Purpose and Intended Audience

This page includes a concatenation of the reports and resolution proposals made by the VP of Legal Affairs to the ASF Board of Directors, and may be of interest to committers wishing to follow the progress and history of legal policy issues.

Overview

The following reports are included in this page. The complete board meeting minutes are also available.

March 18, 2009

5. Additional Officer Reports

    2. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 2

-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee

Active month, nothing requiring board attention beyond a passing mention of
staffing.  Summary:

internal:
  LGPL optional library for testing CouchDB (OK)
  DOM4J (BSD style license, accepted)
  JSR 173 license (replaced with an ALv2 equiv)
  Protocol Buffer License (verified as BSD) 
  Unicode data license (ICU: OK)
  MSV license (category X: due to FOU)
  License Headers question (dealing with BSD)
  Question as to when CCLAs are required (QPid)
  OASIS license of XSDs (not separately licensed?)
  OLIO fragment cache license (MIT)
  ICLA required for student under contract? (wouldn't hurt)
  Use of Prolog (the language) (OK)
  Abstract question on documentation (need specifics)

outside:
  Permission to reuse our CLA form itself (granted!)
  Question as to whether the ECCN "conveys" to commercial users (answer:
    exemption may not apply - consult a lawyer)
  General question as to whether ASF code can be sublicensed commercially
    (can and does)
  Hypothetical Discussion between Bruce Perens and Larry Rosen (over my head)

Referred elsewhere:
  Two separate potential violation of an ASF Trademark (to PRC)
  Advice for book authors (to PRC)
  IP-clearance question (to incubator)

February 18, 2009

    5. Additional Officer Reports

        B. Apache Legal Affairs Committee [Sam Ruby]

           See Attachment 2

           Sam confirmed that an open list was not a problem at this time,
           and noted that he is pleased with the sharing of the load; while
           Henri and Larry take on bigger shares than most (thanks!), nobody
           dominates and plenty of people contribute..

    -----------------------------------------
    Attachment 2: Status report for the Apache Legal Affairs Committee

    While traffic has picked up from last month, absolutely none of it should be
    of any concern to the board.  Brief summary:

    * General questions on public domain and fair use
    * A question about a previously approved license (zlib/libpng)
    * Two questions on IP clearance, one quick and one more involved, both
       forwarded to the incubator
    * A JSR spec contained obsolete licensing terms (Geir quickly dove in)
    * An inquiry on trademark considerations, including the project logo     
       and the ASF feather from committers on an ASF project working on a book.
    * An internal discussion on open letters.

    The list also attracts questions from users.  While it is not something
    that we are set up to do (or, in fact, a service we intend to provide), it has not
    proven to be a problem in practice.  Discussions of this nature from the past month:

    * Request for advice on a project desiring to use the Apache License and depend on code licensed under the GPL.
    * A webapp developer asked a question about the MySQL license
    * A developer of an application on sourceforge asked about how to structure
       his LICENSE file given that his project is based on an ASF project
    * A general question about defensive publication as a way to protect against patent trolls.
    * A general question on internal use of Apache projects

January 21, 2009

5. Additional Officer Reports

    2. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 2

-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee

Very quiet month, nothing requiring board attention.  Highlights:

Naming discussion on JSecurity.  Probably would not have given approval to
that name in the first place, but given that the name has been in use for
four years without an issue being raised, there isn't consensus on requiring
a change.  That being said the naming discussion was an inevitable bikeshed.

Discussion of whether a given W3C license was category 'B' or 'X'.  Given that
the code in question was dual licensed with BSD, the question was moot.

A discussion about a different W3C license and the policy of not allowing 
non-OSS code in SVN wandered off into nowhere as hypothetical discussions are
want to do.  There was a similar discussion about PDF CJK fonts, and it
appears that the direction there will be to dynamically download the data vs
polluting SVN.

A question about dealing with the US Government was handled by Larry off-list.

December 17, 2008

5. Additional Officer Reports

    2. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 2

       People are encouraged to follow up on the first issue on
       legal-discuss.

-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee

Most significant thread has the unfortunate subject line of 
"use of proprietary binaries".  I say unfortunate, as it is unduly
prejudicial.  The essence of the pragmatism behind "category B" is to
identify artifacts whose licenses, while different than our own, don't
affect the ability of us developing our code under our license.  As long
as the dependency is clearly marked and we are not distributing these
artifacts, we should be good.  Related questions such as whether such
artifacts can be checked into SVN, etc. should be examined in terms of
infrastructure burden and potential to increase confusion, and not excluded
as a blanket matter of policy.

The context for the above is optional external APIs and compliance test
suites.  While we would all love for these to be open, that's not a
requirement.  The line in the sand is whether or not usage of such affects
our ability to develop our code under our license.

By contrast, redistribution of PDF CJK fonts, for which the license clearly
states that the "contents of this file are not altered" was greeted warmly,
albeit with a separate discussion about patents.

Other threads:

Does working on Sun RI automatically "contaminate" developer, and preclude
them from working on ASF project?  Answer: not in general, though specific
PMCs may have specific rules in place depending on the nature of the project.

Lenya website redesign - ensuring that the contributions are under the
appropriate license.

Obtaining licenses for testing purposes - original question dealt with
WebSphere, but wondered off to TCKs.

Branding question ("AskApache") referred to PRC.

Continued discussion about Google Analytics.  No consensus that there is
a clear issue yet.

A naming question for JSecurity lead to the inevitable bikeshedding...

November 19, 2008

5. Additional Officer Reports

    2. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 2

-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee

It would be helpful to obtain a Notice of Allowance from Robyn in order to
pursue registering the SpamAssassin Trademark.

Sebastian Bazley updated the mailbox drop information on CCLAs to reflect our
Wells Fargo lockbox.

Discussed documenting privacy policies w.r.t. Google analytics and
interpreting "internal use" as our project mailing lists.  Parallel discussion
occurred on site-dev.

Advised Facelets to preserve NOTICEs and not to modify copyright claims
in files that they copy.

Jira item created for documenting the process for choosing names for ASF
projects.  Looks promising.

Once again, a discussion of making section 5 of the Apache License, Version
2.0 more explicit via mailing list messages surfaced.  Thankfully, it died
quickly.  My feeling is that what we have works for us for now, and shouldn't
be changed unless there is a specific issue.

A company offered Lucene access to archived blog data.  There was a discussion
concerning us hosting a copy of this, but this made some people uncomfortable
w.r.t. potential copyright violations.

Discussed w3c's copyright-documents-19990405.html.  Overall doesn't look
open source friendly, but we may be open to further discussion of checkin
of unmodified sources with appropriate documentation.

Reviewed Oracle's proposed revised JSR301 draft license

October 15, 2008

5. Additional Officer Reports

    2. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 2

-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee

4 JIRA requests opened, 3 closed; all related to how to deal with "one off"
licenses.

Continuing discussions on Google Analytics and legal options related to the
JCK impasse.

Otherwise, a pretty quiet month.

September 17, 2008

5. Additional Officer Reports

    2. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 2

-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee

Things continue to run smoothly.  I'm pleased with the number of active
participants.

An abstract question was asked about an ability to commit to a project
given
exposure to prior ideas from a previous employer.  In general, such a
situation causes us no major concerns, though the situation may vary based
on
the specific projects and specific employers in question.

PDFBox was originally BSD licensed and obtained software grants from all of
the primary authors.  A question was asked regarding small contributions from
people who they are no longer able contact.  Given the size of the
contributions in question, the original license, and the fact that reasonable
efforts were made to locate such people, it was determined that this was not a
concern.

A FAQ was added that older versions of Apache software licensed under Apache
Software License 1.0 are still licensed as such.

Creative Commons Share-Alike Attribution version 3.0 license has been
approved, provided the materials in question are unmodified.  Previously, only
the 2.5 version had been approved.

A JIRA was opened on documenting release voting procedures.  No owner.

Larry helped resolve an issue where a company wished to rewrite our CCLA.
Our policy is that we don't accept modified ICLAs or CCLAs.

SyntaxHighlighter (LGPL) was approved for use on people.apache.org pages.

Nobody seems to know the licensing status of BEA's StAX implementation, so
most projects are simply routing around it.

Larry has volunteered to register SpamAssassin trademarks.  Given that the PRC
and the SA PMCs are OK with this, if the board approves the expenditure, I'll
tell him to proceed.

David Crossley has produced a first draft of a project naming document.  He's
been on the list for over a year, and starting in July of this year has picked
up his participation.

Routine copyright/notice questions from Felix, CouchDB, JAMES and the Incubator.

RSA's implementation of MD4/MD5 says one thing in their licensing headers and
a quite different thing on their IETF IPR statement.  I think we are covered,
but we still need to settle how to document this properly.

