on. His hope is also that this + will provide an opportunity for him to resign from the VP of + Legal Affairs position after a period of time. + + Cliff reported that a number of Universities and Colleges have + contacted him regarding their own efforts in creating suitable + licenses for their open source educational software. Cliff + suggested that the ASF possible provide feedback and insights + regarding our experiences with the AL as well as the iCLA and + CCLAs. +++ + +September 20, 2006 ++ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + + CRYPTO EXPORT DOCS: This work has been complete for over a + month and projects are now starting to use the docs/process. + At this stage it still requires me to work closely with the + project to ensure they understand the docs, but the system + is working. This will scale better as the docs are improved + through experience. + + STANDARDS LICENSING: The standards patent covenant that I have + mentioned giving feedback on over the last couple reports + was made public about one week ago: the Microsoft "Open + Specification Promise". While it is not perfect, I + believe it should not block PMCs wishing to implement + covered specifications. + + USPTO/OSDL's OSAPA: The Open Source As Prior Art initiative + met in Portland, OR, last week for two days. I was able + to join the group for the second day to learn a little + about what is being planned. Will follow-up with email + to board@. + + THIRD-PARTY LICENSING POLICY: Haven't gotten to this yet, but + hoping to make minor revisions and make enforcement + approach clear in doc (as described in previous reports) + and then call it final, and ideally have it included in + same email to committers as alerts on src header and + crypto docs. (No change since last month) + + OSS PROJECT CODE MOVED TO ASF: When an incubating project's + initial code base is submitted to the ASF, our CLA + requires that "work that is not Your original creation" + must be submitted "separately from any Contribution, + identifying the complete details of its source and... + conspicuously marking the work as "Submitted on behalf of + a third-party: [named here]". This presents a problem + when the code base is an existing OSS project with + intermingled IP from various sources. One solution I've + seen in the past is for the multiple authors to jointly + sign the same grant; however, due to a few problems with + this approach, I've worked with one set of initial + contributors to create a script that uses svn blame/log + and a mapping file (svn id or a rev # --> legal owner) to + output an exhaustive set of annotations to satisfy this + requirement. + + PATENT LICENSING IN CCLAS: I am late on getting this report + done. I'm still having discussions with our lawyers and + other members of the open source community on a daily / + weekly basis. The goals of the report are to detail the + ambiguities in the patent language of the current CCLA + and to suggest that the board consider options, such as + specific clarifications, revisions, and supplementary + processes. These can be discussed at today's meeting if + the board wishes; in addition, Doug Cutting would like the + board to consider an FAQ to address some aspect of the + CCLA's ambiguity. + + Cliff also reported that he will commit to having the + 3rd Party issues complete by ApacheCon Austin. +++ + +August 16, 2006 ++ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + + LICENSING HEADER: About to move the deadline back to Nov 1st + due to my slowness in getting out an email to committers@ + pointing to new policy. However, many projects are + already switching over from pointers on legal-discuss. + + CRYPTO EXPORT DOCS: Lots of work with APR and especially + James on fine-tuning the format for the email reports and + web page. Have updated the docs to reflect this. Pretty + much done now -- just need to include this on the + committers@ email (see above re: license header). + + THIRD-PARTY LICENSING POLICY: Haven't gotten to this yet, but + hoping to make minor revisions and make enforcement + approach clear in doc (as described in previous reports) + and then call it final, and ideally have it included in + same email to committers as alerts on src header and + crypto docs. (No change since last month) + + PATENT LICENSING IN CCLAS: I've continued to do some + research and have some discussions with various companies + and other open source organizations on this topic. I + still hope to have a report comparing the options by the + end of this month. + + STANDARDS LICENSING: A large software company will be soon + be releasing a new patent license (actually a promise + not to sue), under which several specifications will be + covered. Much of our feedback has been incorporated + into the latest draft. I expect we will be satisfied + with the final result (TBA this month). +++ + +July 19, 2006 ++ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + + LEGAL HOME PAGE: Have created new legal home page with links + to docs relevant for users and committers. Also posting + and linking to these legal reports for interested + committers to track progress. Please let me know if + there are any concerns about this. Will publicize the + legal home page and its links on Friday in email to + committers@. + + LICENSING HEADER: The final version is now posted, linked + from the new legal web page: apache.org/legal. Email to + committers will go out on Friday. + + CRYPTO EXPORT DOCS: A nearly final version of this is posted + including a lengthy FAQ from various dev-list + discussions. Last step is to work with dreid on project- + specific RDF files that build final required web page. + Hoping to have this also done and in email to committers + on Friday. + + THIRD-PARTY LICENSING POLICY: Haven't gotten to this yet, but + hoping to make minor revisions and make enforcement + approach clear in doc (as described in previous reports) + and then call it final, and ideally have it included in + same email to committers as alerts on src header and + crypto docs. + + PATENT LICENSING IN CCLAS: I've tried to keep the board + aware enough of this discussion over the last 2-3 months + to jump in as any director sees fit; however, recent + discussions on board@ lead me to believe that I should + request this to become an item of new business, rather + than wait for another director to inquire more about it. + I suggest a brief conversation on the topic today, + followed by a more detailed presentation of the concerns + of each side of the issue at some point in the near + future. + + SFLC LETTER ON ODF: After clarifying with SFLC that we did + not want their letter to represent an "Apache position" + on ODF nor did we want our name used in any PR on the + subject, I agreed to the text of their letter. Since + publishing the letter several weeks ago, they appear to + have honored my requests completely. + + STANDARDS LICENSING: I continue to have conversations with + vendors on how they can improve the licensing of their + essential patent claims for specifications that Apache + would consider implementing. I'm actually seeing some + progress/willingness to revise from vendors. +++ + +June 27, 2006 ++ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + LICENSING HEADER: I sent a summary of the resolution passed at last month's meeting to the legal-discuss list and am compiling a short FAQ based on questions from that @@ -67,9 +1708,753 @@ specification. If we agree with the draft, they would like to issue a statement that they are representing the positions on two of their clients, the ASF and FSF. +++ + and be it further - + RESOLVED, that for the case of works that have not been + directly submitted by the copyright owners to the Foundation + for development, the associated copyright notices for the work + shall not be moved, removed, or modified. + + By Unanimous Vote, Special Order 6C, Establish guidelines for + handling copyright notices and license headers, was Approved. +May 24, 2006 ++ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + + LICENSING HEADER: I have submitted a resolution for the + Board's consideration to set a new policy for source + code headers. In brief, the headers will no longer + include any copyright notice, only a licensing notice + and a mention of the NOTICE file for copyright info. + The NOTICE file will include the ASF's copyright notice, + in addition to other required notices. Copyright + notices in third-party components distributed within ASF + products will not be touched. + + CRYPTO EXPORT POLICY: I have posted a crypto policy at + http://apache.org/dev/crypto.html. The policy should + answer most of our questions in this area, but will be + gradually enhanced over time. + + GPLv3 COMPATIBILITY: After a close review of the first draft + of GPLv3, I brought up potential incompatibility issues + with the Apache License to the GPLv3 discussion committee + that I serve on. The FSF's counsel hopes these issues + can be addressed in the next draft. As I've said before, + both the FSF and the SFLC continue to be unwavering in + their dedication to ensure GPLv3 is compatible with Apache + License v2. + + PATENT LICENSING IN CCLAS: I've spent a lot of time with + one particular corporate legal staff lately with their + questions of whether the CCLA implies that the set of all + possible patent claims being licensed can be known at the + time of contribution. It's