From info at arin.net Wed Jan 16 15:14:37 2008 From: info at arin.net (Member Services) Date: Wed, 16 Jan 2008 15:14:37 -0500 Subject: [consult] Call for Community Consultation - Software Repository Message-ID: <478E65AD.8090900@arin.net> ARIN received a suggestion (2008.1) that "ARIN shall maintain a software repository (with retrieval via anonymous FTP, HTTP, or other protocols in keeping with best current practices) for user-contributed schemas, software, and other tools for dealing with data published by ARIN." The complete suggestion can be viewed at: http://www.arin.net/acsp/suggestions/2008-1.html As a result, ARIN would like to solicit input to the following questions from the following community: 1. Should software in this repository be restricted only to contributions that are licensed to be in the public domain? If so, what license should be used (GNU/BSD/others)? 2. Should the repository allow separate developers facilities to maintain code directly (tools like subversion) or be a static-read only repository? 3. Should the repository only house collections that reflect ARIN's mission? Discussion on this list will close at noon EST 30 January 2008. Based on the feedback provided, ARIN will then develop a plan regarding this suggestion. If ARIN decides to move forward on this, ARIN will offer this service with an acceptable use policy outlining warranties, commercial use, and community shared enhancements. The ARIN Consultation and Suggestion Process documentation is available at: http://www.arin.net/about_us/corp_docs/acsp.html We welcome community-wide participation. Please address any process questions to info at arin.net. Regards, Member Services American Registry for Internet Numbers (ARIN) From briand at ca.afilias.info Wed Jan 16 15:50:06 2008 From: briand at ca.afilias.info (Brian Dickson) Date: Wed, 16 Jan 2008 15:50:06 -0500 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: <478E65AD.8090900@arin.net> References: <478E65AD.8090900@arin.net> Message-ID: <478E6DFE.5060104@ca.afilias.info> Member Services wrote: > ARIN received a suggestion (2008.1) that "ARIN shall maintain a software > repository (with retrieval via anonymous FTP, HTTP, or other protocols > in keeping with best current practices) for user-contributed schemas, > software, and other tools for dealing with data published by ARIN." > > General comment: Excellent idea! > The complete suggestion can be viewed at: > http://www.arin.net/acsp/suggestions/2008-1.html > > As a result, ARIN would like to solicit input to the following questions > from the following community: > 1. Should software in this repository be restricted only to > contributions that are licensed to be in the public domain? If so, what > license should be used (GNU/BSD/others)? > The code directly maintained (per #2 below) should be GPLv3. Other code should not have restrictions, other than the usual legal stuff when anything is hosted or mirrored (AUP stuff). > 2. Should the repository allow separate developers facilities to > maintain code directly (tools like subversion) or be a static-read only > repository? > Both. There should be a developer area (e.g. subversion stuff), and mirror(s) of other relevant projects hosted elsewhere, read-only. > 3. Should the repository only house collections that reflect ARIN's mission? > > The limitation for "ARIN mission" should only be applied to the code maintained directly. Other code should be loosely characterized as being of interest to many in the ARIN community. Brian Dickson > Discussion on this list will close at noon EST 30 January 2008. Based on > the feedback provided, ARIN will then develop a plan regarding this > suggestion. If ARIN decides to move forward on this, ARIN will offer > this service with an acceptable use policy outlining warranties, > commercial use, and community shared enhancements. > > The ARIN Consultation and Suggestion Process documentation is available > at: http://www.arin.net/about_us/corp_docs/acsp.html > > We welcome community-wide participation. Please address any process > questions to info at arin.net. > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > _______________________________________________ > ARIN-Consult > You are receiving this message because you are subscribed to the ARIN Consult Mailing > List (consult at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/consult Please contact the ARIN Member Services > Help Desk at info at arin.net if you experience any issues. > From rs at seastrom.com Wed Jan 16 16:22:16 2008 From: rs at seastrom.com (Robert E. Seastrom) Date: Wed, 16 Jan 2008 16:22:16 -0500 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: <478E65AD.8090900@arin.net> (Member Services's message of "Wed, 16 Jan 2008 15:14:37 -0500") References: <478E65AD.8090900@arin.net> Message-ID: <86bq7l4gaf.fsf@seastrom.com> My thoughts as proposal author inline: Member Services writes: > ARIN received a suggestion (2008.1) that "ARIN shall maintain a software > repository (with retrieval via anonymous FTP, HTTP, or other protocols > in keeping with best current practices) for user-contributed schemas, > software, and other tools for dealing with data published by ARIN." > > The complete suggestion can be viewed at: > http://www.arin.net/acsp/suggestions/2008-1.html > > As a result, ARIN would like to solicit input to the following questions > from the following community: > 1. Should software in this repository be restricted only to > contributions that are licensed to be in the public domain? If so, what > license should be used (GNU/BSD/others)? ARIN should be neutral as to license or indeed whether there is any license at all. I'm personally partial to the BSD/MIT license, but to be honest I never considered putting any kind of license at all on the PHP-based loadup scripts for bulk whois which I wrote (and got me thinking about good places to publish them, which led to this proposal). I didn't envision any kind of non-source licensed software, but I don't have a problem with shareware, nagware, trialware, or anything else so long as it deals with ARIN data sets or services. An expensive address management system plug-in module that did auto-SWIP submission, or a gold plated commercial RWHOIS server would be acceptable as far as I'm concerned. > 2. Should the repository allow separate developers facilities to > maintain code directly (tools like subversion) or be a static-read only > repository? It was never my intent to have ARIN be a competitor to SourceForge; only to provide a central location to access such software. > 3. Should the repository only house collections that reflect ARIN's mission? I would think that the answer would be "yes"; ARIN should not be in the "general mirror site" business any more than they should be players in SourceForge's space. Most tools that manipulate ARIN's datasets would fall under this rubric, though I can envision some applications (email address extractor and spam generator for bulk whois dumps, for instance) that would be out of scope. Clearly, the ARIN PM for this needs latitude to determine whether software is appropriate or not, with the usual check & balance of the appeals process. ---Rob From michael.dillon at bt.com Thu Jan 17 05:37:13 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 17 Jan 2008 10:37:13 -0000 Subject: [consult] [arin-announce] Call for Community Consultation - SoftwareRepository In-Reply-To: <478E65C1.7040907@arin.net> References: <478E65C1.7040907@arin.net> Message-ID: > 1. Should software in this repository be restricted only to > contributions that are licensed to be in the public domain? > If so, what license should be used (GNU/BSD/others)? It should be any licence which is listed by OSI at http://www.opensource.org/licenses If the software uses a modified form of one of these licences, such as the MIT or BSD licence with a different organization name, then they should state which licence they have used as a base, and supply the output of the UNIX diff command between their licence text and the OSI listed text. Note that none of the OSI licences denote that software is in the public domain, therefore, true public domain software should also be acceptable for the repository. > 2. Should the repository allow separate developers facilities > to maintain code directly (tools like subversion) or be a > static-read only repository? Yes, the repository should be based on a revision control system and Subversion is a good choice since it is widely implemented, and widely used. People may prefer git or bzr or arch or CVS, but everyone will know how to get software out of subversion. In addition, ARIN should ensure that all packages include a .tar.gz bundle and a .zip bundle ready to download for the most recent version. > 3. Should the repository only house collections that reflect > ARIN's mission? Yes, but this should be interpreted broadly. For instance, ARIN does not operate networks, yet it would be appropriate to house tools used to manage networks since most of those tools will manipulate IP addresses. Anything that overlaps ARIN's mission should be included. Note that not all such tools will use ARIN's repository as a development tool, i.e. a group who develop a tool using SourceForge could release a new version of their product, and ARIN could then import that to the ARIN repository after vetting the licence in case it has changed. The ARIN repository should actively attempt to have a full and complete collection of tools which unambiguously reflect ARIN's mission. --Michael Dillon From