Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jakarta.ee-spec.committee] [External] : Question from Platform TCK team about publishing TCKs to Maven 
Paul,
An additional issue that the TCK team would like clarification on is -- what about publishing common binary artifacts and do these have any special license or publication requirements. 

Thanks,

-- Ed

On 3/20/2024 6:55 AM, Ed Bratt via jakarta.ee-spec.committee wrote:
Paul, The Platform team asked me to raise these questions for discussion at the Spec. committee today.
In the EE Platform team meeting, Scott Marlow raised the question: is it allowed for TCKs to be published as Maven artifacts. If so, what licensing considerations apply?
It is my recollection that, currently, the only normative location to obtain TCKs is the Spec. committee download. We generate and use SHA-256 hash codes as well as SIG hash that can only be generated by the Spec. committee. If a TCK replica were to be placed somewhere else, so long as the SHA and SIG codes are valid, we do not have any ability to verify the lineage of the artifact that was ultimately used. Therefore, if the identical artifact posted to the Specification Download location were also posted to Maven, we could not, in any way practical, tell the difference.
A simple proposal might be to simply require that the official TCKs be published via the specification download, the specification hashes be generated and recorded-- and then allow alternate download locations (e.g. a Maven Artifact) -- so long as the SHA and SIG sums are valid the TCK is allowed for CCR validation.
I am not aware of the nuances that might apply to posting Milestone releases. May these can be posted as the team likes, but if they are preliminary, what restrictions should be placed on them and/or is there any other detail the teams should be concerned with.
Their second question is - what licensing is required for Milestone releases? May non-final artifact include the EFTL or must EFTL only be included on final artifacts. Needless to say, it would be easier for the development teams if the TCKs can be dual-licensed in all cases (EFTL + EPL) -- CCRs, EFTL must be the chosen license. (As background, we had previously investigated and determined that EFTL is a valid license for Maven. The dual license is needed to allow use by teams that need to use the TCK on the project license terms, and not for compatibility certification). 

_______________________________________________
jakarta.ee-spec.committee mailing list
jakarta.ee-spec.committee@xxxxxxxxxxx
To unsubscribe from this list, visit https://urldefense.com/v3/__https://www.eclipse.org/mailman/listinfo/jakarta.ee-spec.committee__;!!ACWV5N9M2RV99hQ!NPOJul4AP3oC4SFUwbDvjoGSPvRNqvHcARywkEgNFpj25QazynlxXGJLQ4xooiY3Jeh84HEn2tvez_bW2qo827CbA2Y$

Back to the top