On Sat, Jul 24, 2010 at 12:56 PM, Toshio Kuratomi <a.badger@xxxxxxxxx> wrote: > In our case this is what happens when something that has an unknown > licensing issue becomes an integral part of Fedora Infrastructure and we > find out after the fact? > > Perhaps we need to say that we cannot let any external service become > essential to the running of Fedora Infrastructure. > > Perhaps we need signed contracts with any third parties that guarantee for > us the open sourceness of their code with monetary damages if there is > a violation. Perhaps we do need the right to audit the third parties. > > I do not think that API compliance is a really worthwhile definition. If > all it takes is API compliance why aren't we running the service ourselves? Maybe because running our own infrastructure requires resources and other service providers make actually be much better and much more efficient than our infrastructure team is at maintaining a particular service and our available admin manpower and system resources doesn't scale to provide all possible services in house in a maintainable way. Its the same question that every corporate entity must consider when they decide to deploy internally our outsource any part of their infrastructure to make best benefit of available resources. If we can run it ourselves is a different question than is it most efficient to run it ourselves. API compliance allows a graceful fallback if the overall efficiency/cost landscape changes. -jef _______________________________________________ advisory-board mailing list advisory-board@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/advisory-board