Bluesky inquired about moving away from some (unspecified) C++ Standard
library implementation to STLPORT, presumably for licensing reasons.
Everything I have heard to date indicates that we would be comfortable with
either implementation.

Google Analytics continues to be explored.  Justin expressed an opinion that,
while a bit stronger than I recall the board expressing, is one that I'm quite
pleased and comfortable with: namely that we start from a presumption of data
of this type being open to all, and work backwards from there -- making closed
only what we must.

A discussion has just started on the legal implications of contests involving
prizes.  If the prizes themselves are donated, and are substantial, we may
have to consider such as targeted donations.

August 20, 2008

5. Additional Officer Reports

    3. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 3

       Jim asked if the board should request a status update
       regarding the 3rd party license policy. Sam indicated that
       this was not necessary based on the areas of consensus already
       are published on the web site, and the items being worked
       appear in JIRA. No action was taken.

-----------------------------------------
Attachment 3: Status report for the Apache Legal Affairs Committee

While comments were made on a half-dozen or so JIRA issues, none were either
created or closed this month.  I believe that this process is working
smoothly, and does not warrant board attention.

Notable discussions that occurred during this month:

As reported elsewhere, Microsoft clarified their position on their Open
Specification Promise.  As near as I can tell, everybody feels that this
completely resolves the issues surrounding the upcoming OOXML support by POI.

The division of labor between the PRC, the incubator, and the Legal Affairs
Committee continues to confuse people.  My understanding is that the PRC is
responsible for enforcing our claim to names, the incubator is responsible for
IP clearance (including names), and the Legal Affairs Committee helps respond
to claims made against the ASF.

A GPL license question surfaced -- this started out with Xapian which is
licensed under GPL v2 and confusion over what the FSF claims of
"compatibility" with the Apache License means. Eventually this discussion
wandered off into the territory of hypotheticals.  GPL v2 remains on the ASF's
restricted list (a.k.a. Category "X").

By contrast, syntax highlighter (licensed under the LGPL) was approved for the
limited purposes of non-essential enhancement of online documentation.

There was a brief discussion on "blanket" grants and "commit by proxy".  This
was resolved by citing the relevant sections of the ICLA which has explicit
provisions for the enablement of submitting code on behalf of a third
party.

There was a brief discussion as to whether an ICLA sufficient when a person
may have been exposed to ideas and alternate implementations from a previous
employer.  Our position is yes.  Individual PMCs are welcome to set a higher
bar for themselves.

A permathread re-erupted: when are Apache License Headers needed?  The general
guidance is that they should be added whenever practical, but only where
practical.

There is an ongoing discussion about notice requirements when code is reused
from other projects.

July 16, 2008

5. Additional Officer Reports

    2. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 2

       A brief discussion was had concerning ASF committers and members
       participating as Expert Witnesses.  This is a decision that only
       the individual in question can make for themselves, but if there
       is any concern that there might involve an ASF vulnerability,
       then the individual is requested to include the ASF's legal VP
       and counsel in the discussion.

-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee

Resolved issues:

* Documentation about the Legal Affairs Committee has been added to
  the web site (primary source: board resolutions)

* Cobertura reports can be included in Apache distributions

* Yahoo! DomainKeys Patent License Agreement v1.2 does not
  raise any concerns.

Significant Discussions:

* Permathread about policy issue about shipping LGPL jars reoccurred.
  again this month.

* We are Revisiting whether or not there should be a JIRA checkbox
concerning
  whether or not there should be a "Grant license to the ASF" checkbox
  and what the default should be.

Other:

* Received another inquiry from the owners of the Abator trademark.

June 25, 2008

5. Additional Officer Reports

    2. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 2

-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee

Another month with little controversy.

At this point /legal/resolved.html contains the bulk of the content
from the draft 3party text upon which there is wide consensus.  This includes
the discussion of category 'A', 'B', and 'X' licenses.  Henri has a real
talent for proposing text upon which people can find common ground.

The wiki that was previously set up at my request is not seeing much use.
Relevant documents that were previously there (as well as on
people.apache.org home directories) have been migrated to the website
proper.

A JIRA area has been established for tracking legal issues, and this has
resulted in a lot of activity and issues moving to closure.

Two major areas of future focus:

Nearer term is a sincere desire in a number of areas to be more proactive
about obtaining suitable licenses for potential patents.  This has caused
problems as patent licensing issues are not as clear cut as copyright or
trademark issues.  I'm comfortable having the Legal Affairs Committee making
the call that, for example, WSRP4J and POI pose acceptable risks for the
foundation, and downstream help PMCs mitigate those risks should these
assessments prove to be unfounded.

Longer term, clarifying and documenting the various notice requirements
(NOTICE, LICENSE, README) needs attention.

May 21, 2008

5. Additional Officer Reports

    B. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 2

-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee

A fairly quiet month.

The iBATOR trademark infringement issue seems to have been resolved
satisfactorily.

Glassfish has now corrected the license issue with prior versions of
their product (as of the last board report, they had only addressed
the latest version).

Andy Oliver is continuing to work quietly with myself and ASF council
to see if we can identify and resolve his concerns with the Microsoft
funding of Sourcesense to implement OOXML.

WSRP4J appears to be in a roughly analogous place.  There are no known
actively enforced patents by either IBM or WebCollege that apply to
this code, but a desire to preemptively and proactively get a
license agreement.

As indicated in the incubator report, nobody on the Legal Affairs
Committee has expressed any concern with the changes proposed by Roy
for the procedures for IP Clearance.

Questions on compatibility with various licenses continue to pop up
from time to time.

No questions on third party licensing issues arose during the past
month.

April 16, 2008

5. Additional Officer Reports

    B. Apache Legal Affairs Committee [Sam Ruby]

       See Attachment 2

7. Special Orders

    A. Update Legal Affairs Committee Membership

       WHEREAS, the Legal Affairs Committee of The Apache Software
       Foundation (ASF) expects to better serve its purpose through the
       periodic update of its membership; and

       WHEREAS, the Legal Affairs Committee is an Executive Committee
       whose membership must be approved by Board resolution.

       NOW, THEREFORE, BE IT RESOLVED, that the following ASF member be
       added as a Legal Affairs Committee member:

          Craig Russell <craig.russell@sun.com>

       Special order 7A, Update Legal Affairs Committee Membership,
       was approved by Unanimous Vote of the directors present.

-----------------------------------------
Attachment 2: Status report for the Apache Legal Affairs Committee

Sun has restored Apache License headers to the Jasper code with
Glassfish V3.  Craig Russell was instrumental in making this happen.
I feel this issue is now closed.

In related news, the Legal Affairs Commitee voted to add Craig to the
committee, and it appears as resolution 7A on today's agenda.  From time
to time, I see a number of smaller items that come up on the legal
mailing lists go unaddressed.  I intend to continue to pursue expanding
the Legal Affairs Committee membership.

We received more information on the trademark concern, and this has
resulted in Apache iBATIS beginning the process of renaming Apache
iBATIS Abator to Apache iBATIS iBATOR.

The Legal Affairs committee participated in a number of JCP and Harmony
related discussions.  This is already adequately covered by the report
from the VP of JCP.

The third party licensing policy continues to remain a draft and despite
not being made into a policy, is still useful as a set of guidelines and
hasn't prevented us from making meaningful progress on actual requests
from podlings and PMCs, such as the request as to how Buildr is to treat
dependencies covered under the Ruby license.

There has been discussion regarding WSRP with respect to patents.
While it isn't clear that there is a patent that reads on WSRP, but a
member of the portals PMC sent a request inquiring as to how certain
patents would be licensed by IBM and Web Collage.  Upon review, the
consensus seems to be that the agreement presented to us by Web Collage
is not sufficient for our needs.

POI has a situation where a committer has stated his intent to
revert commits which were made several months ago based on a feeling
that there may be patents which read on the code in question.

Portions of the legal site are in flux, and meta discussion as to when
and who can update the site occur from time to time.  This is normal
and healthy.

March 19, 2008

5. Additional Officer Reports

    A. VP of Legal Affairs [Sam Ruby]

       See Attachment 1

-----------------------------------------
Attachment 1: Report from the VP of Legal Affairs

The third party draft has been a significant distraction.  This document
serves a quite useful purpose -- as a guide.  Shortly after this month's
board meeting, I plan to publish a short document describing how it
is useful as a guide and identifying a few places where hard distinctions
it attempts to make are overreaching and will not (yet) be enforced.

Meanwhile, focus will return to concrete, tangible, and near-term
decisions.  The first two of which which will be resolved this week
deal with code licensed for use "in the creation of products supporting
the Unicode Standard" and an optional LGPL "deployer" distributed in
source form.

