Return-Path: 
 <dev-return-32968-apmail-cordova-dev-archive=cordova.apache.org@cordova.apache.org>
X-Original-To: apmail-cordova-dev-archive@www.apache.org
Delivered-To: apmail-cordova-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 7F2171196C
	for <apmail-cordova-dev-archive@www.apache.org>;
 Wed, 30 Apr 2014 17:10:04 +0000 (UTC)
Received: (qmail 86598 invoked by uid 500); 30 Apr 2014 17:10:04 -0000
Delivered-To: apmail-cordova-dev-archive@cordova.apache.org
Received: (qmail 86550 invoked by uid 500); 30 Apr 2014 17:10:03 -0000
Mailing-List: contact dev-help@cordova.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cordova.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cordova.apache.org>
List-Post: <mailto:dev@cordova.apache.org>
List-Id: <dev.cordova.apache.org>
Reply-To: dev@cordova.apache.org
Delivered-To: mailing list dev@cordova.apache.org
Received: (qmail 86542 invoked by uid 99); 30 Apr 2014 17:10:03 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Apr 2014 17:10:03 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of wjamesjong@gmail.com designates
 209.85.160.172 as permitted sender)
Received: from [209.85.160.172] (HELO mail-yk0-f172.google.com)
 (209.85.160.172)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Apr 2014 17:09:59 +0000
Received: by mail-yk0-f172.google.com with SMTP id 131so1744317ykp.31
        for <dev@cordova.apache.org>; Wed, 30 Apr 2014 10:09:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=content-type:mime-version:subject:from:in-reply-to:date
         :content-transfer-encoding:message-id:references:to;
        bh=NDSgKlucmtKXO+shzW8Xb+LCcvWLuJuWPO27Rz95FPw=;
        b=qelKR2RXVAp64yioaMzQhuhyn93eneIadCuocNZZL/zMc7TtOzJH/fZpWMUhJcqw3w
         VmTzjH5n6nVIMQNgcosK18vB5JhFW78e7aPXTZbGSeNrmHxSQw+m6E0sE/j38sTH63HZ
         0IGqJEXp5JA2Xj3BI+h/8YAeW85v5U60e+LavsMM3gUlcNFo8r+OPm/oQbN6JY309eYN
         m+ea3J2XasXM0zG3b73346oBout65ZFvXhlyXZeYMPwBGOuF2srWJFW+f7OskDZnNvC9
         /am/8cnGLCYZuSv67TFQGzNQCMN4pzd56r8dl5F41RvSNgWRaR/evTFJceL2KosLWVmW
         i2RQ==
X-Received: by 10.236.160.165 with SMTP id u25mr7428808yhk.39.1398877776687;
        Wed, 30 Apr 2014 10:09:36 -0700 (PDT)
Received: from jamess-mbp.raleigh.ibm.com (pokama-o.bluebird.ibm.com.
 [129.42.208.176])
        by mx.google.com with ESMTPSA id
 63sm43860777yhi.13.2014.04.30.10.09.35
        for <dev@cordova.apache.org>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Wed, 30 Apr 2014 10:09:36 -0700 (PDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: [DISCUSS] Automate signed icla to git commits
From: James Jong <wjamesjong@gmail.com>
In-Reply-To: 
 <CABiQX1Utrp5UAZm6APAB+U00vUq9f5sAEXi86sHn1ExQh6wTiQ@mail.gmail.com>
Date: Wed, 30 Apr 2014 13:09:35 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <B4113DF0-CEA2-4556-97B2-FAA47B8EEC76@gmail.com>
References: 
 <CAKP6k2sngMNwRnydhKBda2o8PijfF4hsCKODNyspKnpEdALksQ@mail.gmail.com>
 <CAK_TSX+PTqKZHyfH1q9vBprVgcmM7vvj7XEoGziyOGqY+hfM3Q@mail.gmail.com>
 <CAEeF2TeaoaHUVpWv0ts_k-19DRZmQeH_Kz840pby2EaDCQf7SA@mail.gmail.com>
 <CABiQX1VR_7e4+6xsLb3gj+txWBtifQqx+NQgVn2QURJ_rGRPyA@mail.gmail.com>
 <E37B2FBC-07AC-43CF-BF3F-1CD8CADF1E84@gmail.com>
 <CAKP6k2tVvcZAip-XqdRvS3NpuJHWeeSzzw7HQgUgHY4H4WWrrg@mail.gmail.com>
 <CAAS6=7iHiiuPMQgoHOT8+1pN8jaejsN-hTWcWVZWsoiaQz9G=w@mail.gmail.com>
 <CABiQX1Xw79xzAYuA4FoShyshujsquDXru_DTForgBTC3U50DWg@mail.gmail.com>
 <CAAS6=7hQC=GCV44daAZu5T877LzvqBg9Dxw+Ks0Lu8Sx_DeEYw@mail.gmail.com>
 <CABiQX1Utrp5UAZm6APAB+U00vUq9f5sAEXi86sHn1ExQh6wTiQ@mail.gmail.com>
To: dev@cordova.apache.org
X-Mailer: Apple Mail (2.1874)
X-Virus-Checked: Checked by ClamAV on apache.org

Agreed that it is working as intended.  It=92s also good to know that =
although Cordova=92s been requiring CLA=92s for it=92s contributions, it =
isn=92t a hard Apache requirement.  For some contributions I=92ve wanted =
to pull in, the CLA has been the holdup.  Thanks for the clarification.

-James Jong

On Apr 28, 2014, at 10:40 PM, Andrew Grieve <agrieve@chromium.org> =
wrote:

> I'm pretty confident it's working as intended for now.
>=20
>=20
> On Mon, Apr 28, 2014 at 3:05 PM, Marvin Humphrey =
<marvin@rectangular.com>wrote:
>=20
>> On Mon, Apr 28, 2014 at 9:20 AM, Andrew Grieve <agrieve@chromium.org>
>> wrote:
>>> Interesting! Going by this description, it sounds like we wound't =
need
>>> ICLAs for the majority of pull requests since pull requests details =
get
>>> forwarded to the mailing-list.
>>=20
>> Legally, the party making the pull request implicitly asserts that =
they
>> have
>> the right to contribute the commits under the ALv2 section 5.
>>=20
>> However, if a release with infringing material escapes out into the =
wild,
>> having somebody to blame will be cold comfort.  Should the original
>> copyright
>> owner request that we cease distributing the offending release, =
Cordova's
>> users are going to be in a bad situation regardless.
>>=20
>>> New proposal: don't worry about CLAs at release time.
>>=20
>> The key here is that the Cordova PMC needs to be vigilant with every =
pull
>> request from somebody who has not signed a CLA or is otherwise =
well-known
>> to
>> be submitting clean IP.  The Cordova committer who accepts the pull =
request
>> and pushes to the ASF repo is the first line of defense.  However, =
the
>> rest of
>> the PMC is also collectively responsible for reviewing all commits.
>>=20
>> So the question is, how confident are you in the existing review =
process?
>> If
>> it's working as intended, then there's indeed no need to perform an
>> additional
>> audit at release time.  On the other hand if it's porous, then =
building in
>> more checks might be wise.
>>=20
>> Marvin Humphrey
>>=20