Return-Path: 
 <dev-return-3360-apmail-community-dev-archive=community.apache.org@community.apache.org>
X-Original-To: apmail-community-dev-archive@minotaur.apache.org
Delivered-To: apmail-community-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6AF1B17DDA
	for <apmail-community-dev-archive@minotaur.apache.org>;
 Thu, 15 Jan 2015 11:06:33 +0000 (UTC)
Received: (qmail 32066 invoked by uid 500); 15 Jan 2015 11:06:35 -0000
Delivered-To: apmail-community-dev-archive@community.apache.org
Received: (qmail 31847 invoked by uid 500); 15 Jan 2015 11:06:35 -0000
Mailing-List: contact dev-help@community.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@community.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@community.apache.org>
List-Post: <mailto:dev@community.apache.org>
List-Id: <dev.community.apache.org>
Reply-To: dev@community.apache.org
Delivered-To: mailing list dev@community.apache.org
Received: (qmail 31770 invoked by uid 99); 15 Jan 2015 11:06:34 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Jan 2015 11:06:34 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of leftyleverenz@gmail.com
 designates 209.85.223.181 as permitted sender)
Received: from [209.85.223.181] (HELO mail-ie0-f181.google.com)
 (209.85.223.181)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Jan 2015 11:06:09 +0000
Received: by mail-ie0-f181.google.com with SMTP id rl12so14150650iec.12
        for <dev@community.apache.org>; Thu, 15 Jan 2015 03:05:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=AMyofGSeuhOBJnQAFjhZv8JrzazJPcfM3XGaGW1FIeA=;
        b=St/wBpTrVPfezrNWW+Co5NWP0FZbNce6FvpYBz3utSLp9yDu+rOqK4MK5qBtBCnUXH
         +yXSY2cGD1fm9Q9MX9PhatysFysxwgyxelBHrRWqs4N5OuiFORcu3+1P8Q8UteqKt6MO
         +6ZHwfiIDA8bN8jIubxl8an+tEXDuuA/qPodwnAOUrFGSYHBHdTlu+0+mH+tx1ol9QQd
         2cRLMx/JUAy1v9absgAU8MQCUIiZgNRj7z+wY5NS8O2UTRhUxoVzz3h1xeJhEVLCgwTd
         i3+VLuD+OCs/MpkBwAmdJB+lJ4wWVmSdlw+Ui/gvD7KImOd1qVkBeKa8utpw+tQKkU4+
         NHxA==
MIME-Version: 1.0
X-Received: by 10.107.135.34 with SMTP id j34mr9325935iod.84.1421319922440;
 Thu, 15 Jan 2015 03:05:22 -0800 (PST)
Received: by 10.42.127.70 with HTTP; Thu, 15 Jan 2015 03:05:22 -0800 (PST)
In-Reply-To: 
 <CACEcauUkNrLb=3CoZacfFEAU0jPrFCnVCrNhXbXzSU5L8eMFvA@mail.gmail.com>
References: 
 <CALhtWkfN5bF=nZjpLdGWzK29SPFb0XfYEF_VuAPPEcHP-9=PcA@mail.gmail.com>
	<D0DC4DED.42FA5%rvesse@dotnetrdf.org>
	<CALhtWkdgRfUP0MCDtCT-_Zdz1boO4ykE-CQ58zi7SBCr3AZJmA@mail.gmail.com>
	<CACEcauUkNrLb=3CoZacfFEAU0jPrFCnVCrNhXbXzSU5L8eMFvA@mail.gmail.com>
Date: Thu, 15 Jan 2015 03:05:22 -0800
Message-ID: 
 <CACEcauW2PL=2=+B2GdvPdb_tZQrx6EcrQDjNVUvvyz+YN5enJg@mail.gmail.com>
Subject: Re: Some maturity model comments
From: Lefty Leverenz <leftyleverenz@gmail.com>
To: dev@community.apache.org
Content-Type: multipart/alternative; boundary=001a113eb29e16e21a050caed5d1
X-Virus-Checked: Checked by ClamAV on apache.org

--001a113eb29e16e21a050caed5d1
Content-Type: text/plain; charset=UTF-8

Oh, duh, it's the maturity model.  Well, in context I found it confusing.