Other activities:
* WSRP4J is looking into potential patent claims
* Ongoing crypto notice work
* Discussion on maintenance of the year on copyright notices
* Question as to whether we would allow projects to dual license (answer:
no)
* Discussion of various open specification pledges, particularly
Microsoft's
* OSGI bundle requirements will require ServiceMix to create, maintain, and
   distribute a small amount of CDDL licensed descriptions.
* Continuing confusion over the split between the NOTICE and LICENSE files,
   this needs to be dealt with by the Legal Affairs Committee
* Fielded a question from a non-profit that wanted to base their license
   off of ours.
* A growing list of open legal questions, mostly related to third party
   licensing.
* Glassfish still hasn't restored the Apache License headers to Jasper
   files, despite some encouraging words that they were going to.  Yet
   another letter was sent to Simon Phipps and the legal contact at Sun
   he provided me with.

February 20, 2008

5. Additional Officer Reports

    A. VP of Legal Affairs [Sam Ruby]

       See Attachment 1

       Approved by General Consent.

7. Special Orders

    E. Update Legal Affairs Committee Membership

       WHEREAS, the Legal Affairs Committee of The Apache Software
       Foundation (ASF) expects to better serve its purpose through the
       periodic update of its membership; and

       WHEREAS, the Legal Affairs Committee is an Executive Committee
       whose membership must be approved by Board resolution.

       NOW, THEREFORE, BE IT RESOLVED, that the following ASF member be
       added as a Legal Affairs Committee member:

          Henri Yandell <bayard@apache.org>

       Special order 7D, Update Legal Affairs Committee Membership,
       was approved by Unanimous Vote.

-----------------------------------------
Attachment 1: Report from the VP of Legal Affairs

Last month, I mentioned a potential trademark infringment issue that was
brought to our attention.  I contacted the individual requesting more
information, and have not heard back.  Until I hear more, I have no
plans of pursing this further.

Sun continues to ignore our request that the licence headers be restored
on the portions of Glassfish.  I have sent a third request (the first
was in September) that Sun follow the FSF's recommendations on this matter.
If Sun continues to drag their feed on this matter, it is time to explore
other options to get Sun to comply.

While this work has been ongoing for some time, this month there has
been a marked uptick in the export classification activities and general
awareness of these ECCN related issues.

Most of the efforts of this month were on trying to refine the ASF's
Third Party Licensing policy, primarily by attempting to create an
informal poll.  I seeded this with three hypothetical positions, and
mostly people were divided into two camps.  One camp didn't see much
of a dividing line between the first two positions, but clearly saw
position three as distinct and reacted negatively towards it.  The
other saw little difference between positions two and three, but reacted
equally negatively to position 1 as the first camp did to position 3.

A bare minimum that I believe that we can achieve ready consensus on is
a policy that all sofware developed at the ASF from here on is to be licensed
under the Apache License, Version 2.0, and that we will take no actions
that limit our ability to distribute our software under this license.
Roy has indicated that this may not have been the policy in the distant
past, but as near as I can tell, it has been the way that we have been
operating for quite some time now, hence the conclusion that this should
be able to readily gain consensus.

One world view is that that bare minimum is not enough.  One can argue
that it makes little sense if our software is licensed under a pragmatic
license if that sofware is entangled with dependencies that effectively
eliminate all the pragmatic aspects of our license.

The other world view is that our software is, well, soft; i.e., maleable.
Our licensees are welcome to modify, combine, and optionally contribute
back to our code bases.  Furthermore, no matter how hard we try, our
licensees are operate under a variety of different constraints or have a
differing interpretations of license compatibility.

Choosing between these two world views is difficult; but given that the
former can only be executed if there are ample exceptions for "system" or
"soft" dependencies -- concepts that are both undefinable and all too open
to gaming -- clearly the latter is easiest to understand and administer.
Or there is a belief that a "spec" from an industry consortia and with
no independent implementations somehow makes copyright and patent issues
less relevant.  In any case, add to all this the evident divide, and the
first world view becomes not only harder to understand and administer,
it becomes absolutely unworkable.  Simply put, an excemption for "system"
dependencies that is based on a "I'll know it when I see it" policy doesn't
work if a substantial portion of the people who may be drawn upon to express
an opinion on the subject simply don't believe that any such distinction is
either necessary or even makes sense as a policy.

Therefore it appears that the only workable policy is one where we continue
to require PMCs to compile a comprehensive set of LICENSEs to accompany each
of our releases so that our licensees can make an informed decision.  That,
and perhaps to we can increase our efforts to educate PMCs as to the effects
such dependencies have on community size.

While this approach is workable, it is one that may be difficult to reverse.
Hence, a slow and cautious approach is warranted.  Should there be any
as of yet unexpressed feedback, now would be a good time to provide it.

I have reviewed the minutes for the meetings of 2005/06/22 and 2007/03/28
establishing the VP of Legal Affairs and the Legal Affairs Committee
respectively, and believe that no board resolution and/or explicit approval
is required for the Legal Affairs Committee to proceed on this matter.

January 16, 2008

5. Additional Officer Reports

    A. VP of Legal Affairs [Sam Ruby]

       See Attachment 1

       Request was made that legal/status be updated.

       Approved by General Consent.

-----------------------------------------
Attachment 1: Report from the VP of Legal Affairs

The requested FAQ additions have been completed and posted.  These
additions did attract quite a few comments of support, and everybody had
more than ample time to comment.  I've seen no negative fallout as of yet
of these additions.  I mention this because these additions were initially
controversial, but my impression is that over time some of the participants
simply got less vocal rather than converted.

Jason Schultz has left his staff attorney position at the EFF.  Fred von
Lohmann of the EFF has agreed to support us in his place.

We have been informed of a potential tradmark infringment issue.  I shoud
have more details by the next meeting.

There is a backlog of items that need to be addressed, preferably in
parallel rather than serially.  Rather than waste report time on what
I perceive to be the biggest item, namely competing the Third Party
Licensing policy, time permitting, I've added a discussion item in the
hopes that we can come to a quick consensus on the approach.  If quick
consensus isn't achievable here, then the hope is that this will serve
as a heads up so that the interested parties can participate in the
discussion on legal-discuss.

Other items in the backlog:
  Third Party Licensing:
    Minor update to to add OSOA as category A
    Additional updates to cover notices of optional dependencies (log4cxx,
    apr)
    Need a policy on whether depencencies on Ruby Gems are permissable
    (Buildr)
  WSRP4J licensing issues (Portals)
  Fork FAQ

November 14, 2007

5. Additional Officer Reports

    A. VP of Legal Affairs [Sam Ruby]

       No written report submitted.

       Brief discussion on the possibility of doing a BOF at ApacheCon.

October 17, 2007

5. Additional Officer Reports

    A. VP of Legal Affairs [Sam Ruby]

       See Attachment 1

       Approved by General Consent.

-----------------------------------------
Attachment 1: Report from the VP of Legal Affairs

After an extended quiet period, I thought I would collect up a
few updates to the website, but that re-awoke the discussion.
What's cool is that this time around, there actually are more
people than Doug actually proposing actual wording.  I'm
convinced that we are continuing to make forward progress.

Backlog of items include following up with Sun on following the
licensing terms for Jasper, and a "fork FAQ".

September 19, 2007

5. Additional Officer Reports

    A. VP of Legal Affairs [Sam Ruby]

       Brief discussion concerning the possible need to change the bylaws.
       We decided not to pursue such a change.

       Approved by General Consent.

-----------------------------------------
Attachment 1: Report from the VP of Legal Affairs

Relatively quiet (and short) month.

I believe that we are making progress on the Y! proposed additions to the
FAQ, and should be able to close shortly.  Short summary of the key issue:
while the ASF as a whole does not confer any official status to
"subprojects", this proposed FAQ would officially recognize that a PMC
may, in fact, produce a number of independent "products".

Simon Phipps forwarded to me a writeup by the FSF on how to retain 
appropriate copyright headers on works derived from non-GPL codebases
and incorporated into GPL codebases.  I posted this link on
legal-internal, and it didn't provoke any objections, so I asked
Simon to follow these instructions on the Jasper/Glassfish code.  I
will follow up to ensure that this is done.

August 29, 2007

5. Additional Officer Reports

    A. VP of Legal Affairs [Sam Ruby]

       See Attachment 1

       Approved by General Consent.

-----------------------------------------
Attachment 1: Report from the VP of Legal Affairs

* Continuing to work on Yahoo! patent scope FAQ.
* Updated web page concerning Apache License and GPL compatibility
* Updated 3rd party policy, resolving Geronimo and MyFaces issue
* Participated in two call with ASF council regarding JCK/FOU issue
* Continuing to work with Sun over ASF license code issues in Glassfish

My goal continues to be to delegate more of this.  If necessary,
I will recruit more people onto the legal committee in order to 
make this happen.

