Search Engine on

Jeff Spaleta jspaleta at
Sat Jul 24 21:13:06 UTC 2010

On Sat, Jul 24, 2010 at 12:56 PM, Toshio Kuratomi <a.badger at> wrote:
> In our case this is what happens when something that has an unknown
> licensing issue becomes an integral part of Fedora Infrastructure and we
> find out after the fact?

> Perhaps we need to say that we cannot let any external service become
> essential to the running of Fedora Infrastructure.
> Perhaps we need signed contracts with any third parties that guarantee for
> us the open sourceness of their code with monetary damages if there is
> a violation.  Perhaps we do need the right to audit the third parties.
> I do not think that API compliance is a really worthwhile definition.  If
> all it takes is API compliance why aren't we running the service ourselves?

Maybe because running our own infrastructure requires resources and
other service providers make actually be much better and much more
efficient than our infrastructure team is at maintaining a particular
service and our available admin manpower and system resources doesn't
scale to provide all possible services in house in a maintainable way.
 Its the same question that every corporate entity must consider when
they decide to deploy internally our outsource any part of their
infrastructure to make best benefit of available resources.    If we
can run it ourselves is a different question than is it most efficient
to run it ourselves.  API compliance allows a graceful fallback if the
overall efficiency/cost  landscape changes.


More information about the advisory-board mailing list