obvious why a corporation + would want the answer to be affirmative; however, such an + answer would not protect the project's work from patent + infringement claims by a contributor regarding how their + contribution is combined with other things. It may be + worth revising the (C)CLA language to make this more + clear. + + ELECTRONICALLY SUBMITTED AGREEMENTS: Now allowed. See the + Secretary's report. + + LICENSING AUDITS: I work closely with the Eclipse Foundation's + IP Manager, who continues to inform me of apparent + inconsistencies and inaccuracies in the licensing of + ASF products. I've been asking PMCs to address these + issues as they come up, but what we really need is an + internal audit on each product to get these problems + fixed. Before we can do that, we need complete + documentation on the things an audit should look for and + how they should be corrected. I will likely make this a + priority for the "Docathon" at ApacheCon EU next month. + + THIRD-PARTY IP: Due to the issues above, I've neglected to + make the few remaining changes to the draft licensing + policy doc and publish the official version. As I + mentioned last month, I intend to tell PMCs that all new + products MUST conform to the policy, but that all + existing products that do not currently conform need to + only take one action over the next six months: report + where/how they are not conforming so that the practical + impact of the policy can be better understood without + yet requiring substantial changes. The philosophy + behind this "impact evaluation period" is that the + policy was primarily intended to document the mostly + unwritten rules today and to choose one rule when + multiple exist across the ASF. Now that I've cleared + the license header and crypto issues off the high + priority list, I hope to focus exclusively (as much as + possible) on getting the 1.0 version out. + + 6. Special Orders + + C. Establish guidelines for handling copyright notices and license + headers. + + WHEREAS, the copyright of contributions to The Apache + Software Foundation remains with the contribution's owner(s), + but the copyright of the collective work in each Foundation + release is owned by the Foundation, + + WHEREAS, each file within a Foundation release often includes + contributions from multiple copyright owners, + + WHEREAS, the Foundation has observed that per-file attribution + of authorship does not promote collaborative development, + + WHEREAS, inclusion of works that have not been directly + submitted by the copyright owners to the Foundation for + development does not present the same collaborative + development issues and does not allow the owners to consider + the Foundation's copyright notice policies; + + NOW, THEREFORE, BE IT RESOLVED that for the case of copyright + notices in files contributed and licensed to The Apache + Software Foundation, the copyright owner (or owner's agent) + must either: remove such notices, move them to the NOTICE + file associated with each applicable project release, or + provide written permission for the Foundation to make such + removal or relocation of the notices, and be it further + + RESOLVED, that each release shall include a NOTICE file for + such copyright notices and other notices required to accompany + the distribution, and be it further + + RESOLVED, that the NOTICE file shall begin with the following + text, suitably modified to reflect the product name, version, + and year(s) of distribution of the current and past releases: + + Apache [PRODUCT_NAME] + Copyright [yyyy] The Apache Software Foundation + + This product includes software developed at + The Apache Software Foundation (http://www.apache.org/). + + and be it further + + RESOLVED, that files licensed to The Apache Software + Foundation shall be labeled with the following notice: + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. --
+ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + + Cliff reported that the 3rd Party License report will + likely be officially released later on this month (April), + at which point he will start on the Copyright/Header + issues. Regarding the 3rd Party License report, it is + fully expected that, even though discussed and reviewed, + there will be further discussions upon release. The board's + stand is that we should release it "as is" and retify + things if required. All new projects will need to adhere + to the policy; existing projects will be given time to + bring their codebases up to policy standards. + + The board expressed their appreciation to Cliff for + a Job Well Done. ++