July 18, 2007

5. Additional Officer Reports

    A. VP of Legal Affairs [Cliff Schmidt / Henning]

       See Attachment 1

       Approved by General Consent.

7. Special Orders

    E. Update Legal Affairs Committee Membership

       WHEREAS, the Legal Affairs Committee of The Apache Software
       Foundation (ASF) expects to better serve its purpose through the
       periodic update of its membership; and

       WHEREAS, the Legal Affairs Committee is an Executive Committee
       whose membership must be approved by Board resolution.

       NOW, THEREFORE, BE IT RESOLVED, that the following ASF member be
       added as a Legal Affairs Committee members:
          Sam Ruby <rubys@apache.org>

       Special order 7E, Update Legal Affairs Committee Membership, was
       approved by Unanimous Vote.

    F. Change the Apache Vice President of Legal Affairs

       WHEREAS, the Board of Directors heretofore appointed 
       Cliff Schmidt to the office of Vice President, Legal Affairs, 
       and

       WHEREAS, the Board of Directors is in receipt of the resignation
       of Cliff Schmidt from the office of Vice President, Legal 
       Affairs, and

       WHEREAS, the Legal Affairs Committee has recommended Sam Ruby as
       the successor to the post;

       NOW, THEREFORE, BE IT RESOLVED, that Cliff Schmidt is relieved 
       and discharged from the duties and responsibilities of the office
       of Vice President, Legal Affairs, and

       BE IT FURTHER RESOLVED, that Sam Ruby be and hereby is appointed 
       to the office of Vice President, Legal Affairs, to serve in
       accordance with and subject to the direction of the Board of
       Directors and the Bylaws of the Foundation until death, 
       resignation, retirement, removal or disqualification, or until a
       successor is appointed.

       Special order 7F, Change the Apache Vice President of Legal Affairs,
       was
       approved by Unanimous Vote.

-----------------------------------------
Attachment 1: Report from the VP of Legal Affairs

As mentioned in last month's report, I wish to resign as VP of Legal
Affairs.  The Legal Affairs Committee has discussed possible 
replacements over the last month and have reached consensus on Sam
Ruby, who is not currently on the committee.  Therefore, I have 
prepared two resolutions for the board to vote on: one to add Sam to
the committee (being a board/executive committee) and one to have him
replace me as VP.

There are no other issues requring board attention this month.

June 20, 2007

5. Additional Officer Reports

    A. VP of Legal Affairs [Cliff Schmidt / Greg]

       See Attachment 1

       Approved by General Consent.

-----------------------------------------
Attachment 1: Report from the VP of Legal Affairs

On May 31st, the FSF released its "last call draft" of the 
GPLv3.  In this draft and its associated press releases, the
FSF prominently states that there is no longer a concern 
about the Apache License being "incompatible" with the GPLv3.
The compatibility issue is describing whether they see a 
problem with an Apache-Licensed component being included 
within a larger GPLv3-licensed work.  This is what they no 
longer see a problem with.  Of course, there would still be 
much concern and debate about the licensing restrictions of a
larger Apache-Licensed work that included a GPLv3-licensed
component.

The only other issue to report is that the legal affairs 
committee has been up and running for well over a month.  In
fact, I coordinated approval of the FSF's proposed GPLv3 
wording with the committee (although sadly didn't plan far
enough advance to coordinate this report).  I will soon be
asking the committee for nominations and an election of a 
new VP of Legal Affairs, with a proposed resolution before
the Board by next month's meeting.

April 25, 2007

5. Other Reports

    A. VP of Legal Affairs [Cliff]

       See Attachment 1

       Cliff indicated that, assuming the current "incompatibility"
       between GPLv3 and AL 2.0 is resolved, he does not foresee any
       further potential conflicts.

       Approved by General Consent.

-----------------------------------------
Attachment 1: Report from the VP of Legal Affairs

As I mentioned in my post to the board@ list shortly after last Board
meeting, the FSF's third discussion draft of GPLv3 included a note
that GPLv3 would not be compatible with the Apache License due to the
indemnification provision.  Both Larry Rosen and I have been in touch
with the FSF and SFLC and expect this statement of incompatibility 
will soon be reversed without any change in the Apache License.

The Board approved my resolution to establish a Legal Affairs 
Committee at last month's meeting.  However, I have been lame in 
getting things started due to a shortage of available time in the last
few weeks.  I'll start getting the ball rolling this week.

March 28, 2007

5. Additional Officer Reports

    A. VP of Legal Affairs [Cliff]

       I have proposed a new Legal Affairs Committee to 
       distribute the current legal affairs workload to a 
       coordinated group ASF members, to assign responsibility 
       for legal policy deliberation and decision making to the
       same group under the supervision of the board, and to 
       provide a structured means of participation and 
       familiarization for those interested in taking over the 
       Legal VP job one day.  The resolution is on the agenda.
       It is currently written as an Executive committee, but 
       we can discuss if that is best.

       I've worked with Geir on issues related to the JCK 
       licensing problems, but I will let him report on that.

8. Special Orders

    C. Establish the Legal Affairs Committee

       WHEREAS, the Board of Directors deems it to be in the best
       interests of the Foundation and consistent with the
       Foundation's purpose to create an Executive Committee charged 
       with establishing and managing legal policies based on the 
       advice of legal counsel and the interests of the Foundation; 
       and

       WHEREAS, the Board of Directors believes the existing office of 
       Vice President of Legal Affairs will remain a valuable role 
       within the Foundation and would benefit from the creation of such
       a committee.  

       NOW, THEREFORE, BE IT RESOLVED, that an ASF Executive Committee, 
       to be known as the "Legal Affairs Committee", be and hereby is 
       established pursuant to the Bylaws of the Foundation; and be it 
       further

       RESOLVED, that the Legal Affairs Committee be and hereby is
       responsible for establishing and managing legal policies based 
       on the advice of legal counsel and the interests of the 
       Foundation; and be it further

       RESOLVED, that the responsibilities of the Vice President of 
       Legal Affairs shall henceforth include management of the Legal 
       Affairs Committee as its chair; and be it further

       RESOLVED, that the persons listed immediately below be and
       hereby are appointed to serve as the initial members of the
       Legal Affairs Committee:

         Cliff Schmidt
         Davanum Srinivas
         Garrett Rooney
         Geir Magnusson
         Jim Jagielski
         Justin Erenkrantz
         Noel Bergman
         Robert Burrell Donkin
         Roy Fielding
         William Rowe

       Special Order 6C, Establish the Legal Affairs Committee,
       was approved by Unanimous Vote.

February 21, 2007

5. Additional Officer Reports

    A. VP of Legal Affairs [Cliff]

       The CLA FAQ proposed at last month's meeting was reviewed
       by our counsel.  Small changes were made and an additional
       Q&A was added to clarify the future patent claims issue.
       The FAQs have been posted to legal-discuss where there is
       some discussion to make a very minor clarification.  In short,
       I believe this issue is pretty much resolved.

       A pretty bad trademark violation was reported, which I forwarded
       to the PRC and assisted them in an initial draft (with a review
       through counsel).

January 17, 2007

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

       The only issue to report this month is the patent license FAQ.
       Following the plan I suggested in October, I've taken the FAQ
       proposed by Doug and agreed to by Roy (which addresses the 
       concern for consistency with Roy's public statements on the topic
       while he served as ASF Chairman) and asked our counsel to review
       and advise.  Barring any legal concerns from counsel, I recommend
       posting this FAQ.  Incidentally, the question part of the FAQ is
       nearly identical to the one proposed in our September meeting;
       however, the answer no longer has the problem raised by some
       directors (that it was attempting to answer more than the  
       question).

December 20, 2006

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

        CLA UPDATE: I sent an update to legal-discuss last week to
            let everyone know that the plan is to publish a document
            that describes the original intention behind some of the
            ambiguities in the CLA and then to discuss the idea of
            a new version.  Roy has agreed to write the "original
            intention" doc based on what statements he had made about
            the CLA's interpretation while he was ASF chair.

        GPLv3 COMPATIBILITY: The SFLC contacted me about the latest
            proposed changes to the patent licensing in the next
            draft of GPLv3.  I am reviewing now to ensure these
            changes would still allow Apache-Licensed works to be
            included in GPLv3-licensed works.

        STANDARDS LICENSING: I reviewed the BPEL specification patent
            licenses for Apache ODE.  The licenses would not be
            acceptable by the ASF; however, there do not currently
            appear to be any patents to license.  So, I see no problem
            with ODE implementing the BPEL spec.  Another spec reviewed
            was the Yahoo-submitted IETF RFC on DomainKeys.  Noel
            submitted this to legal-internal by Noel for review during
            ApacheCon US.  I reviewed and commented on it there; while
            not ideal, it appears reasonable and should not hold back
            our development.  My analyses for both BPEL and DomainKeys
            was approved by our legal counsel on legal-internal. 

