[Zope] Re: The Zope Software Certification Program and Common
Philipp von Weitershausen
philipp at weitershausen.de
Tue Feb 21 03:57:05 EST 2006
Andrew Milton wrote:
> +-------[ Philipp von Weitershausen ]----------------------
> | Andrew Milton wrote:
> | > +-------[ Stephan Richter ]----------------------
> | > | Hello everyone,
> | > |
> | > | With the development of Zope 3, the Zope developers committed to a new
> | > | development process and higher software quality guidelines. With the adoption
> | > | of Zope 3 technologies in the wider Zope community, we should also start
> | > | using the process for third party package development.
> | > |
> | > | I have spent the last two weeks working on a proposal that defines a Zope
> | > | Software Certification Program (ZSCP) and a Common Repository that implements
> | > | this process. The proposal is attached to this mail. I welcome any comments
> | > | about it!
> | >
> | > So in order to even get your Open Source package LISTED, you have to sign over
> | > the rights of your code to Zope Corp (currently, Zope Foundation later), and then
> | > check it into the svn respository.
> | >
> | > Is this is correct?
> | No. The common repository under the wings of ZC/ZF is just *a*
> | repository that implements the ZSCP. There can be others, for example
> | the Plone repository, the collective repository (perhaps), etc.
> <block quote>
> The Common Repository is *not* a replacement for other high-level repositories
> like Plone's or ECM's. It does not aim at assimilating everything in the wider
> Zope community. It is merely a place for high-quality packages that are
> supported by the Zope development team.
> Code in the Common Repository *must* also use the license stated in
> section 3.5 and developers *must* sign the contributor agreement. The
> agreement is necessary to ensure that contributions originated from the
> contributing developer.
> </end quote>
> a) Supported by Zope development team
> b) Must sign contributor agreement.
> I don't see why a 'repository' of 3rd party packages needs any
> agreement signed, unless some kind of indemnity is required which it
> wouldn't need if it's "just a repository". Any 'infringement' would
> simply result in the offending code being removed from the repository
> (which would have to happen anyway in case someone 'lied' about
> owning it). After all the repository is not claiming ownership of the
> code is it (unless you have to sign it over....)
> The license for the code should also be irrelevant, since it's just a
> repository right? Just a convenient one stop shop for packages. So
> each package should be able to have its own license, no need for a
> common license.
> Having to sign the agreement serves no purpose unless there's some
> other IP issue involved other than simply storing the code.
Handing over ownership to the ZF and therefore having signed a
Contributor Agreement are the terms of the svn.zope.org repository, just
like that code is to be made ZPL. These are the rules of the repository,
even today (except for s/ZF/ZC). If you're not happy with that, then use
your another repository. Nobody is forcing you to put your stuff there.
Putting stuff into svn.zope.org *does* have advantages:
* it's easy to feed packages upstream to Zope for a later inclusion into
a Zope distribution.
* putting a project/package under the wings of the ZF ensures long-term
* code in svn.zope.org will be under the common control of the Zope
developers which makes long-term maintenance easier to ensure.
* the common license (ZPL) and the common ownership of the ZF do away
with some legal headaches...
Perhaps there are others.
More information about the Zope