+ 4. Officer Reports + + E. VP of Legal Affairs [Cliff] + + THIRD-PARTY IP: After nearly two months of review on the + board@ list and one month of review by pmcs@, I've + finally posted the latest draft of the third-party + licensing policy to the legal-discuss list. My goal + is to get all new comments or concerns collected by + the end of the month, and resolve all issues to get + a final, official, v1.0 release in April. I will + also be trying to solicit user comments through the + feather blog and a brief pointer sent to a few of + the project user lists. However, I would also like + to explicitly verify that there is a consensus from + the Board in support of the guiding principles* + behind the policy and the resulting license criteria**. + *http://people.apache.org/~cliffs/3party.html#principles + **http://people.apache.org/~cliffs/3party.html#criteria + + LICENSING HEADER, ETC: Now that the third-party policy + doc is out there, my next major project is to draft + and get our counsel to approve a document that + updates our source code licensing header, + describes where to place copyright notices, various + third-party licenses, explains how to deal with + crypto export issues, and more. Although I think it + will be useful to our committers to have this all in + one document, I won't hold up getting a resolution on + the license header/copyright notice issue to wait for + the rest of the document. ++
+ 4. Officer Reports + + E. V.P. of Legal Affairs [Cliff] + + GPLv3: I just finished attending the GPLv3 conference at MIT, + during which the first "discussion draft" of the GPLv3 + was presented. The most relevant news is that the current + discussion draft includes a "License Compatibility" + section that allows the inclusion of Apache-Licensed (v2.0) + independent works within GPLv3-licensed programs. This + section may change within the next year, but it remains + clear that Eben and RMS will continue to make this sort + of compatibility with the Apache License a priority. The + other news is that I have accepted an invitation to + represent the ASF on one the GPLv3 "discussion committees". + + THIRD-PARTY IP: I will be sending out a draft policy on third- + party IP to the board@ list this Friday, January 20th. + + Cliff further reported that the Copyright Notice Policy + was still being worked on, and will be finished some time + after the completion of the 3rd Party License Policy + Report. ++
+ 4. Officer Reports + + E. V.P. of Legal Affairs [Cliff Schmidt] + + PATENT ISSUES: I had a second meeting with Microsoft about + possible improvements to the patent licenses that they + have stated would apply to various WS specifications at + OASIS. Details can be found in my summary post to + legal-internal on 6 Dec 05 (Message-Id: + <81007DBD-EBD8-45DC-8A35-0FB8F4F3FC11@apache.org>. I've + since asked them about the possibility of issuing a + Covenant not to enforce patent claims, similar to what they + recently did for Office 2003 Reference Schemas. No + response on that one just yet. + + GPLv3 COMPATIBILITY: Eben Moglen and RMS have each personally + asked that the ASF participate in the GPLv3 input/feedback + process, primarily to help ensure compatibility between + the GPL and Apache licenses. I plan to attend the first + GPLv3 conference at MIT in January for that purpose. + + THIRD-PARTY IP: After talking with 20+ ASF members at ApacheCon + about a proposed licensing policy, I am now ready to float + something formal by the membership. The short version is + that I believe we need to draw the licensing line at the + ability for our users to redistribute all parts of an + official ASF distribution under their own license, as long + as it does not violate the copyright owner's license. I'm + working up a list of how this would impact the top 30 OSI- + approved licenses and a few others, but I can tell you it + would exclude both the LGPL and the Sun Binary Code + License, which is currently used in Apache James. + + LAME LIST: In prior reports I said I expected to have a policy + written on crypto export and copyright notices. I'm late + on both. I am now able to projects with the correct + procedure for crypto, but I still need to get it formally + documented. ++