Ed.Lewis at neustar.biz Thu Jan 17 10:32:06 2008 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Thu, 17 Jan 2008 10:32:06 -0500 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: <478E65AD.8090900@arin.net> References: <478E65AD.8090900@arin.net> Message-ID: At 15:14 -0500 1/16/08, Member Services wrote: >1. Should software in this repository be restricted only to >contributions that are licensed to be in the public domain? If so, what >license should be used (GNU/BSD/others)? Yes and I have no opinion on the licensing. >2. Should the repository allow separate developers facilities to >maintain code directly (tools like subversion) or be a static-read only >repository? Static-read only. What's posted should be just finished works, stable in some sense, not a workbench. >3. Should the repository only house collections that reflect ARIN's mission? Yeah, definitely. Permission to post something should be left to the discretion of the staff. I'm advocating a minimalist approach. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Think glocally. Act confused. From matt.pounsett at cira.ca Thu Jan 17 11:00:57 2008 From: matt.pounsett at cira.ca (Matt Pounsett) Date: Thu, 17 Jan 2008 11:00:57 -0500 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: <478E65AD.8090900@arin.net> References: <478E65AD.8090900@arin.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2008-Jan-16, at 15:14, Member Services wrote: > 1. Should software in this repository be restricted only to > contributions that are licensed to be in the public domain? If so, > what > license should be used (GNU/BSD/others)? I don't see any reason to restrict based on licensing. As long as the software is relevant to interaction with ARIN, and ARIN is acting simply as a distribution point, then I don't care if it's "gold plated" (as RS puts it) commercial, public-domain no-license- required, or anything in between. However, if the prevailing wisdom of the community is that this should be limited to open source licenses, then I think it should be open to *all* such licenses, not just one or two. > 2. Should the repository allow separate developers facilities to > maintain code directly (tools like subversion) or be a static-read > only > repository? I don't see any reason for ARIN to get involved in providing development tools. A static ftp/http (or whatever) based distribution service is plenty. > 3. Should the repository only house collections that reflect ARIN's > mission? Yes. There are plenty of mirror sites out there for other software. The value in having ARIN provide a software repository is in knowing that is where one can get software related to dealing with ARIN data. If people have to wade through unrelated software to find what is relevant then that value is diminished. Matt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFHj3u/mFeRJ0tjIxERAjI4AJ93B/1IFEXn9kvWHimYZ7PZkOVCPACghj14 KA6jBAq8l+maDObA0LC4cMw= =Xzt9 -----END PGP SIGNATURE----- From mcr at xdsinc.net Thu Jan 17 11:51:04 2008 From: mcr at xdsinc.net (mcr at xdsinc.net) Date: Thu, 17 Jan 2008 11:51:04 -0500 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: <478E65AD.8090900@arin.net> References: <478E65AD.8090900@arin.net> Message-ID: <20080117165105.8B9FB1445D9@smtp2.arin.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Member" == Member Services writes: Member> As a result, ARIN would like to solicit input to the following questions Member> from the following community: Member> 1. Should software in this repository be restricted only to Member> contributions that are licensed to be in the public domain? If so, what Member> license should be used (GNU/BSD/others)? I don't hink it matters, as long as anyone can download and use for no cost. The right to modify things is a secondary consideration. There are many other places to put code, and what matters is that ARIN has a one-stop set of code that can be recommended. Member> 2. Should the repository allow separate developers facilities to Member> maintain code directly (tools like subversion) or be a Member> static-read only repository? Please not that SCM's like git do not require any specific server support. FTP/HTTP is enough, although sftp/HTTP/git-daemon is preferred. If you want to support SVN, then consider gForge or SourceCast, or... Member> 3. Should the repository only house collections that reflect Member> ARIN's mission? I think that the answer is yes, but that some discretion should be left to the ARIN. - -- Michael Richardson Simtone Corporation, Ottawa, Canada Personal: http://www.sandelman.ca/mcr/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQDVAwUBR4+Hce0sRu40D6vCAQJTtwX/YAd+gXtE+T20GWTrmQv0gTYszueDiWIG T96z7WY51Dgjx0JPeddUFhQb06YaaJZwlG2CoVwh6nApBB74h77dyy9fHWmyI/Dx