-- Lefty

On Thu, Jan 15, 2015 at 2:22 AM, Lefty Leverenz <leftyleverenz@gmail.com>
wrote:

> In CO10, what does "according to this model" mean?
>
> *CO10*
>
> The project has a well-known homepage that points to all the information
>> required to operate according to this model.
>>
>
> If it means the Apache model, do most project home pages currently point
> to information about Apache operations?
>
> -- Lefty Leverenz
>
>
> On Wed, Jan 14, 2015 at 8:51 AM, Benson Margulies <bimargulies@gmail.com>
> wrote:
>
>> On Wed, Jan 14, 2015 at 11:46 AM, Rob Vesse <rvesse@dotnetrdf.org> wrote:
>> > LC50:
>> >
>> > I think the LC50 is actually correct but could perhaps be phrased better
>> >
>> > My understanding was that the ASF owns the copyright for the collective
>> > work of the project I.e. releases.  As Benson notes contributors retain
>> > copyright on their contributions but grant the ASF a perpetual license
>> to
>> > their contributions
>>
>> I think that the wording should be expanded to mention both aspects.
>>
>> >
>> > QU30:
>> >
>> > Agreed, some projects may not do anything that is attack prone or are
>> > likely only to be run such that any "security" is provided by whatever
>> > runtime they use and the security of that runtime is well beyond the
>> > purview of the project.
>> >
>> > Consensus building:
>> >
>> > Should there be a CS60 about the rare need for private discussions
>> >
>> > CS60:
>> >
>> > In rare situations (typically security, brand enforcement, legal and
>> > personnel discussions) the project may need to first reach consensus in
>> > private in which case the project should use their official private
>> > communications channel such that these rare private discussions are
>> > privately archived.  The outcomes of such consensus should where
>> possible
>> > be discussed in public as soon as it is appropriate to do so.
>> >
>> > That isn't great wording but hopefully you get what I am trying to
>> convey
>> > - projects should rarely discuss in private and any discussions should
>> > become public as soon as it is possible to do so
>> >
>> > Rob
>> >
>> > On 14/01/2015 15:33, "Benson Margulies" <bimargulies@gmail.com> wrote:
>> >
>> >>CD40: perhaps change 'previous version' to 'released version'
>> >>
>> >>CD50: the committer is not necessarily the author; someone might read
>> >>this and not understand what it implies for committers committing
>> >>contributions via all of the channels allowed for by the AL. One patch
>> >>would be 'immediate provenance', another would be some more lengthier
>> >>language about the process.
>> >>
>> >>LC20: do we need to explain what we mean by 'dependencies'? This has
>> >>been a point of friction. Expand or footnote to the distinctions
>> >>between essential and optional?
>> >>
>> >>LC50: the footnote seems wrong; the ASF does not own copyright,
>> >>rather, the author retains, and grants the license.
>> >>
>> >>RE40: do you want to add an explicit statement that legal
>> >>responsibility falls upon the head of the person who happened to run
>> >>the build?
>> >>
>> >>QU20: Maybe we need to expands on 'secure'? Maybe this is too strong?
>> >>What's wrong with building a product that is explicitly not intended
>> >>for use attack-prone environments.
>> >>
>> >>QU40: Not all communities might agree. Some communities might see
>> >>themselves as building fast-moving products. Some communities may lack
>> >>the level of volunteer effort required to satisfy this. Does this make
>> >>them immature, or just a group of volunteers with different
>> >>priorities?
>> >>
>> >>IN10: I fear that a more detailed definition of independence is going
>> >>to be called for here to avoid controversy.
>> >
>> >
>> >
>> >
>>
>
>

--001a113eb29e16e21a050caed5d1--