+ 4. Officer Reports + + E. V.P. of Legal Affairs [Cliff Schmidt] + + SFLC: Justin and I had a kick-off meeting with Eben and two + of his lawyers. Justin and Greg are already working + with one of them to handle any issues with our books + and 501(c)(3) status. Justin is the point person for + this work and will be handling ongoing status in his + Treasurer's report. + + BXA/CRYPTO: The Perl folks sent out the required notification + for the mod_ssl stuff. I've now taken their feedback and + drafted a process document to run through counsel. Jason + has referred me to another EFF lawyer with more crypto + export experience who has agreed to review it. + + COPYRIGHT NOTICS: Our counsel will be giving one final review + on the copyright notice issue starting this Friday + (during a monthly teleconference). Should have something + ready within one week after that. + + LGPL: I'm still waiting on feedback from Eben on my + Java/LGPL position paper that I sent him last month. He + wanted to refrain from giving me feedback until + discussing the matter with the FSF. I expect to have + something any day now, since that meeting should have + recently happened. I recommend we hold off any decision + to allow distribution of LGPL components within non- + incubating product JARs until getting this one last + opinion from Eben and then bouncing it off the rest of + our counsel. However, I do not think we should have any + legal concern about separately distributing the LGPL and + ASF component that depends on it; both Jason and Larry + have signed off on this question. + + THIRD-PARTY IP: In the process of working on a document to + get us to a comprehensive policy on what third-party + software we will distribute and how, I have created a + little matrix to summarize the issues across the most + common licenses of interest to the ASF today. I will + send this matrix to legal-discuss list today for + discussion. It might also be helpful for discussing + how LGPL is similar and different from licenses like + the CPL and CDDL. + + ASF LEGAL POLICY DOC: All these issues and more are being + written to live within a series of ASF legal policy + documents that I am hoping to have approved at or soon + after ApacheCon. + + HOUSEKEEPING: I've created a new directory /foundation/legal/ + Board to include all Legal reports and approved + resolutions with a README indicating that they are + compiled there for convenience and with a pointer to + the normative versions. ++
+ 4. Officer Reports + + E. V.P. of Legal Affairs [Cliff Schmidt] + + ADDITIONAL COUNSEL: I have signed an agreement with Eben + Moglen of the Software Freedom Law Center to have them + offer the ASF pro bono legal services. The first job + will be to work with Justin on renewing our 501(c)(3) + status and some of the thorny issues we need to resolve + to get our books in order. + + BXA/CRYPTO: While I was working on a draft crypto policy, + I was notified that the Perl PMC (and Tomcat?) may not + have sent notification to the Bureau of Industry and + Security (BIS, formerly known as BXA). This has + required me to try out specific guidance on these two + projects, which will hopefully make the formal policy + more robust. I'm still working with the Perl and + Tomcat PMCs to help solve their immediate issues. Most + of the relevant discussion has been cc'd to + legal-internal. + + COPYRIGHT NOTICES: Last month I reported that I was getting + general agreement from our counsel to move to a policy + that requires only a licensing notice, but not a + copyright notice at the top of each source file. I + regret to say that I have made very little progress on + this issue since last month. I'll have this ready for + next board meeting. + + LGPL: Last month I reported that this issue needs to be + addressed within the context of an overall policy stating + what licenses are acceptable for ASF distributions to + take dependencies on and distribute (see "Third Party IP" + issue below). Ten days ago, I sent Eben Moglen (in his + role as general counsel for the FSF) a five-page document + (including a developer-focused FAQ) on my interpretation + of exactly what the LGPL allows and does not allow related + to Java dependencies and distribution requirements. He + has not given me feedback on this yet, but has been + talking about releasing a similar position paper on behalf + of the FSF. + + THIRD-PARTY IP: Last month I reported that most of the + licenses we thought we could sublicense under the Apache + License (including the CPL) can really only be distributed + under their own license. So, we now need to figure out what + makes a license okay to include in an Apache distribution. + I've made very little progress on this in the last month, but + I hope to have a policy written, discussed, and ready for + approval by the December board meeting. + + ASF LEGAL POLICY DOC: Although I did not make as much progress + as I'd hoped on the copyright notice and third-party IP + issues over the last month, I did write up and outline for + an overall legal policy doc to address these issues and + others. The outline (including a brief preview of where + the document was probably headed) was sent to legal-discuss. ++
