If a project depends upon a package, IP analysis and clearance may be required whether or not we physically distribute the code.
On 23/10/2015 10:01 PM, Doug Schaefer wrote:
I think for some of this though, we’re running into hurdles from IP.
Node.js drives a lot of this. For example both Grunt and Bower are node.js
apps and more are coming every day. We need to be able to redistribute
node for those that don’t have it. Visual Studio does this, hate to see us
not able to.
>From the IP point of view, we need to separate "ship node.js" from "use lots of npm packages". It is the latter case that is hard to do, as the general state of IP provenance management in the npm ecosystem is poor.
We are also working on a new policy to make it easier for projects to use IP which in the past we would have rejected as not meeting our standards for IP cleanliness. Assuming it is approved by the Board, that will hopefully allow us to use more assets from
the npm ecosystem which are well-known and widely used. Stay tuned on that.
Thanks, Mike. I’m not sure we need to redistribute npm packages. They’re so easy to install, it could be done as a result of user action based on their approval of the provenance of the ecosystem. While I agree this is an issue with vendors redistributing
the bits, it doesn’t seem to be an issue with users, the people who are building systems based on that ecosystem.
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information
by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission
by unintended recipients is not authorized and may be unlawful.
