From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 13 19:43:52 2022 Received: (at 32947) by debbugs.gnu.org; 13 Apr 2022 23:43:52 +0000 Received: from localhost ([127.0.0.1]:54335 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nemeO-0003A0-7q for submit@debbugs.gnu.org; Wed, 13 Apr 2022 19:43:52 -0400 Received: from mail-ej1-f41.google.com ([209.85.218.41]:41938) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nemeM-00039j-25 for 32947@debbugs.gnu.org; Wed, 13 Apr 2022 19:43:50 -0400 Received: by mail-ej1-f41.google.com with SMTP id bh17so6950026ejb.8 for <32947@debbugs.gnu.org>; Wed, 13 Apr 2022 16:43:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Nqsri2ODCwSyIbWlJ27SuZTvuAZKN2Yr+lbqr9Lvjo4=; b=kb5RmcqmWjlKuAwsfmtJOxVdSvvXgkyaqWsFdxB2+1LFdlgAaNj7KnsH9UOqjAgO7q Eiocr4aI0RAWGCBB4MOslE9N0bUCmuE8OMwpWZNd1gXhkBSuh+N0aHb8KcqHC/c748eH bM1Ei5SiGgjW7YoX8Lvs2VMFGpKeBnFkvsXGmBoQ3r1bsmlDizc6YTqNIzc2L/4hJalg vIpGq0+70viGHOL+lfrlrU8aGeyibUSpyK2zs3OcNG0te5gw11vMTgPiCenweMhfqs/k Ta0FYyGEEzh7m20gALCJ5601gAwahSTxwQCrEj5brs2ArzGuILnDfLlkB2HDn2zGjHoi heeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Nqsri2ODCwSyIbWlJ27SuZTvuAZKN2Yr+lbqr9Lvjo4=; b=CbVOCNFG3qcQkWlZ2O9d8Jley0XBdnRqrY35I6Tfl27rcT/19tpNf4SDUuBWHujRpH lUfJidjZTUtOQigpzXCyFOC/ZDCWliplYq1b857aoOqOdvA+ILMLNvh+0oC+wJPMCkV7 0NYi5dJGoYHjVCiV4wRBxg6dNF3y2txT2lUcRH5EW1AR2drSEvNqXEaTkfEHomEl8qO5 /dLS4rQfRPG+E93JhARatGMvT8veSxzNBKp2TA/dZK7q98Nh42tGGekknnoum3j438Ww BAzXMFVkxuyCAATPjQOuw350MOFkcf+y2gfEulTFWenyt/xnHvvKK6vsVOz12HscRY3D rfkw== X-Gm-Message-State: AOAM530dsHKUDnFhYNiG/S3T3C9fLh+lZ5JT2mLkyzl99wN/UvwJBnLS 7yQPiwQKlDbeVgc/0dRQai4IvXThe8qEGmPoYDI= X-Google-Smtp-Source: ABdhPJxJc/esu/f9f8oa7uveOSlHX6BRCpEo6j08U+hdUUoY77oWZ60CRijtz7fRegZw6guiggW7GMAxc6iuNFhJwMI= X-Received: by 2002:a17:907:daa:b0:6e4:9b0d:3f1 with SMTP id go42-20020a1709070daa00b006e49b0d03f1mr83739ejc.37.1649893423810; Wed, 13 Apr 2022 16:43:43 -0700 (PDT) MIME-Version: 1.0 References: <87y217gjfa.fsf@Ginko.local.i-did-not-set--mail-host-address--so-tickle-me> <5f00452a6bed768c7df78fee59c045f08d1a8dce.camel@telenet.be> <2533f258c513aeb666823c6c3a48748f988a9ee6.camel@telenet.be> In-Reply-To: <2533f258c513aeb666823c6c3a48748f988a9ee6.camel@telenet.be> From: Frank Pursel Date: Wed, 13 Apr 2022 23:43:30 +0000 Message-ID: Subject: Re: [bug#32947] Add java-xalan. To: Maxime Devos Content-Type: multipart/alternative; boundary="000000000000718bcc05dc91bf0e" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 32947 Cc: 32947@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --000000000000718bcc05dc91bf0e Content-Type: text/plain; charset="UTF-8" Maxime, You wrote, WDIT? I think that IntStack.java has almost no economic value and so the comparison to a commercial package is not really appropriate. We could ask upstream (file a bug report) but the question is pretty awkward. We are not asking for a bug fix, or for clarification of a behaviour. We are questioning if they are meeting their own stated licensing criteria! Besides that such a ticket is very difficult to resolve. I would feel bad asking this of them because I imagine they are no better equipped to answer questions about JDK1.0 than we are. Worse, if we believe such impropriety is possible why would be believe what they tell us anyway? I think to ask for this to be investigated, at minimum, you would need to find the actual file from JDK1.0 that you feel was appropriated. I don't think we should be asking upstream to work on investigation of a suspicious licensing that cannot improve their software in any functional way. I appreciate your keen sensitivity to the code but I don't think this feedback to apache is helpful and is likely not even true. Sincerely, Frank Pursel On Tue, Apr 12, 2022 at 9:33 AM Maxime Devos wrote: > Frank Pursel schreef op ma 11-04-2022 om 16:36 [+0000]: > > I looked at the org.apache.xml/uitls/IntStack.java file you pointed > > out. I think the header license certainly prevails here for > > several reasons. First it is subpackage of the org.apache tree for > > which the source license is clearly stated. > > I can search for a leak of the source code of Windows, copy it to > another project, obfuscate its origin a bit by removing author > information, copyright information and the old license header and > add a ASL license header and rename it to fit inside the other project. > That doesn't make it actually ASL, it just makes it a copyright > violation. > > > Second, looking at the code (without being a java guru; the code is > > that simple) we can see that there is no dependency on any JDK. > > The statement '@since JDK1.0' appears to be true in the sense that > > any JDK can compile this since 1.0. We demonstrate that it builds > > with JDK8 whenever we run this package through guix build and so, I > > see no licensing concerns over the '@since JDK1.0' annotation. > > This is not what @since means, at least according to the Javadoc > documentation (maybe Apache Xalan assigns its own custom meaning). > According to > < > https://docs.oracle.com/javase/8/docs/technotes/tools/windows/javadoc.html > >:, > > This tag means that this change or feature has existed since the > software release specified by the since-text value, for example: > @since 1.5. > > For Java platform source code, the @since tag indicates the version > of the Java platform API specification [...] > > so IMO it looks like this code was once part of JDK 1.0. > > Maybe this is OK, maybe the license of JDK 1.0 allows this, maybe it > doesn't but Apache has gained some kind of permission from Sun, maybe > it's not legally OK, maybe it never was part of JDK 1.0. I think we'll > just have to ask upstream what's going on, WDYT? > > Greetings, > Maxime. > --000000000000718bcc05dc91bf0e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Maxime,

