incubator-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Incubator Wiki] Update of "March2009" by RainerDoebele
Date Tue, 10 Mar 2009 19:20:35 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Incubator Wiki" for change notification.

The following page has been changed by RainerDoebele:
http://wiki.apache.org/incubator/March2009

The comment on the change is:
Empire-db Report added

------------------------------------------------------------------------------
  Top priorities:
   * Review the current diversity in the developer community
  
+ = Empire-db =
+ 
+ This is an out of schedule board report, that the Incubator PMC asked us to provide due
to the following incident:
+ 
+ === The situation ===
+ 
+ A committer “C” of Empire-db had the idea to create and provide an example application
that demonstrates how to use Apache Empire-db together with Apache CXF. Initially he intended
to write the code himself, but then he found himself too busy and never really got around
doing it. So he decided to ask a student S instead to write the code for him using his templates
and ideas. S then wrote the code with a little aid of C and he got paid for it. The work contract
S had with C said that all rights over the code would exclusively belong to C. 
+ 
+ When the coding was finished, C asked S to submit the code using his Apache SVN account.
For that C temporarily logged S in from within Eclipse to SVN on one of C’s computers (Please
note: the login was performed by C the password itself was not given to S). C then also asked
S subscribe and write to the Empire-db-dev mailing list to resolve problems he had with the
Maven project layout. C believed that all actions taken were legitimate and in the best interest
of the project and the ASF.
+ 
+ === The issues ===
+ 
+ When a Mentor of the Empire-db project became aware of this transaction, he raised strong
concerns regarding the following two issues:
+  1. Legal concerns that an ICLA from S would be required for the code that was contributed.
+  2. Security concerns, whether access to the SVN could have been abused by S or the password
for the SVN account for C could have been revealed by S.
+ Furthermore he pointed out, that sharing an account - even temporarily - is not approved
by the community and hence must under no circumstances be repeated.
+ 
+ These concerns were also forwarded to the Incubator private mailing list, where the actions
taken by C also upset many people. There was a clear verdict, that the mentor’s concerns
and disapproval were shared by everyone else.
+ 
+ C was surprised by the reaction of the Incubator PMC and defended himself with the following
arguments:
+  1. Since C is the exclusive legal owner of all rights over the code that was submitted,
only he could contribute it to the ASF anyway. Hence an ICLA for S is from a legal point of
view not required, even though he might be the originator.
+  2. It is very unlikely and there is absolutely no reason to believe that the account has
been abused or compromised by S in any way, since the login was only valid for the actual
Eclipse session. For people of the same company, working in the same LAN, there might be technically
easier ways of compromising an account. Even so he takes full responsibility for everything
that is or was done under his account.
+ 
+ C posted his statements on the Empire-db private mailing list and it is unclear whether
all people interested in this subject had the opportunity to read these arguments. 
+ 
+ The respondents were not all convinced by these arguments and the legal issue still has
not been fully resolved. However, still there is a strong common agreement on the disapproval
of account sharing.
+ 
+ === The resolve ===
+ 
+ C acknowledges and respects the opinion of the community. 
+ As far as the sharing of this account is concerned, he publicly assures not to repeat it
with any of this Apache accounts.
+ 
+ In order to resolve any remaining concerns the following actions were taken by C and S as
requested from the Incubator board:
+  1. S has signed and submitted an ICLA to the ASF.
+  2. C has changed this SVN password
  
  = ESME =
  

---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@incubator.apache.org
For additional commands, e-mail: cvs-help@incubator.apache.org


Mime
View raw message