November 15, 2006

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

       Cliff reported that work is continuing on the "crypto export"
       clarifications for use within the ASF. Also being worked on
       is the standards licensing. Cliff noted that SenderID is
       covered under the Open Specification promise, and therefore
       removes any restrictions on use.

October 25, 2006

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

       Cliff reported that during ApacheCon, the CCLA issue was further
       discussed with many people, especially Roy and Doug Cutting. Both
       Roy and Doug were happy with the approach taken and Roy committed
       to "writing up" what his intents were with the CCLA, so that
       misinterpretation of the letter and spirit of the CCLA no longer
       exists.

       Cliff indicated his desire to create a sort of Legal Committee,
       similar to the PRC or Security Team, to allow for a wider
       range of volunteers to help with the various legal issues and
       questions still being worked on. His hope is also that this
       will provide an opportunity for him to resign from the VP of
       Legal Affairs position after a period of time.

       Cliff reported that a number of Universities and Colleges have
       contacted him regarding their own efforts in creating suitable
       licenses for their open source educational software. Cliff
       suggested that the ASF possible provide feedback and insights
       regarding our experiences with the AL as well as the iCLA and
       CCLAs.

September 20, 2006

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

        CRYPTO EXPORT DOCS: This work has been complete for over a 
            month and projects are now starting to use the docs/process.
            At this stage it still requires me to work closely with the
            project to ensure they understand the docs, but the system 
            is working.  This will scale better as the docs are improved
            through experience.   

        STANDARDS LICENSING: The standards patent covenant that I have
            mentioned giving feedback on over the last couple reports
            was made public about one week ago: the Microsoft "Open
            Specification Promise".  While it is not perfect, I 
            believe it should not block PMCs wishing to implement 
            covered specifications.

        USPTO/OSDL's OSAPA: The Open Source As Prior Art initiative 
            met in Portland, OR, last week for two days.  I was able
            to join the group for the second day to learn a little 
            about what is being planned.  Will follow-up with email
            to board@.

        THIRD-PARTY LICENSING POLICY: Haven't gotten to this yet, but
            hoping to make minor revisions and make enforcement 
            approach clear in doc (as described in previous reports)
            and then call it final, and ideally have it included in
            same email to committers as alerts on src header and 
            crypto docs.  (No change since last month) 

        OSS PROJECT CODE MOVED TO ASF: When an incubating project's
            initial code base is submitted to the ASF, our CLA 
            requires that "work that is not Your original creation"
            must be submitted "separately from any Contribution,
            identifying the complete details of its source and...
            conspicuously marking the work as "Submitted on behalf of
            a third-party: [named here]".  This presents a problem
            when the code base is an existing OSS project with 
            intermingled IP from various sources.  One solution I've
            seen in the past is for the multiple authors to jointly
            sign the same grant; however, due to a few problems with
            this approach, I've worked with one set of initial 
            contributors to create a script that uses svn blame/log 
            and a mapping file (svn id or a rev # --> legal owner) to
            output an exhaustive set of annotations to satisfy this
            requirement.     

        PATENT LICENSING IN CCLAS: I am late on getting this report
            done.  I'm still having discussions with our lawyers and
            other members of the open source community on a daily /
            weekly basis.  The goals of the report are to detail the
            ambiguities in the patent language of the current CCLA 
            and to suggest that the board consider options, such as 
            specific clarifications, revisions, and supplementary 
            processes.  These can be discussed at today's meeting if
            the board wishes; in addition, Doug Cutting would like the
            board to consider an FAQ to address some aspect of the
            CCLA's ambiguity.

        Cliff also reported that he will commit to having the
        3rd Party issues complete by ApacheCon Austin.

August 16, 2006

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

        LICENSING HEADER: About to move the deadline back to Nov 1st
            due to my slowness in getting out an email to committers@
            pointing to new policy.  However, many projects are 
            already switching over from pointers on legal-discuss. 

        CRYPTO EXPORT DOCS: Lots of work with APR and especially 
            James on fine-tuning the format for the email reports and
            web page.  Have updated the docs to reflect this.  Pretty
            much done now -- just need to include this on the 
            committers@ email (see above re: license header).

        THIRD-PARTY LICENSING POLICY: Haven't gotten to this yet, but
            hoping to make minor revisions and make enforcement 
            approach clear in doc (as described in previous reports)
            and then call it final, and ideally have it included in
            same email to committers as alerts on src header and 
            crypto docs.  (No change since last month) 

        PATENT LICENSING IN CCLAS: I've continued to do some 
            research and have some discussions with various companies
            and other open source organizations on this topic. I 
            still hope to have a report comparing the options by the 
            end of this month. 

        STANDARDS LICENSING: A large software company will be soon
            be releasing a new patent license (actually a promise
            not to sue), under which several specifications will be
            covered.  Much of our feedback has been incorporated 
            into the latest draft.  I expect we will be satisfied 
            with the final result (TBA this month).

July 19, 2006

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

        LEGAL HOME PAGE: Have created new legal home page with links
            to docs relevant for users and committers. Also posting
            and linking to these legal reports for interested 
            committers to track progress.  Please let me know if 
            there are any concerns about this. Will publicize the
            legal home page and its links on Friday in email to 
            committers@. 

        LICENSING HEADER: The final version is now posted, linked
            from the new legal web page: apache.org/legal.  Email to
            committers will go out on Friday. 

        CRYPTO EXPORT DOCS: A nearly final version of this is posted
            including a lengthy FAQ from various dev-list 
            discussions.  Last step is to work with dreid on project-
            specific RDF files that build final required web page.
            Hoping to have this also done and in email to committers
            on Friday.

        THIRD-PARTY LICENSING POLICY: Haven't gotten to this yet, but
            hoping to make minor revisions and make enforcement 
            approach clear in doc (as described in previous reports)
            and then call it final, and ideally have it included in
            same email to committers as alerts on src header and 
            crypto docs. 

        PATENT LICENSING IN CCLAS: I've tried to keep the board 
            aware enough of this discussion over the last 2-3 months
            to jump in as any director sees fit; however, recent
            discussions on board@ lead me to believe that I should
            request this to become an item of new business, rather
            than wait for another director to inquire more about it.
            I suggest a brief conversation on the topic today, 
            followed by a more detailed presentation of the concerns
            of each side of the issue at some point in the near 
            future.

        SFLC LETTER ON ODF: After clarifying with SFLC that we did
            not want their letter to represent an "Apache position"
            on ODF nor did we want our name used in any PR on the
            subject, I agreed to the text of their letter.  Since 
            publishing the letter several weeks ago, they appear to
            have honored my requests completely.

        STANDARDS LICENSING: I continue to have conversations with
            vendors on how they can improve the licensing of their
            essential patent claims for specifications that Apache
            would consider implementing.  I'm actually seeing some
            progress/willingness to revise from vendors.

June 27, 2006

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

         LICENSING HEADER: I sent a summary of the resolution passed
            at last month's meeting to the legal-discuss list and
            am compiling a short FAQ based on questions from that
            thread.  The summary and FAQ will be linked from a new
            apache.org/legal/ home page by the end of the week, and
            send a notification of the posting to committers@. I 
            originally stated that the new header would need to be
            implemented on releases on or after August 1, 2006,
            but will push that date back one month, since I was slow
            to get this out to all committers. 

        PATENT LICENSING IN CCLAS: There continues to be some degree
            of controversy over my statement on how the CCLA patent
            license should be interpreted.  I continue to state 
            that the patents are licensed for both the contribution
            and combinations of the contribution with the continuing
            evolution of the project.  In other words, the ASF is
            not interested in contributions with strings attached
            (strings = restrictions on what it can be combined with).

        SFLC LETTER ON ODF: The SFLC has asked us to review a draft 
            statement on the legal encumbrances of the OASIS ODF
            specification.  If we agree with the draft, they would 
            like to issue a statement that they are representing the
            positions on two of their clients, the ASF and FSF.

May 24, 2006

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

       LICENSING HEADER: I have submitted a resolution for the
            Board's consideration to set a new policy for source
            code headers.  In brief, the headers will no longer 
            include any copyright notice, only a licensing notice
            and a mention of the NOTICE file for copyright info.
            The NOTICE file will include the ASF's copyright notice,
            in addition to other required notices.  Copyright 
            notices in third-party components distributed within ASF
            products will not be touched.

       CRYPTO EXPORT POLICY: I have posted a crypto policy at 
            http://apache.org/dev/crypto.html.  The policy should
            answer most of our questions in this area, but will be
            gradually enhanced over time.  

       GPLv3 COMPATIBILITY: After a close review of the first draft 
            of GPLv3, I brought up potential incompatibility issues 
            with the Apache License to the GPLv3 discussion committee
            that I serve on.  The FSF's counsel hopes these issues
            can be addressed in the next draft.  As I've said before, 
            both the FSF and the SFLC continue to be unwavering in 
            their dedication to ensure GPLv3 is compatible with Apache
            License v2.

