incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <>
Subject Re: cordova git repos at apache - shadowed at github
Date Sat, 14 Jan 2012 00:44:37 GMT

On Fri, Jan 13, 2012 at 11:00 PM, Filip Maj <> wrote:
> Yeah, add remote locally on your machine, pull in the changes, test it out
> locally. I assume checking CLA stuff is done by hand (as we have done all
> along anyways). Once you have it merged in locally you can easily push it
> up to the git apache repo. Theoretically that then will eventually get
> mirrored back over to (and hopefully auto-close the pull
> request, too).

Right. The pull requests on Github should get automatically closed as
soon as the relevant commits hit the target repository. The only
missing piece is the nice "Merge pull request" button that the Github
UI provides, but with some effort I suppose we should be able to come
up with something similar.

>>Also, is all the author/committer stuff maintained properly in the commit?
>> Are there some commit hooks to ensure the committer is really a
>>and that the author has signed the ICLA?  Guessing we'll have to do the
>>ICLA check by hand.  But it would be nice to know that the info is
>>maintained in the repo.
> Maybe Jukka knows the answer to this?

The authentication when you use your committer account to push stuff
to git-wip-us is tied to the ICLA you submitted, and that link is then
internally associated with all Git commits that you push. From the ASF
perspective that's enough legal audit trail as long as each committer
is trusted to only push changes that they can contribute under the
ICLA. (BTW, the lack of such a reliable commit >ICLA audit link is one
of the key reasons why the ASF can't use Github as the canonical place
for our repositories.)

Normally when dealing with pull requests from contributors, there's no
need for extra checks as section 5 of ALv2 [1] already covers
licensing of intentionally submitted contributions. Thus no extra
checks are needed when someone actively sends us a patch, a pull
request or other contribution clearly intended for inclusion in Apache
Cordova (and it's reasonable to expect that the contributor has the
right to make such a contribution).

The situation is a bit different when size of the contribution is
significant (like an entire new component) or when the author of the
code hasn't intentionally contributed it to us (like the third party
files mentioned in the thread on NOTICE files). For dealing with such
cases see the Incubator and the main Apache web sites (or ask us



Jukka Zitting

View raw message