Steve Loughran wrote:
On 13/11/10 04:17, Paolo Castagna wrote:
Jeremy Carroll wrote:
On 11/12/2010 11:51 AM, Paolo Castagna wrote:
Also (from the JenaProposal):
"The Jena GRDDL Reader has some additional dependencies:
http://jena.sourceforge.net/grddl/license.html";
BrowserLauncher2 could be removed in favor of a much simpler approach
(i.e. write it in a file!).
That is actually superseded by a Java6 facility, so I should do a
small piece of recoding and remove the dependency
+1
(and, if I can help, let me know.)
Of course, it would be even easier/less work, to remove the click
through altogether (this is probably my favorite option).
What other Apache projects do in a similar situation (i.e. you want
to warn the user about some potential security issues and therefore
you ask the user to actively agree, press a button, etc. to make sure
the user reads it (I know, I know...))?
The GRDDL component runs XSLT from the Web, in a sandbox.
The HP lawyer who advised, understanding the risks of running 3rd
party code, wanted an explicit user action to agree to the BSD license
terms, to have a firmer leg to stand on if the the 3rd party code
proved malicious, and the sandbox inadequate.
(The browser launcher is used only for the click through agreement to
BSD)
I was not able to find a single Apache project which requires a click
through to 'ensure' users agree to the license.
it really screws up things like transitive ivy/maen downloads too, you
make an enemy of people downstream. That's why Sun JARs with click
through licenses aren't there.
For Jena, maybe untrusted XSL is some feature that should be turned on
via a config option, not click-through.
GRDDL is just one (small) module within Jena.
Jena GRDDL implements stuff specified here:
http://www.w3.org/2004/01/rdxh/spec
Jena GRDDL artifacts are not published in Maven Central at the moment.
More importantly, Jena does not use any click through.
This is just to avoid confusion.
Paolo
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