gXVDAsb11S/srEmXe+SBhlT0cUiQONyqV8Ivz4XVy+Viv8uOlS0YZA1x2bCbfcEG EBFiADL30aMc/fyjldauQQ+jziLNEkYhUheYo5Alnke0yacADC3j7PcB2wWG7RVx uITEEMemqrZZWO/7daasfjDtOcSrqOEG =j7bT -----END PGP SIGNATURE----- From weiler at tislabs.com Thu Jan 17 12:02:39 2008 From: weiler at tislabs.com (Sam Weiler) Date: Thu, 17 Jan 2008 12:02:39 -0500 (EST) Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: <86bq7l4gaf.fsf@seastrom.com> References: <478E65AD.8090900@arin.net> <86bq7l4gaf.fsf@seastrom.com> Message-ID: I concur with Rob on the first two points, as noted. >> 1. Should software in this repository be restricted only to >> contributions that are licensed to be in the public domain? If so, what >> license should be used (GNU/BSD/others)? > > ARIN should be neutral as to license or indeed whether there is any > license at all. ... Concur. ARIN should be liberal in what it accepts. >> 2. Should the repository allow separate developers facilities to >> maintain code directly (tools like subversion) or be a static-read only >> repository? > > It was never my intent to have ARIN be a competitor to SourceForge; > only to provide a central location to access such software. There's nothing wrong with offering an SVN repository, but do what's easy. I think a static repository will be fine for 90% of the tools. For the few tools that are likely to have that much community interest, let them use sourceforge and provide a link. And if you occasionally get a patch or alternate version for something in the "static" repository, publish it. >> 3. Should the repository only house collections that reflect ARIN's >> mission? No. Again, "be liberal in what you accept". Even if a particular tool does something we don't like or is antithetical to ARIN's mission, it may be have some components that could be usefully reused (e.g. an email address extraction routine can be used for things other than spam). Some discretion may well be in order, but err on the side of inclusiveness. -- Sam From michael.dillon at bt.com Thu Jan 17 15:17:19 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 17 Jan 2008 20:17:19 -0000 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: References: <478E65AD.8090900@arin.net> <86bq7l4gaf.fsf@seastrom.com> Message-ID: > > ARIN should be neutral as to license or indeed whether there is any > > license at all. ... > > Concur. ARIN should be liberal in what it accepts. Just how does liberal ARIN distribute commercial software on its server without running afoul of the law? Sell it, I suppose. Or maybe sign some kind of distribution agreement. Do we really want to go there? That leaves open-source and public domain. The Open Source Initiative has done all the heavy lifting on figuring out which licenses are Open Source and which are not. If ARIN takes the trouble to make sure that each so-called "open source" package is actually using a license approved by OSI, that makes the repository more useful. Most of the potential users of such software work in companies whose legal staff are interested in making sure that employees only use software which they are properly licenced to use. OSI approved licences fit the bill for internal use, and for incorporating into products, the GPL versions are OK too as long as the employees understand that there are obligations under those licenses. And then we come to public domain software. This is a legal term which refers to software with no copyright, but in order to have this status there needs to be a specific disclaimer of copyright. I think that ARIN should steer clear of distributing any commercial software, not even shareware. It would be OK to keep a registry of such software that points to other sites which distribute it, but that is all. I think that, in addition to checking for OSI-approved licenses and posting diffs on Open Source software, ARIN should also check for a copyright disclaimer on any so-called public domain software. If any package falls through the cracks and does not have an approved OSI license or copyright disclaimer, then it should not be distributed, only listed in the registry of packages. Most importantly, is that ARIN has to add some value, not just be an open FTP site. --Michael Dillon From rs at seastrom.com Thu Jan 17 16:26:44 2008 From: rs at seastrom.com (Robert E. Seastrom) Date: Thu, 17 Jan 2008 16:26:44 -0500 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: (michael dillon's message of "Thu, 17 Jan 2008 20:17:19 -0000") References: <478E65AD.8090900@arin.net> <86bq7l4gaf.fsf@seastrom.com> Message-ID: <86ejcgnnxn.fsf@seastrom.com> writes: >> > ARIN should be neutral as to license or indeed whether there is any >> > license at all. ... >> >> Concur. ARIN should be liberal in what it accepts. > > Just how does liberal ARIN distribute commercial software on its > server without running afoul of the law? Sell it, I suppose. Or > maybe sign some kind of distribution agreement. Do we really want > to go there? The same way that it accepts open-source and public-domain software: the person who submits the software for inclusion on ARIN's server has to have the legal right to offer it up to be placed there. In the case of open source software, this is pretty straightforward; the license grants you the right to redistribute. In the case of commercial software, a representative of the software author who has apparent authority to make such policy decisions (read: VP or C*O type title if a corporation) could very easily decide to put the previous version of the software or a cripple/nag/share-ware version up with ARIN and still maintain their ability to make money on the current or full featured version. > That leaves open-source and public domain. The Open Source Initiative > has done all the heavy lifting on figuring out which licenses are > Open Source and which are not. Open Source is a marketing term that means you get the source code with the software as well as certain rights (often quite restrictive!) as to what you can do with said software or derivative works. Inasmuch as I suggested this as a way to have a "one-stop shop" for software that deals with ARIN datasets, I see no reason to push a political agenda regarding what whether source or particular rights are conveyed with the software or not. Of course, putting up software that has no RTU for the downloader associated it whatsoever would be a pretty meaningless gesture. > If ARIN takes the trouble to make sure that each so-called "open > source" package is actually using a license approved by OSI, that > makes the repository more useful. No, it does not, it excludes commercial software, making the archive less complete and thus less useful. > Most of the potential users of such software work in companies > whose legal staff are interested in making sure that employees > only use software which they are properly licenced to use. Correct. > OSI approved licences fit the bill for internal use, and for > incorporating into products, the GPL versions are OK too as long as > the employees understand that there are obligations under those > licenses. But that's not the point here. > And then we come to public domain software. This is a legal term which > refers to software with no copyright, but in order to have this > status there needs to be a specific disclaimer of copyright. My understanding is that in the US, no specific disclaimer or registration is necessary for a work to be in the public domain, although the Computer Software Rental Amendments Act of 1990 (Public Law 101-650, 104 Stat. 5089 (1990)) has a provision for registering such software with the LoC in order to make one's intent crystal clear. > I think that ARIN should steer clear of distributing any commercial > software, not even shareware. It would be OK to keep a registry > of such software that points to other sites which distribute it, > but that is all. Obviously we disagre here. > I think that, in addition to checking for OSI-approved licenses > and posting diffs on Open Source software, ARIN should also > check for a copyright disclaimer on any so-called public domain > software. > > If any package falls through the cracks and does not have > an approved OSI license or copyright disclaimer, then it > should not be distributed, only listed in the registry of > packages. I am against having ARIN push a political agenda outside of its charter (stewardship of Internet number resources), particularly one that is biased against commercial software. > Most importantly, is that ARIN has to add some value, not just > be an open FTP site. The value is in providing one-stop shopping for software that does stuff with ARIN resources. It is a service to the members (software consumers, by and large, not software publishers or developers). ---Rob From martin.hannigan at batelnet.bs Thu Jan 17 17:46:14 2008 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Thu, 17 Jan 2008 17:46:14 -0500 Subject: [consult] Call for Community Consultation - Software Repository Message-ID: <478fdab6.273.3cb9.11155@batelnet.bs> ----- Original Message ----- From: "Robert E. Seastrom" To: consult at arin.net Subject: Re: [consult] Call for Community Consultation - Software Repository Date: Wed, 16 Jan 2008 16:22:16 -0500 > My thoughts as proposal author inline: > > Member Services writes: > > > ARIN received a suggestion (2008.1) that "ARIN shall > > maintain a software repository (with retrieval via > > anonymous FTP, HTTP, or other protocols in keeping with > > best current practices) for user-contributed schemas, > software, and other tools for dealing with data published > by