       PATENT LICENSING IN CCLAS: I've spent a lot of time with 
            one particular corporate legal staff lately with their
            questions of whether the CCLA implies that the set of all
            possible patent claims being licensed can be known at the
            time of contribution.  It's obvious why a corporation 
            would want the answer to be affirmative; however, such an
            answer would not protect the project's work from patent
            infringement claims by a contributor regarding how their
            contribution is combined with other things.  It may be
            worth revising the (C)CLA language to make this more 
            clear.

       ELECTRONICALLY SUBMITTED AGREEMENTS: Now allowed.  See the 
            Secretary's report.

       LICENSING AUDITS: I work closely with the Eclipse Foundation's
            IP Manager, who continues to inform me of apparent 
            inconsistencies and inaccuracies in the licensing of
            ASF products.  I've been asking PMCs to address these 
            issues as they come up, but what we really need is an
            internal audit on each product to get these problems 
            fixed.  Before we can do that, we need complete 
            documentation on the things an audit should look for and
            how they should be corrected.  I will likely make this a
            priority for the "Docathon" at ApacheCon EU next month. 

       THIRD-PARTY IP: Due to the issues above, I've neglected to
            make the few remaining changes to the draft licensing
            policy doc and publish the official version.  As I 
            mentioned last month, I intend to tell PMCs that all new
            products MUST conform to the policy, but that all 
            existing products that do not currently conform need to
            only take one action over the next six months: report 
            where/how they are not conforming so that the practical
            impact of the policy can be better understood without
            yet requiring substantial changes. The philosophy 
            behind this "impact evaluation period" is that the 
            policy was primarily intended to document the mostly
            unwritten rules today and to choose one rule when 
            multiple exist across the ASF.  Now that I've cleared
            the license header and crypto issues off the high
            priority list, I hope to focus exclusively (as much as
            possible) on getting the 1.0 version out.

6. Special Orders

    C. Establish guidelines for handling copyright notices and license
       headers.

         WHEREAS, the copyright of contributions to The Apache
         Software Foundation remains with the contribution's owner(s),
         but the copyright of the collective work in each Foundation
         release is owned by the Foundation,

         WHEREAS, each file within a Foundation release often includes
         contributions from multiple copyright owners,

         WHEREAS, the Foundation has observed that per-file attribution
         of authorship does not promote collaborative development,

         WHEREAS, inclusion of works that have not been directly
         submitted by the copyright owners to the Foundation for
         development does not present the same collaborative
         development issues and does not allow the owners to consider
         the Foundation's copyright notice policies;

         NOW, THEREFORE, BE IT RESOLVED that for the case of copyright
         notices in files contributed and licensed to The Apache
         Software Foundation, the copyright owner (or owner's agent)
         must either: remove such notices, move them to the NOTICE 
         file associated with each applicable project release, or
         provide written permission for the Foundation to make such
         removal or relocation of the notices, and be it further

         RESOLVED, that each release shall include a NOTICE file for
         such copyright notices and other notices required to accompany
         the distribution, and be it further

         RESOLVED, that the NOTICE file shall begin with the following
         text, suitably modified to reflect the product name, version,
         and year(s) of distribution of the current and past releases:

           Apache [PRODUCT_NAME]
           Copyright [yyyy] The Apache Software Foundation

           This product includes software developed at
           The Apache Software Foundation (http://www.apache.org/).

         and be it further

         RESOLVED, that files licensed to The Apache Software
         Foundation shall be labeled with the following notice:

           Licensed to the Apache Software Foundation (ASF) under one
           or more contributor license agreements.  See the NOTICE file
           distributed with this work for additional information
           regarding copyright ownership.  The ASF licenses this file
           to you under the Apache License, Version 2.0 (the
           "License"); you may not use this file except in compliance
           with the License.  You may obtain a copy of the License at

             http://www.apache.org/licenses/LICENSE-2.0

           Unless required by applicable law or agreed to in writing,
           software distributed under the License is distributed on an
           "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
           KIND, either express or implied.  See the License for the
           specific language governing permissions and limitations
           under the License.

         and be it further

         RESOLVED, that for the case of works that have not been
         directly submitted by the copyright owners to the Foundation
         for development, the associated copyright notices for the work
         shall not be moved, removed, or modified. 

       By Unanimous Vote, Special Order 6C, Establish guidelines for
       handling copyright notices and license headers, was Approved.

April 26, 2006

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

       Cliff reported that the 3rd Party License report will
       likely be officially released later on this month (April),
       at which point he will start on the Copyright/Header
       issues. Regarding the 3rd Party License report, it is
       fully expected that, even though discussed and reviewed,
       there will be further discussions upon release. The board's
       stand is that we should release it "as is" and retify
       things if required. All new projects will need to adhere
       to the policy; existing projects will be given time to
       bring their codebases up to policy standards.

       The board expressed their appreciation to Cliff for
       a Job Well Done.

March 15, 2006

4. Officer Reports

    E. VP of Legal Affairs [Cliff]

       THIRD-PARTY IP: After nearly two months of review on the 
            board@ list and one month of review by pmcs@, I've
            finally posted the latest draft of the third-party
            licensing policy to the legal-discuss list.  My goal
            is to get all new comments or concerns collected by
            the end of the month, and resolve all issues to get  
            a final, official, v1.0 release in April.  I will 
            also be trying to solicit user comments through the
            feather blog and a brief pointer sent to a few of 
            the project user lists.  However, I would also like 
            to explicitly verify that there is a consensus from
            the Board in support of the guiding principles* 
            behind the policy and the resulting license criteria**.
         *http://people.apache.org/~cliffs/3party.html#principles
        **http://people.apache.org/~cliffs/3party.html#criteria

       LICENSING HEADER, ETC: Now that the third-party policy 
            doc is out there, my next major project is to draft
            and get our counsel to approve a document that 
            updates our source code licensing header,  
            describes where to place copyright notices, various 
            third-party licenses, explains how to deal with 
            crypto export issues, and more.  Although I think it
            will be useful to our committers to have this all in 
            one document, I won't hold up getting a resolution on
            the license header/copyright notice issue to wait for
            the rest of the document.

January 18, 2006

4. Officer Reports

    E. V.P. of Legal Affairs [Cliff]

       GPLv3: I just finished attending the GPLv3 conference at MIT,
            during which the first "discussion draft" of the GPLv3
            was presented.  The most relevant news is that the current
            discussion draft includes a "License Compatibility" 
            section that allows the inclusion of Apache-Licensed (v2.0)
            independent works within GPLv3-licensed programs.  This 
            section may change within the next year, but it remains 
            clear that Eben and RMS will continue to make this sort
            of compatibility with the Apache License a priority.  The 
            other news is that I have accepted an invitation to 
            represent the ASF on one the GPLv3 "discussion committees".

       THIRD-PARTY IP: I will be sending out a draft policy on third-
            party IP to the board@ list this Friday, January 20th.

        Cliff further reported that the Copyright Notice Policy
        was still being worked on, and will be finished some time
        after the completion of the 3rd Party License Policy
        Report.

December 21, 2005

4. Officer Reports

    E. V.P. of Legal Affairs [Cliff Schmidt]

       PATENT ISSUES: I had a second meeting with Microsoft about 
            possible improvements to the patent licenses that they
            have stated would apply to various WS specifications at
            OASIS.  Details can be found in my summary post to 
            legal-internal on 6 Dec 05 (Message-Id: 
            <81007DBD-EBD8-45DC-8A35-0FB8F4F3FC11@apache.org>.  I've
            since asked them about the possibility of issuing a
            Covenant not to enforce patent claims, similar to what they
            recently did for Office 2003 Reference Schemas.  No 
            response on that one just yet.

       GPLv3 COMPATIBILITY: Eben Moglen and RMS have each personally
            asked that the ASF participate in the GPLv3 input/feedback
            process, primarily to help ensure compatibility between
            the GPL and Apache licenses.  I plan to attend the first 
            GPLv3 conference at MIT in January for that purpose.

       THIRD-PARTY IP: After talking with 20+ ASF members at ApacheCon
            about a proposed licensing policy, I am now ready to float
            something formal by the membership.  The short version is 
            that I believe we need to draw the licensing line at the
            ability for our users to redistribute all parts of an 
            official ASF distribution under their own license, as long 
            as it does not violate the copyright owner's license.  I'm
            working up a list of  how this would impact the top 30 OSI-
            approved licenses and a few others, but I can tell you it 
            would exclude both the LGPL and the Sun Binary Code 
            License, which is currently used in Apache James. 