+ 4. Officer Reports + + E. V.P. of Legal Affairs [Cliff Schmidt] + + COPYRIGHT NOTICES: I have gotten Jason, Larry, Robyn, and + even Eben Moglen to all agree that we should be fine + with no copyright notice at the top of each source file, + and instead just include a licensing notice similar to + what Roy recently posted to the Board@ list. The issue + that isn't quite solved yet is the mechanics of ensuring + any COPYRIGHT file or section of the NOTICE file is in + sync with the CLAs and agreements from outside contributors. + + BXA/CRYPTO: I now have an understanding of the open source + exception to the crypto export requirements. I've read + through the relevant docs at bxa.doc.gov, eff.org, and + a legal opinion from McGlashan & Sarrail dated + September 13, 2000, which I found in /foundation/Records/BXA. + There was a minor (generally favorable) change to the + TSU exception (the one that applies to open source) last + December. The bottom line is that there appears to be no + problem with distributing source or binaries as long as we + give appropriate notice to the BXA/BIS. My next step is to + get an updated opinion from Jason and publish guidelines to + PMCs. + + LGPL: There's the legal requirements side of this issue and + the policy side (as with so many things). I believe I have + already completed the due dilligence on the legal + requirements side; however, during conversations with Eben + Moglen I've found that he plans to publish a document that + is explicit about the issues or non-issues with Java and + the LGPL. I will be sending him my view of these issues + this week, which I hope will influence what ends up in his + document. On the policy side, we need to stop treating the + LGPL differently from other licenses, and instead determine + what our policy is for taking dependencies on and + distributing third-party IP. + + THIRD-PARTY IP: Any time we bring in third-party IP that is + not licensed under the Apache License, we have two choices: + a) sublicense the work under the Apache License (if we have + the rights to do so), or b) distribute the Apache product + under each applicable license and make that clear to our + users. We've been trying to say we're only doing a) so far. + However, in my view we are obviously not consistently doing + this, nor do I think it is practical to do so. So, I'm now + thinking the best way to address issues of shipping CPL, + MPL, CDDL, LGPL, etc. is to stop trying to sublicense them + under the Apache License and instead create and implement + a policy that allows us to distribute products that contain + IP under some set of license terms (including terms outside + the scope of the Apache License). ++
+ 4. Officer Reports + + E. V.P. of Legal Affairs [Cliff Schmidt] + + I've inserted slightly edited versions of the same MPL/NPL + and LGPL resolutions, which were tabled last month. + + Since last month's meeting, I have: + - confirmed with a second member of ASF's legal counsel + that the proposed LGPL policy does not put our product + licensing at risk; + - posted and discussed the proposed LGPL policy on the + legal-discuss list, where no new concerns were raised + about the licensing ramifications; however there was + concern raised by both outside lawyers and Apache + committers that dependencies on LGPL libraries was not + in the best interests of some Apache users; + - engaged with representatives of the Mozilla Foundation + to discuss the proposed MPL/NPL licensing policy. While + they have *not* yet formally indicated their agreement + with our interpretation, they have not yet raised any + new concerns. + + Future action items include resolving the BXA/crypto issue + and investigating and proposing policies for the CPL, EPL, + and CDDL licenses. + + Finally, one of my short-term objectives is to overhaul the + legal STATUS file to reflect the current priorities and + status. + + 6. Special Orders + + B. Allow redistribution of MPL- and NPL-licensed executables + + WHEREAS, some Project Management Committees (PMCs) within + The Apache Software Foundation (ASF) expect to better serve + their mission through the use and redistribution of the + executable form of existing source code licensed under the + Mozilla Public License (MPL) or Netscape Public License (NPL); + and + + WHEREAS, it is the ASF's interpretation that the MPL and NPL + licenses permit distribution of such executables under the + terms of the Apache License, Version 2.0, provided the terms + applicable to the associated source code have been complied + with and that appropriate entries made in the ASF + distribution's NOTICE file; and + + WHEREAS, the current ASF licensing policy discourages the + distribution of intellectual property by the ASF under terms + beyond those stated in the Apache License, Version 2.0. + + NOW, THEREFORE, BE