cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Grieve <agri...@chromium.org>
Subject Re: [DISCUSS] Automate signed icla to git commits
Date Tue, 29 Apr 2014 02:40:21 GMT
I'm pretty confident it's working as intended for now.


On Mon, Apr 28, 2014 at 3:05 PM, Marvin Humphrey <marvin@rectangular.com>wrote:

> On Mon, Apr 28, 2014 at 9:20 AM, Andrew Grieve <agrieve@chromium.org>
> wrote:
> > Interesting! Going by this description, it sounds like we wound't need
> > ICLAs for the majority of pull requests since pull requests details get
> > forwarded to the mailing-list.
>
> Legally, the party making the pull request implicitly asserts that they
> have
> the right to contribute the commits under the ALv2 section 5.
>
> However, if a release with infringing material escapes out into the wild,
> having somebody to blame will be cold comfort.  Should the original
> copyright
> owner request that we cease distributing the offending release, Cordova's
> users are going to be in a bad situation regardless.
>
> > New proposal: don't worry about CLAs at release time.
>
> The key here is that the Cordova PMC needs to be vigilant with every pull
> request from somebody who has not signed a CLA or is otherwise well-known
> to
> be submitting clean IP.  The Cordova committer who accepts the pull request
> and pushes to the ASF repo is the first line of defense.  However, the
> rest of
> the PMC is also collectively responsible for reviewing all commits.
>
> So the question is, how confident are you in the existing review process?
>  If
> it's working as intended, then there's indeed no need to perform an
> additional
> audit at release time.  On the other hand if it's porous, then building in
> more checks might be wise.
>
> Marvin Humphrey
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message