www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chip Childers <chipchild...@apache.org>
Subject Re: Continuous release review
Date Fri, 30 May 2014 14:08:23 GMT
On Fri, May 30, 2014 at 02:52:49PM +0100, Stephen Connolly wrote:
> Well I have not seen anyone address my specific point with regard to
> separating the concerns w.r.t. voting.
> 
> We vote on releases for legal and social reasons.

+1

> 
> The legal reasons mandate that we need to download the archive and verify
> that it is something we can legally ship. There are a set of criteria with
> regards to shipping. Some of these criteria are things like:
> 
> * Does it include the LICENSE an NOTICE files
> * All the source code of the project must be covered by the Apache License,
> version 2.0.
> * The license must be included in each source file.
> * Has the code been contributed by an individual covered by an appropriate
> contributor license agreement, or have otherwise been licensed to the
> Foundation and passed through IP clearance.
> * Are bundled 3rd party dependencies compatible with the Apache License,
> version 2.0.

I agree that, IMO, the items above are the areas best indicated as MUST
in any policy.

> 
> The social reasons pressure us to download the archive and check that it
> builds and check that any included tests pass and check some relevant smoke
> tests.
> 

Also agreed, and I believe this is where the 72 hours (as a SHOULD)
comes into play.

> From my PoV - as a PMC chair [1] - the legal requirements are what matter
> to most to me, as I am responsible for compliance with the legal
> requirements...
> 
> The social requirements are something that can and should be easily
> replaced by a CI system.

That depends on the project actually, but I'd agree that it shouldn't be
mandated in foundation-wide policy (outside of the minimum required to
describe best practices that learn from the past history of community
building).

> 
> The final question is then how thorough do we have to be in
> 
> [1]: http://www.apache.org/dev/release-publishing.html says
>     The PMC in general, and the PMC chair in particular (as an officer of
> the Foundation) is responsible for compliance with requirements.

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message