[Zope] Re: The Zope Software Certification Program and Common Repository Proposal

[Philipp von Weitershausen]

Andrew Milton wrote:
> +-------[ Philipp von Weitershausen ]----------------------
> | Andrew Milton wrote:
> | > +-------[ Stephan Richter ]----------------------
> | > | Hello everyone,
> | > | 
> | > | With the development of Zope 3, the Zope developers committed to a new 
> | > | development process and higher software quality guidelines. With the adoption 
> | > | of Zope 3 technologies in the wider Zope community, we should also start 
> | > | using the process for third party package development.
> | > | 
> | > | I have spent the last two weeks working on a proposal that defines a Zope 
> | > | Software Certification Program (ZSCP) and a Common Repository that implements 
> | > | this process. The proposal is attached to this mail. I welcome any comments 
> | > | about it!
> | > 
> | > So in order to even get your Open Source package LISTED, you have to sign over 
> | > the rights of your code to Zope Corp (currently, Zope Foundation later), and then
> | > check it into the svn respository. 
> | > 
> | > Is this is correct?
> | 
> | No. The common repository under the wings of ZC/ZF is just *a*
> | repository that implements the ZSCP. There can be others, for example
> | the Plone repository, the collective repository (perhaps), etc.
> 
> <block quote>
> The Common Repository is *not* a replacement for other high-level repositories
> like Plone's or ECM's. It does not aim at assimilating everything in the wider
> Zope community. It is merely a place for high-quality packages that are
> supported by the Zope development team.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Code in the Common Repository *must* also use the license stated in
> section 3.5 and developers *must* sign the contributor agreement. The
>                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> agreement is necessary to ensure that contributions originated from the
> contributing developer.
> </end quote>
> 
> 
> a) Supported by Zope development team
> b) Must sign contributor agreement.
> 
> I don't see why a 'repository' of 3rd party packages needs any
> agreement signed, unless some kind of indemnity is required which it
> wouldn't need if it's "just a repository". Any 'infringement' would
> simply result in the offending code being removed from the repository
> (which would have to happen anyway in case someone 'lied' about
> owning it). After all the repository is not claiming ownership of the
> code is it (unless you have to sign it over....)
> 
> The license for the code should also be irrelevant, since it's just a
> repository right? Just a convenient one stop shop for packages. So
> each package should be able to have its own license, no need for a
> common license.
> 
> Having to sign the agreement serves no purpose unless there's some
> other IP issue involved other than simply storing the code.

Handing over ownership to the ZF and therefore having signed a
Contributor Agreement are the terms of the svn.zope.org repository, just
like that code is to be made ZPL. These are the rules of the repository,
even today (except for s/ZF/ZC). If you're not happy with that, then use
your another repository. Nobody is forcing you to put your stuff there.

Putting stuff into svn.zope.org *does* have advantages:

* it's easy to feed packages upstream to Zope for a later inclusion into
a Zope distribution.

* putting a project/package under the wings of the ZF ensures long-term
IP protection

* code in svn.zope.org will be under the common control of the Zope
developers which makes long-term maintenance easier to ensure.

* the common license (ZPL) and the common ownership of the ZF do away
with some legal headaches...

Perhaps there are others.

Philipp