       LAME LIST: In prior reports I said I expected to have a policy
            written on crypto export and copyright notices.  I'm late
            on both.  I am now able to projects with the correct 
            procedure for crypto, but I still need to get it formally
            documented.

November 16, 2005

4. Officer Reports

    E. V.P. of Legal Affairs [Cliff Schmidt]

       SFLC: Justin and I had a kick-off meeting with Eben and two
            of his lawyers.  Justin and Greg are already working 
            with one of them to handle any issues with our books 
            and 501(c)(3) status.  Justin is the point person for
            this work and will be handling ongoing status in his
            Treasurer's report.

       BXA/CRYPTO: The Perl folks sent out the required notification 
            for the mod_ssl stuff.  I've now taken their feedback and
            drafted a process document to run through counsel Jason
            has referred me to another EFF lawyer with more crypto 
            export experience who has agreed to review it.  

       COPYRIGHT NOTICS: Our counsel will be giving one final review 
            on the copyright notice issue starting this Friday 
            (during a monthly teleconference).  Should have something
            ready within one week after that.

       LGPL: I'm still waiting on feedback from Eben on my 
            Java/LGPL position paper that I sent him last month. He
            wanted to refrain from giving me feedback until 
            discussing the matter with the FSF. I expect to have 
            something any day now, since that meeting should have 
            recently happened.  I recommend we hold off any decision
            to allow distribution of LGPL components within non-
            incubating product JARs until getting this one last 
            opinion from Eben and then bouncing it off the rest of 
            our counsel.  However, I do not think we should have any 
            legal concern about separately distributing the LGPL and 
            ASF component that depends on it; both Jason and Larry 
            have signed off on this question.

       THIRD-PARTY IP: In the process of working on a document to 
            get us to a comprehensive policy on what third-party 
            software we will distribute and how, I have created a 
            little matrix to summarize the issues across the most 
            common licenses of interest to the ASF today.  I will 
            send this matrix to legal-discuss list today for 
            discussion.  It might also be helpful for discussing 
            how LGPL is similar and different from licenses like
            the CPL and CDDL.

       ASF LEGAL POLICY DOC: All these issues and more are being 
            written to live within a series of ASF legal policy 
            documents that I am hoping to have approved at or soon 
            after ApacheCon.

       HOUSEKEEPING: I've created a new directory /foundation/legal/
            Board to include all Legal reports and approved 
            resolutions with a README indicating that they are 
            compiled there for convenience and with a pointer to 
            the normative versions.

October 26, 2005

4. Officer Reports

    E. V.P. of Legal Affairs [Cliff Schmidt]

       ADDITIONAL COUNSEL: I have signed an agreement with Eben 
          Moglen of the Software Freedom Law Center to have them
          offer the ASF pro bono legal services.  The first job
          will be to work with Justin on renewing our 501(c)(3)
          status and some of the thorny issues we need to resolve
          to get our books in order.

       BXA/CRYPTO: While I was working on a draft crypto policy, 
          I was notified that the Perl PMC (and Tomcat?) may not
          have sent notification to the Bureau of Industry and 
          Security (BIS, formerly known as BXA).  This has 
          required me to try out specific guidance on these two 
          projects, which will hopefully make the formal policy
          more robust.  I'm still working with the Perl and 
          Tomcat PMCs to help solve their immediate issues.  Most
          of the relevant discussion has been cc'd to 
          legal-internal.

       COPYRIGHT NOTICES: Last month I reported that I was getting
          general agreement from our counsel to move to a policy 
          that requires only a licensing notice, but not a 
          copyright notice at the top of each source file.  I
          regret to say that I have made very little progress on 
          this issue since last month.  I'll have this ready for 
          next board meeting.  

       LGPL: Last month I reported that this issue needs to be 
          addressed within the context of an overall policy stating
          what licenses are acceptable for ASF distributions to 
          take dependencies on and distribute (see "Third Party IP"
          issue below).  Ten days ago, I sent Eben Moglen (in his
          role as general counsel for the FSF) a five-page document
          (including a developer-focused FAQ) on my interpretation 
          of exactly what the LGPL allows and does not allow related
          to Java dependencies and distribution requirements.  He 
          has not given me feedback on this yet, but has been 
          talking about releasing a similar position paper on behalf
          of the FSF.

       THIRD-PARTY IP: Last month I reported that most of the 
          licenses we thought we could sublicense under the Apache 
          License (including the CPL) can really only be distributed 
          under their own license.  So, we now need to figure out what
          makes a license okay to include in an Apache distribution.  
          I've made very little progress on this in the last month, but 
          I hope to have a policy written, discussed, and ready for 
          approval by the December board meeting.

       ASF LEGAL POLICY DOC: Although I did not make as much progress
          as I'd hoped on the copyright notice and third-party IP 
          issues over the last month, I did write up and outline for
          an overall legal policy doc to address these issues and 
          others.  The outline (including a brief preview of where
          the document was probably headed) was sent to legal-discuss.

September 21, 2005

4. Officer Reports

    E. V.P. of Legal Affairs [Cliff Schmidt]

       COPYRIGHT NOTICES: I have gotten Jason, Larry, Robyn, and
          even Eben Moglen to all agree that we should be fine
          with no copyright notice at the top of each source file,
          and instead just include a licensing notice similar to
          what Roy recently posted to the Board@ list.  The issue
          that isn't quite solved yet is the mechanics of ensuring
          any COPYRIGHT file or section of the NOTICE file is in
          sync with the CLAs and agreements from outside contributors.

       BXA/CRYPTO: I now have an understanding of the open source
          exception to the crypto export requirements.  I've read
          through the relevant docs at bxa.doc.gov, eff.org, and
          a legal opinion from McGlashan & Sarrail dated
          September 13, 2000, which I found in /foundation/Records/BXA.
          There was a minor (generally favorable) change to the
          TSU exception (the one that applies to open source) last
          December.  The bottom line is that there appears to be no
          problem with distributing source or binaries as long as we
          give appropriate notice to the BXA/BIS.  My next step is to
          get an updated opinion from Jason and publish guidelines to
          PMCs.

       LGPL: There's the legal requirements side of this issue and
          the policy side (as with so many things).  I believe I have
          already completed the due dilligence on the legal
          requirements side; however, during conversations with Eben
          Moglen I've found that he plans to publish a document that
          is explicit about the issues or non-issues with Java and
          the LGPL.  I will be sending him my view of these issues
          this week, which I hope will influence what ends up in his
          document.  On the policy side, we need to stop treating the
          LGPL differently from other licenses, and instead determine
          what our policy is for taking dependencies on and
          distributing third-party IP.

       THIRD-PARTY IP: Any time we bring in third-party IP that is
          not licensed under the Apache License, we have two choices:
          a) sublicense the work under the Apache License (if we have
          the rights to do so), or b) distribute the Apache product
          under each applicable license and make that clear to our
          users.  We've been trying to say we're only doing a) so far.
          However, in my view we are obviously not consistently doing
          this, nor do I think it is practical to do so.  So, I'm now
          thinking the best way to address issues of shipping CPL,
          MPL, CDDL, LGPL, etc. is to stop trying to sublicense them
          under the Apache License and instead create and implement
          a policy that allows us to distribute products that contain
          IP under some set of license terms (including terms outside
          the scope of the Apache License).

August 17, 2005

4. Officer Reports

    E. V.P. of Legal Affairs [Cliff Schmidt]

       I've inserted slightly edited versions of the same MPL/NPL
       and LGPL resolutions, which were tabled last month.

       Since last month's meeting, I have:
         - confirmed with a second member of ASF's legal counsel
           that the proposed LGPL policy does not put our product
           licensing at risk;
         - posted and discussed the proposed LGPL policy on the 
           legal-discuss list, where no new concerns were raised 
           about the licensing ramifications; however there was 
           concern raised by both outside lawyers and Apache 
           committers that dependencies on LGPL libraries was not 
           in the best interests of some Apache users;
         - engaged with representatives of the Mozilla Foundation
           to discuss the proposed MPL/NPL licensing policy.  While
           they have *not* yet formally indicated their agreement
           with our interpretation, they have not yet raised any
           new concerns.

       Future action items include resolving the BXA/crypto issue 
       and investigating and proposing policies for the CPL, EPL,
       and CDDL licenses. 

       Finally, one of my short-term objectives is to overhaul the
       legal STATUS file to reflect the current priorities and 
       status.

6. Special Orders

    B. Allow redistribution of MPL- and NPL-licensed executables

       WHEREAS, some Project Management Committees (PMCs) within
       The Apache Software Foundation (ASF) expect to better serve 
       their mission through the use and redistribution of the
       executable form of existing source code licensed under the 
       Mozilla Public License (MPL) or Netscape Public License (NPL); 
       and

       WHEREAS, it is the ASF's interpretation that the MPL and NPL
       licenses permit distribution of such executables under the 
       terms of the Apache License, Version 2.0, provided the terms
       applicable to the associated source code have been complied 
       with and that appropriate entries made in the ASF 
       distribution's NOTICE file; and

       WHEREAS, the current ASF licensing policy discourages the 
       distribution of intellectual property by the ASF under terms
       beyond those stated in the Apache License, Version 2.0.

