community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benson Margulies <>
Subject Re: Some maturity model comments
Date Wed, 14 Jan 2015 16:51:32 GMT
On Wed, Jan 14, 2015 at 11:46 AM, Rob Vesse <> wrote:
> LC50:
> I think the LC50 is actually correct but could perhaps be phrased better
> My understanding was that the ASF owns the copyright for the collective
> work of the project I.e. releases.  As Benson notes contributors retain
> copyright on their contributions but grant the ASF a perpetual license to
> their contributions

I think that the wording should be expanded to mention both aspects.

> QU30:
> Agreed, some projects may not do anything that is attack prone or are
> likely only to be run such that any "security" is provided by whatever
> runtime they use and the security of that runtime is well beyond the
> purview of the project.
> Consensus building:
> Should there be a CS60 about the rare need for private discussions
> CS60:
> In rare situations (typically security, brand enforcement, legal and
> personnel discussions) the project may need to first reach consensus in
> private in which case the project should use their official private
> communications channel such that these rare private discussions are
> privately archived.  The outcomes of such consensus should where possible
> be discussed in public as soon as it is appropriate to do so.
> That isn't great wording but hopefully you get what I am trying to convey
> - projects should rarely discuss in private and any discussions should
> become public as soon as it is possible to do so
> Rob
> On 14/01/2015 15:33, "Benson Margulies" <> wrote:
>>CD40: perhaps change 'previous version' to 'released version'
>>CD50: the committer is not necessarily the author; someone might read
>>this and not understand what it implies for committers committing
>>contributions via all of the channels allowed for by the AL. One patch
>>would be 'immediate provenance', another would be some more lengthier
>>language about the process.
>>LC20: do we need to explain what we mean by 'dependencies'? This has
>>been a point of friction. Expand or footnote to the distinctions
>>between essential and optional?
>>LC50: the footnote seems wrong; the ASF does not own copyright,
>>rather, the author retains, and grants the license.
>>RE40: do you want to add an explicit statement that legal
>>responsibility falls upon the head of the person who happened to run
>>the build?
>>QU20: Maybe we need to expands on 'secure'? Maybe this is too strong?
>>What's wrong with building a product that is explicitly not intended
>>for use attack-prone environments.
>>QU40: Not all communities might agree. Some communities might see
>>themselves as building fast-moving products. Some communities may lack
>>the level of volunteer effort required to satisfy this. Does this make
>>them immature, or just a group of volunteers with different
>>IN10: I fear that a more detailed definition of independence is going
>>to be called for here to avoid controversy.

View raw message