ARIN." > > > The complete suggestion can be viewed at: > > http://www.arin.net/acsp/suggestions/2008-1.html > > > > As a result, ARIN would like to solicit input to the > > following questions from the following community: > > 1. Should software in this repository be restricted only > > to contributions that are licensed to be in the public > > domain? If so, what license should be used > (GNU/BSD/others)? > > ARIN should be neutral as to license or indeed whether > there is any license at all. I'm personally partial to > the BSD/MIT license, but to be honest I never considered > putting any kind of license at all on the PHP-based loadup > scripts for bulk whois which I wrote (and got me thinking > about good places to publish them, which led to this > proposal). I didn't envision any kind of non-source > licensed software, but I don't have a problem with > shareware, nagware, trialware, or anything else so long as > it deals with ARIN data sets or services. An expensive > address management system plug-in module that did > auto-SWIP submission, or a gold plated commercial RWHOIS > server would be acceptable as far as I'm concerned. > > > 2. Should the repository allow separate developers > > facilities to maintain code directly (tools like > > subversion) or be a static-read only repository? > > It was never my intent to have ARIN be a competitor to > SourceForge; only to provide a central location to access > such software. > > > 3. Should the repository only house collections that > reflect ARIN's mission? > > I would think that the answer would be "yes"; ARIN should > not be in the "general mirror site" business any more than > they should be players in SourceForge's space. Most tools > that manipulate ARIN's datasets would fall under this > rubric, though I can envision some applications (email > address extractor and spam generator for bulk whois dumps, > for instance) that would be out of scope. Clearly, the > ARIN PM for this needs latitude to determine whether > software is appropriate or not, with the usual check & > balance of the appeals process. > > ---Rob\ +1 Marty From mksmith at adhost.com Fri Jan 18 01:07:25 2008 From: mksmith at adhost.com (Michael Smith) Date: Thu, 17 Jan 2008 22:07:25 -0800 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: <478E65AD.8090900@arin.net> References: <478E65AD.8090900@arin.net> Message-ID: Hello All: Comments in line. On Jan 16, 2008, at 12:14 PM, Member Services wrote: > ARIN received a suggestion (2008.1) that "ARIN shall maintain a > software > repository (with retrieval via anonymous FTP, HTTP, or other protocols > in keeping with best current practices) for user-contributed schemas, > software, and other tools for dealing with data published by ARIN." > > The complete suggestion can be viewed at: > http://www.arin.net/acsp/suggestions/2008-1.html > > As a result, ARIN would like to solicit input to the following > questions > from the following community: > 1. Should software in this repository be restricted only to > contributions that are licensed to be in the public domain? If so, > what > license should be used (GNU/BSD/others)? As long as the author provides consent directly or tacitly by uploading the software themselves, that should be sufficient. I don't think ARIN needs to adhere to any one license. However, a nicely worded disclaimer about warranties or, more specifically, a lack thereof, is probably advised. > > 2. Should the repository allow separate developers facilities to > maintain code directly (tools like subversion) or be a static-read > only > repository? I opt for static-read only because I think that a CVS repository steps outside of ARIN's mission. I like the idea of providing tools to the ARIN community, but I don't think the ARIN membership should incur the costs of maintaining a CVS repository for software. Having a web page that either links to outside sites or to a local ARIN site is preferable to me. > > 3. Should the repository only house collections that reflect ARIN's > mission? > I think so. If not, where would it end? Would ARIN become a FreeBSD mirror, or a CPAN mirror? Not that I particularly mind either way, but I think the ARIN Membership through the Board and Advisory Council should limit the scope of the site to those things that pertain to: 1) ARIN-provided services 2) RIR-provided services Personally, I would opt for number 2 because a lot of the stuff I have to do transcends ARIN to the RIR's as a whole. Regards, Mike Smith mksmith at adhost.com From michael.dillon at bt.com Fri Jan 18 04:03:21 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Fri, 18 Jan 2008 09:03:21 -0000 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: <86ejcgnnxn.fsf@seastrom.com> References: <478E65AD.8090900@arin.net> <86bq7l4gaf.fsf@seastrom.com> <86ejcgnnxn.fsf@seastrom.com> Message-ID: > In the case of commercial software, a > representative of the software author who has apparent > authority to make such policy decisions (read: VP or C*O type > title if a corporation) could very easily decide to put the > previous version of the software or a cripple/nag/share-ware > version up with ARIN and still maintain their ability to make > money on the current or full featured version. As far as I'm concerned, if ARIN is negotiating with a VP or C*O from a commercial software company, that pretty much implies that they are making a distribution agreement. The key point is that ARIN can then make it clear, on the site, what the licencing terms are for the software. > > If ARIN takes the trouble to make sure that each so-called "open > > source" package is actually using a license approved by OSI, that > > makes the repository more useful. > > No, it does not, it excludes commercial software, making the > archive less complete and thus less useful. No it does not. If a software package is "open source" that does not exclude it from being commercial software as well. In any case, I am *NOT* suggesting that ARIN excludes commercial software. I *AM* suggesting that if a package makes the claim to be "open source" then ARIN should make some effort to verify the claim. If the software has an OSI-approved license, that is sufficient evidence that it is indeed open-source software. > My understanding is that in the US, no specific disclaimer or > registration is necessary for a work to be in the public > domain, In March 1989, the USA signed the Berne convention which means that all works published in the USA have copyright whether or not there is a copyright notice attached. To be certain that a work is in the public domain, it needs to have a disclaimer that states that it is not copyrighted. > > I think that, in addition to checking for OSI-approved licenses and > > posting diffs on Open Source software, ARIN should also check for a > > copyright disclaimer on any so-called public domain software. > > > > If any package falls through the cracks and does not have > an approved > > OSI license or copyright disclaimer, then it should not be > > distributed, only listed in the registry of packages. > > I am against having ARIN push a political agenda outside of > its charter (stewardship of Internet number resources), > particularly one that is biased against commercial software. Making sure of the legality of distribution, and the terms under which the software can be used by others, is not pushing a political agenda. It is pushing an agenda of CLARITY and making sure that ARIN does not mislead people by omission. It is the U.S. legal system which forces the bias against commercial software because ARIN has no right to distribute it, and users have no right to use it, unless they comply with the terms of the owner. Open source software happens to be simpler in terms of legality, but it is still necessary to verify that its legal status is indeed clearly "open source". > The value is in providing one-stop shopping for software that > does stuff with ARIN resources. I already have a one-stop shopping service for such software. It's called the Internet. ARIN has to add some value above and beyond storage and file transfer and search engine reachability. --Michael Dillon From rs at seastrom.com Fri Jan 18 06:08:31 2008 From: rs at seastrom.com (Robert E. Seastrom) Date: Fri, 18 Jan 2008 06:08:31 -0500 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: (Michael Smith's message of "Thu, 17 Jan 2008 22:07:25 -0800") References: <478E65AD.8090900@arin.net> Message-ID: <86sl0vtmq8.fsf@seastrom.com> Michael Smith writes: >> 3. Should the repository only house collections that reflect ARIN's >> mission? >> > I think so. If not, where would it end? Would ARIN become a FreeBSD > mirror, or a CPAN mirror? Not that I particularly mind either way, > but I think the ARIN Membership through the Board and Advisory Council > should limit the scope of the site to those things that pertain to: > > 1) ARIN-provided services > 2) RIR-provided services > > Personally, I would opt for number 2 because a lot of the stuff I have > to do transcends ARIN to the RIR's as a whole. That's a very good point, and I'm completely on board with the notion that, for instance, software that does interesting things with complicated RPSL policies (which are found in RIPE-land and elsewhere a lot more than in the ARIN component of the IRR, where people generally just register an origin and call it a day) is in-scope. ---Rob From mcr at xdsinc.net Fri Jan 18 11:31:56 2008 From: mcr at xdsinc.net (mcr at xdsinc.net) Date: Fri, 18 Jan 2008 11:31:56 -0500 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: References: <478E65AD.8090900@arin.net> <86bq7l4gaf.fsf@seastrom.com> Message-ID: <20080118163159.003A71445A9@smtp2.arin.