You wrote, WDIT? =C2=A0

I think that= IntStack.java has almost no economic value and so the
comparison to a c= ommercial package is not really appropriate.=C2=A0 We
could ask upstream= (file a bug report) but the question is pretty
awkward.=C2=A0 We are no= t asking for a bug fix, or for clarification of a
behaviour.=C2=A0 We ar= e questioning if they are meeting their own stated
licensing criteria!= =C2=A0 Besides that such a ticket is very difficult to
resolve.=C2=A0 I = would feel bad asking this of them because I imagine they
are no better = equipped to answer questions about JDK1.0 than we are.
Worse, if we beli= eve such impropriety is possible why would be believe
what they tell us = anyway?=C2=A0 I think to ask for this to be investigated,
at minimum, yo= u would need to find the actual file from JDK1.0 that
you feel was appro= priated. I don't think we should be asking upstream
to work on inves= tigation of a suspicious licensing that cannot improve
their software in= any functional way.

I appreciate your keen sensitivity to the code = but I don't think this
feedback to apache is helpful and is likely n= ot even true.

Sincerely,
Frank Pursel


On Tue, Apr 12, 2022= at 9:33 AM Maxime Devos <maxi= medevos@telenet.be> wrote:
Frank Pursel schreef op ma 11-04-2022 om 16:36 [+0000]: > I looked at the org.apache.xml/uitls/IntStack.java file you pointed > out.=C2=A0 I think the header license certainly prevails here for
> several reasons.=C2=A0 First it is subpackage of the org.apache tree f= or
> which the source license is clearly stated.

I can search for a leak of the source code of Windows, copy it to
another project, obfuscate its origin a bit by=C2=A0removing author
information, copyright information and the old license header and
add a ASL license header and rename it to fit inside the other project.
That doesn't make it actually ASL, it just makes it a copyright
violation.

> Second, looking at the code (without being a java guru; the code is > that simple) we can see that there is no dependency on any JDK.
> The statement '@since JDK1.0' appears to be true in the sense = that
> any JDK can compile this since 1.0.=C2=A0 We demonstrate that it build= s
> with JDK8 whenever we run this package through guix build and so, I > see no licensing concerns over the '@since JDK1.0' annotation.= =C2=A0

This is not what @since means, at least according to the Javadoc
documentation (maybe Apache Xalan assigns its own custom meaning).
According to
<https://docs.oracle.co= m/javase/8/docs/technotes/tools/windows/javadoc.html>:,

=C2=A0 This tag means that this change or feature has existed since the
=C2=A0 software release specified by the since-text value, for example:
=C2=A0 @since 1.5.

=C2=A0 For Java platform source code, the @since tag indicates the version = =C2=A0
=C2=A0 of the Java platform API specification [...]

so IMO it looks like this code was once part of JDK 1.0.

Maybe this is OK, maybe=C2=A0the license of JDK 1.0 allows this, maybe it doesn't but Apache has gained some kind of permission from Sun, maybe it's not legally OK, maybe it never was part of JDK 1.0.=C2=A0 I think = we'll
just have to ask upstream what's going on, WDYT?

Greetings,
Maxime.
--000000000000718bcc05dc91bf0e--