[Zope] Re: The Zope Software Certification Program and Common Repository Proposal

Andrew Milton akm at theinternet.com.au
Mon Feb 20 23:55:55 EST 2006


+-------[ Philipp von Weitershausen ]----------------------
| Andrew Milton wrote:
| > +-------[ Stephan Richter ]----------------------
| > | Hello everyone,
| > | 
| > | With the development of Zope 3, the Zope developers committed to a new 
| > | development process and higher software quality guidelines. With the adoption 
| > | of Zope 3 technologies in the wider Zope community, we should also start 
| > | using the process for third party package development.
| > | 
| > | I have spent the last two weeks working on a proposal that defines a Zope 
| > | Software Certification Program (ZSCP) and a Common Repository that implements 
| > | this process. The proposal is attached to this mail. I welcome any comments 
| > | about it!
| > 
| > So in order to even get your Open Source package LISTED, you have to sign over 
| > the rights of your code to Zope Corp (currently, Zope Foundation later), and then
| > check it into the svn respository. 
| > 
| > Is this is correct?
| 
| No. The common repository under the wings of ZC/ZF is just *a*
| repository that implements the ZSCP. There can be others, for example
| the Plone repository, the collective repository (perhaps), etc.

<block quote>
The Common Repository is *not* a replacement for other high-level repositories
like Plone's or ECM's. It does not aim at assimilating everything in the wider
Zope community. It is merely a place for high-quality packages that are
supported by the Zope development team.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Code in the Common Repository *must* also use the license stated in
section 3.5 and developers *must* sign the contributor agreement. The
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
agreement is necessary to ensure that contributions originated from the
contributing developer.
</end quote>


a) Supported by Zope development team
b) Must sign contributor agreement.

I don't see why a 'repository' of 3rd party packages needs any agreement
signed, unless some kind of indemnity is required which it wouldn't need if
it's "just a repository". Any 'infringement' would simply result in the offending 
code being removed from the repository (which would have to happen anyway in case 
someone 'lied' about owning it). After all the repository is not claiming ownership 
of the code is it (unless you have to sign it over....)

The license for the code should also be irrelevant, since it's just a repository 
right? Just a convenient one stop shop for packages. So each package should be
able to have its own license, no need for a common license.

Having to sign the agreement serves no purpose unless there's some other IP
issue involved other than simply storing the code.

-- 
Andrew Milton
akm at theinternet.com.au


More information about the Zope mailing list