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "michael" == michael dillon writes: >> > ARIN should be neutral as to license or indeed whether there is any >> > license at all. ... >> >> Concur. ARIN should be liberal in what it accepts. michael> Just how does liberal ARIN distribute commercial software on its michael> server without running afoul of the law? Sell it, I suppose. Or Hi, you have made the mistake of assuming that commercial is the opposite of open source. It's not, they are two orthogonal ideas along different axis. Free-beer vs free-speech. The correct term for software which is not open source is proprietary. I know that you've been around long enough to know this distinction. IBM, Sun, Mysql and Redhat *sell* (i.e. do commercial transactions) for open source software. Apache is free like speech, but when you buy it from Sun, it's not free as in beer. Meanwhile, Microsoft, Adobe, Sun, and others gives away (as in free-beer) lots of software that is not free as in speech. If the software is free-as-in-beer, as fits within ARIN's mandate, I see no reason why ARIN should not make it available. For instance, maybe someone has an HP-OpenView plugin that does whois lookups on remote nodes, and it's binary-only (because it includes HP-Openview components which are royalty-free, but not open-source), and can only be used with a licensed copy of HP-Openview. I think that ARIN might want to host such a thing. Maybe someone even sells a support contract on it. - -- Michael Richardson Simtone Corporation, Ottawa, Canada Personal: http://www.sandelman.ca/mcr/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQDVAwUBR5DUeu0sRu40D6vCAQJGQAX/eGAEFfYpUa/zL6CXBWzhhZG8Bmyy1Kuc UTtMxLSiCjQqIM2XT+B/705kOjne5s75Ukv9K0e/cB5DUCoNKsGMknx35vsF4HiL YtuSZt8WhWLXzkI0FCTMK3FTmJHgTBrlGxIk+utRovSvpR9E7wN7OuOFWGd1jDQb tKn30cLXZin+sUZ6Ib62No9WWIvpTxTdUoB1QxZqVd6kodI9vRwi/+Cx4sylVxEZ 65j7Lw8qRIQnibolP5gXhJRWF0oNmMlw =sTiL -----END PGP SIGNATURE----- From michael.dillon at bt.com Fri Jan 18 12:12:41 2008 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Fri, 18 Jan 2008 17:12:41 -0000 Subject: [consult] Call for Community Consultation - Software Repository In-Reply-To: References: <478E65AD.8090900@arin.net> <86bq7l4gaf.fsf@seastrom.com> Message-ID: > Hi, you have made the mistake of assuming that commercial is the > opposite of open source. No I haven't! Commercial software (other than shareware) is usually distributed under the terms of a distribution contract. If you put a commercial software package (other than shareware) on your server for people to copy, then you are very likely breaking the law. Has everybody forgotten that the proposal is *NOT* for ARIN to use some software, but for ARIN to make copies available for download? Licenses are paramount in this case. ARIN needs to ensure that it has the right to distribute the software. And if ARIN is going to distribute both software that has restrictive licenses, then I think they owe us an explanation of the licencing terms up front. That is the substance of my comments. > IBM, Sun, Mysql and Redhat *sell* (i.e. do commercial > transactions) for open source software. So what? If it is licenced under the IBM Public License, then that is OSI-approved and therefore ARIN can just put it on the site. If it is MySQL, that is GPLed so there is no need to get permission to distribute. Redhat make Centos available under the GPL so again, no problems. However RedHat Enterprise Linux is licenced differently and you cannot copy it verbatim or distribute copies of it to others. As far as I understand, ARIN has no intent to *SELL* software, just make it available for others to copy. Therefore the important question is "What software packages does ARIN have the *RIGHT* to distribute?". The easy strategy is to start with OSI-approved Open Source licenses and packages which have a copyright disclaimer (Public Domain). --Michael Dillon From info at arin.net Thu Jan 31 09:52:02 2008 From: info at arin.net (Member Services) Date: Thu, 31 Jan 2008 09:52:02 -0500 Subject: [consult] Consultation Regarding "Software Repository" Now Closed Message-ID: <47A1E092.90805@arin.net> ARIN thanks the community for its input regarding the suggestion that ARIN maintain a software repository for user-contributed schemas, software, and other tools for dealing with data published by ARIN. ARIN staff will review all input and will report back to the community next week with its intended course of action. The archives of this discussion are available at: http://lists.arin.net/pipermail/consult/ Regards, Member Services American Registry for Internet Numbers (ARIN)