IT RESOLVED, that PMCs may use and + redistribute the executable form of existing source code + licensed under the MPL 1.0, MPL 1.1, NPL 1.0, or NPL 1.1; + and be it further + + RESOLVED, that PMCs must ensure such redistribution only + occurs after appropriate entries have been made in the ASF + distribution's NOTICE file and only if the PMC finds that + the MPL/NPL terms applicable to the associated source code + appear to have been satisfied. + + Special Order 6B, Allow redistribution of MPL- and NPL-licensed + executables, was Approved by Unanimous Consent. + + C. Allow product dependencies on LGPL-licensed libraries + + WHEREAS, some Project Management Committees (PMCs) within + The Apache Software Foundation (ASF) expect to better serve + their mission through the occasional dependency on existing + LGPL-licensed libraries when no other practical alternative + exists under terms covered by the Apache License, Version 2.0; + and + + WHEREAS, research into the impact of distributing ASF products + that depend on the presence of LGPL-licensed libraries + indicates that the product licensing terms are not affected by + such a dependency; and + + WHEREAS, the current ASF licensing policy discourages the + distribution of intellectual property by the ASF under terms + beyond those stated in the Apache License, Version 2.0. + + NOW, THEREFORE, BE IT RESOLVED, that PMCs may develop and + distribute products that depend on the presence of + LGPL-licensed libraries when no other practical alternative + exists under terms covered by the Apache License, Version 2.0; + and be it further + + RESOLVED, that PMCs will register such use of an LGPL-licensed + library with the Vice President of Legal Affairs prior to the + PMC's next regularly scheduled Board report, and in no case + less than two weeks prior to the distribution of the + applicable product(s); and be it further + + RESOLVED, that PMCs will continue to reevaluate whether a + practical alternative exists under terms covered by the Apache + License, Version 2.0, which could be substituted in place of + the LGPL-licensed library; and be it further + + RESOLVED, that PMCs must continue to ensure that they do not + distribute LGPL-licensed libraries or any other intellectual + property that is only available under licenses with terms + beyond those stated in the Apache License, Version 2.0. + + Special Order 6C, Allow product dependencies on LGPL-licensed + libraries, was Tabled. The main discussion points were + whether the permission of dependencies invalidated the + spirit of the ASF and the Apache License. Discussion was + to be continued on the Board mailing list. ++
+ 4. Officer Reports
+
+ E. V.P. of Legal Affairs [Cliff Schmidt]
+
+ See Special Orders for two proposed resolutions.
+
+ The first resolution allows PMCs to develop and distribute
+ software that depends on the presence of LGPL-licensed
+ libraries, *without* distributing the libraries themselves.
+ After numerous discussions with the FSF, other LGPL licensors,
+ and ASF counsel, Larry Rosen, it appears that such a policy
+ should not impact the product licensing. In order to allow
+ PMCs to apply this policy to all useful LGPL-licensed
+ libraries, the resolution does not require the PMCs to get
+ an agreement from each copyright owner, but instead requires
+ the PMC to register the use of the particular LGPL library
+ with the VP of Legal Affairs. See my post to the board@
+ list for more details ("My recommendation for an ASF policy on
+ the LGPL").
+
+ The second resolution allows PMCs to redistribute MPL/NPL-
+ licensed executables. The key difference between the MPL/NPL
+ and the LGPL regarding redistribution requirements is that the
+ MPL/NPL allows redistribution under any license (provided that
+ the distributor complies with the applicable terms of the
+ MPL/NPL); the LGPL requires redistribution of either the source
+ or executable of the library to be licensed only under the LGPL.
+
+ While the MPL 1.0, MPL 1.1, NPL 1.0, and NPL 1.1 are nearly
+ identical in their treatment of redistribution of executables,
+ it is important to note that the NPL licenses are not OSI-
+ approved, as they discriminate in favor of Netscape, weakening
+ the terms that Netscape has to comply with relative to other
+ users. See my post to the board@ list for more details ("MPL/NPL
+ Issue: My recommendation for an ASF policy on the MPL/NPL").
+
+ NOTE: Larry Rosen has agreed with my analysis of the MPL/NPL
+ licenses as described in the referenced post; however, yesterday
+ he suggested that I confirm that Mitchell Baker also agrees
+ (author of the licenses). I have not yet received her response.
+ This could be a reason to table this resolution.