       NOW, THEREFORE, BE IT RESOLVED, that PMCs may use and 
       redistribute the executable form of existing source code 
       licensed under the MPL 1.0, MPL 1.1, NPL 1.0, or NPL 1.1; 
       and be it further

       RESOLVED, that PMCs must ensure such redistribution only 
       occurs after appropriate entries have been made in the ASF
       distribution's NOTICE file and only if the PMC finds that 
       the MPL/NPL terms applicable to the associated source code 
       appear to have been satisfied.

       Special Order 6B, Allow redistribution of MPL- and NPL-licensed
       executables, was Approved by Unanimous Consent.

    C. Allow product dependencies on LGPL-licensed libraries

       WHEREAS, some Project Management Committees (PMCs) within
       The Apache Software Foundation (ASF) expect to better serve 
       their mission through the occasional dependency on existing 
       LGPL-licensed libraries when no other practical alternative
       exists under terms covered by the Apache License, Version 2.0; 
       and

       WHEREAS, research into the impact of distributing ASF products 
       that depend on the presence of LGPL-licensed libraries  
       indicates that the product licensing terms are not affected by
       such a dependency; and

       WHEREAS, the current ASF licensing policy discourages the 
       distribution of intellectual property by the ASF under terms
       beyond those stated in the Apache License, Version 2.0.

       NOW, THEREFORE, BE IT RESOLVED, that PMCs may develop and
       distribute products that depend on the presence of 
       LGPL-licensed libraries when no other practical alternative
       exists under terms covered by the Apache License, Version 2.0; 
       and be it further

       RESOLVED, that PMCs will register such use of an LGPL-licensed
       library with the Vice President of Legal Affairs prior to the 
       PMC's next regularly scheduled Board report, and in no case 
       less than two weeks prior to the distribution of the 
       applicable product(s); and be it further

       RESOLVED, that PMCs will continue to reevaluate whether a
       practical alternative exists under terms covered by the Apache
       License, Version 2.0, which could be substituted in place of 
       the LGPL-licensed library; and be it further

       RESOLVED, that PMCs must continue to ensure that they do not 
       distribute LGPL-licensed libraries or any other intellectual
       property that is only available under licenses with terms 
       beyond those stated in the Apache License, Version 2.0.

       Special Order 6C, Allow product dependencies on LGPL-licensed
       libraries, was Tabled. The main discussion points were
       whether the permission of dependencies invalidated the
       spirit of the ASF and the Apache License. Discussion was
       to be continued on the Board mailing list.

July 28, 2005

4. Officer Reports

    E. V.P. of Legal Affairs [Cliff Schmidt]

       See Special Orders for two proposed resolutions.

       The first resolution allows PMCs to develop and distribute 
       software that depends on the presence of LGPL-licensed 
       libraries, *without* distributing the libraries themselves.
       After numerous discussions with the FSF, other LGPL licensors, 
       and ASF counsel, Larry Rosen, it appears that such a policy 
       should not impact the product licensing.  In order to allow
       PMCs to apply this policy to all useful LGPL-licensed 
       libraries, the resolution does not require the PMCs to get
       an agreement from each copyright owner, but instead requires
       the PMC to register the use of the particular LGPL library
       with the VP of Legal Affairs.  See my post to the board@ 
       list for more details ("My recommendation for an ASF policy on 
       the LGPL").

       The second resolution allows PMCs to redistribute MPL/NPL-
       licensed executables.  The key difference between the MPL/NPL
       and the LGPL regarding redistribution requirements is that the
       MPL/NPL allows redistribution under any license (provided that
       the distributor complies with the applicable terms of the 
       MPL/NPL); the LGPL requires redistribution of either the source
       or executable of the library to be licensed only under the LGPL.

       While the MPL 1.0, MPL 1.1, NPL 1.0, and NPL 1.1 are nearly
       identical in their treatment of redistribution of executables, 
       it is important to note that the NPL licenses are not OSI-
       approved, as they discriminate in favor of Netscape, weakening 
       the terms that Netscape has to comply with relative to other 
       users.  See my post to the board@ list for more details ("MPL/NPL
       Issue: My recommendation for an ASF policy on the MPL/NPL").

       NOTE: Larry Rosen has agreed with my analysis of the MPL/NPL
       licenses as described in the referenced post; however, yesterday 
       he suggested that I confirm that Mitchell Baker also agrees 
       (author of the licenses).  I have not yet received her response. 
       This could be a reason to table this resolution. 

6. Special Orders

    E. Allow product dependencies on LGPL-licensed libraries

       WHEREAS, some Project Management Committees (PMCs) within
       The Apache Software Foundation (ASF) expect to better serve 
       their mission through the use of existing LGPL-licensed 
       libraries as a product dependency; and

       WHEREAS, research into the impact of distributing ASF products 
       that depend on the presence of LGPL-licensed libraries has 
       indicated that the product licensing terms are not affected by
       such a dependency; and

       WHEREAS, the current ASF licensing policy continues to require
       all intellectual property distributed by the ASF be licensed 
       under the Apache License, Version 2.0.

       NOW, THEREFORE, BE IT RESOLVED, that PMCs may develop and
       distribute products that depend on the presence of 
       LGPL-licensed libraries; and be it further

       RESOLVED, that PMCs will register such use of an LGPL-licensed
       library with the Vice President of Legal Affairs prior to the 
       PMC's next regularly scheduled Board report, and in no case 
       less than one week prior to the distribution of the applicable
       product(s); and be it further

       RESOLVED, that PMCs must continue to ensure they do not 
       distribute LGPL-licensed libraries or any other intellectual
       property that cannot be strictly licensed under the Apache 
       License, Version 2.0.

       Discussion occurred that raised questions: Is the FSF position
       public?  Will downstream users be comfortable with this?  The
       conclusion was to give 3rd parties time to react to this
       proposed resolution prior to voting on it.  Resolution 6E
       was tabled with general consent.

    F. Allow redistribution of MPL- and NPL-licensed executables

       WHEREAS, some Project Management Committees (PMCs) within
       The Apache Software Foundation (ASF) expect to better serve 
       their mission through the use and redistribution of existing 
       software executables that are licensed under the Mozilla Public
       License (MPL) or Netscape Public License (NPL); and

       WHEREAS, research into the impact of distributing MPL- and 
       NPL-licensed executables indicated that such distribution 
       is allowed under the terms of the Apache License, Version 2.0,
       only if specific entries made in the NOTICE file and if the
       associated source code complies with the applicable terms of 
       the MPL/NPL; and

       WHEREAS, the current ASF licensing policy continues to require
       all intellectual property distributed by the ASF be licensed 
       under the Apache License, Version 2.0.

       NOW, THEREFORE, BE IT RESOLVED, that PMCs may use and 
       redistribute software executables that are licensed under the 
       MPL 1.0, MPL 1.1, NPL 1.0, or NPL 1.1; and be it further

       RESOLVED, that PMCs must ensure such redistribution only occurs
       after entries are made in the associated product's NOTICE file 
       in compliance with the terms of the MPL/NPL, and that the 
       associated source code also complies with the applicable terms 
       of the MPL/NPL.

       Resolution 6F was tabled with general consent.  Questions arose
       why MPL 1.0 was not ok before.  It is suggested to get feedback 
       from Mitchel Baker.

       Action Item: Review earlier arguments why MPL 1.0 was not ok.

June 22, 2005

6. Special Orders

    B. Appoint a Vice President of Legal Affairs

       WHEREAS, the Board of Directors deems it to be in the best
       interests of the Foundation and consistent with the
       Foundation's purpose to appoint an officer responsible
       for legal affairs, including but not limited to streamlining
       communication between the Foundation's Project Management
       Committees, legal counsel, the Board and other parties
       pertaining to legal issues. 

       NOW, THEREFORE, BE IT RESOLVED that the office of
       "Vice President of Legal Affairs" be and hereby created,
       the person holding such office to serve at the direction
       of the Board of Directors, and to have primary responsibility
       of coordinating the Foundation's legal counsel pertaining to
       legal issues; and be it further

       RESOLVED, that Cliff Schmidt be and hereby is appointed to
       the office of Vice President of Legal Affairs, to serve in
       accordance with and subject to the direction of the Board
       of Directors and the Bylaws of the Foundation until death,
       resignation, retirement, removal or disqualification, or
       until a successor is appointed.

       By Unanimous Vote, Cliff Schmidt was appointed as VP of
       Legal Affairs.