+
+ 6. Special Orders
+
+ E. Allow product dependencies on LGPL-licensed libraries
+
+ WHEREAS, some Project Management Committees (PMCs) within
+ The Apache Software Foundation (ASF) expect to better serve
+ their mission through the use of existing LGPL-licensed
+ libraries as a product dependency; and
+
+ WHEREAS, research into the impact of distributing ASF products
+ that depend on the presence of LGPL-licensed libraries has
+ indicated that the product licensing terms are not affected by
+ such a dependency; and
+
+ WHEREAS, the current ASF licensing policy continues to require
+ all intellectual property distributed by the ASF be licensed
+ under the Apache License, Version 2.0.
+
+ NOW, THEREFORE, BE IT RESOLVED, that PMCs may develop and
+ distribute products that depend on the presence of
+ LGPL-licensed libraries; and be it further
+
+ RESOLVED, that PMCs will register such use of an LGPL-licensed
+ library with the Vice President of Legal Affairs prior to the
+ PMC's next regularly scheduled Board report, and in no case
+ less than one week prior to the distribution of the applicable
+ product(s); and be it further
+
+ RESOLVED, that PMCs must continue to ensure they do not
+ distribute LGPL-licensed libraries or any other intellectual
+ property that cannot be strictly licensed under the Apache
+ License, Version 2.0.
+
+ Discussion occurred that raised questions: Is the FSF position
+ public? Will downstream users be comfortable with this? The
+ conclusion was to give 3rd parties time to react to this
+ proposed resolution prior to voting on it. Resolution 6E
+ was tabled with general consent.
+
+ F. Allow redistribution of MPL- and NPL-licensed executables
+
+ WHEREAS, some Project Management Committees (PMCs) within
+ The Apache Software Foundation (ASF) expect to better serve
+ their mission through the use and redistribution of existing
+ software executables that are licensed under the Mozilla Public
+ License (MPL) or Netscape Public License (NPL); and
+
+ WHEREAS, research into the impact of distributing MPL- and
+ NPL-licensed executables indicated that such distribution
+ is allowed under the terms of the Apache License, Version 2.0,
+ only if specific entries made in the NOTICE file and if the
+ associated source code complies with the applicable terms of
+ the MPL/NPL; and
+
+ WHEREAS, the current ASF licensing policy continues to require
+ all intellectual property distributed by the ASF be licensed
+ under the Apache License, Version 2.0.
+
+ NOW, THEREFORE, BE IT RESOLVED, that PMCs may use and
+ redistribute software executables that are licensed under the
+ MPL 1.0, MPL 1.1, NPL 1.0, or NPL 1.1; and be it further
+
+ RESOLVED, that PMCs must ensure such redistribution only occurs
+ after entries are made in the associated product's NOTICE file
+ in compliance with the terms of the MPL/NPL, and that the
+ associated source code also complies with the applicable terms
+ of the MPL/NPL.
+
+ Resolution 6F was tabled with general consent. Questions arose
+ why MPL 1.0 was not ok before. It is suggested to get feedback
+ from Mitchel Baker.
+
+ Action Item: Review earlier arguments why MPL 1.0 was not ok.
+
+ + 6. Special Orders + + B. Appoint a Vice President of Legal Affairs + + WHEREAS, the Board of Directors deems it to be in the best + interests of the Foundation and consistent with the + Foundation's purpose to appoint an officer responsible + for legal affairs, including but not limited to streamlining + communication between the Foundation's Project Management + Committees, legal counsel, the Board and other parties + pertaining to legal issues. + + NOW, THEREFORE, BE IT RESOLVED that the office of + "Vice President of Legal Affairs" be and hereby created, + the person holding such office to serve at the direction + of the Board of Directors, and to have primary responsibility + of coordinating the Foundation's legal counsel pertaining to + legal issues; and be it further + + RESOLVED, that Cliff Schmidt be and hereby is appointed to + the office of Vice President of Legal Affairs, to serve in + accordance with and subject to the direction of the Board + of Directors and the Bylaws of the Foundation until death, + resignation, retirement, removal or disqualification, or + until a successor is appointed. + + By Unanimous Vote, Cliff Schmidt was appointed as VP of + Legal Affairs. ++