www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: Clarification about D&O insurance and bad acts
Date Thu, 29 May 2014 11:49:31 GMT
Not sure what you mean by that... One of the aspects
of verifying a release is checking that the bits going out
are, in fact, the expected and correct bits... which sounds
like src verification to me. And is, obviously, appropriate
and necessary.

On May 28, 2014, at 2:47 PM, Brian LeRoux <b@brian.io> wrote:

> Agreed! That said, src verification for releases is not always appropriate or necessary.
(Depending on the project, the people and their unique attributes.)
> 
> On May 28, 2014 1:01 PM, "Jim Jagielski" <jim@jagunet.com> wrote:
> That is true. But doing normal work-in-progress, and the
> oversight thereof, is a different thing than doing a
> release.
> 
> One does not negate the other, nor does it remove the
> need for the other. Saying "we do X oversight for our day
> to day development" does not mean that no oversight is
> needed for a release, simply because it's a different
> kind of oversight for a different kind of activity.
> 
> On May 27, 2014, at 5:22 PM, Brian LeRoux <b@brian.io> wrote:
> 
> > We could both wax hypothetical about the merit of humans and error proneness. My
point is whatever is work-in-progress is a daily responsibility and not something to be left
for the last minute check by others. Ever.
> >
> >
> > On Tue, May 27, 2014 at 2:59 PM, Ross Gardler <rgardler@opendirective.com>
wrote:
> > Brian, you are absolutely correct. However, SVN is not the release and so having
reviewed commits is not the same as having reviewed the release. In a well run project where
people are reviewing code commits there should be no problem. But people make errors and you
would be surprised how often those errors slip through.
> >
> > Furthermore, since I (as a committer) cannot guarantee that I reviewed every change
to every file between release a and release b I cannot, as a PMC member, be certain that the
necessary files are present and correct. If I were to vote +1 without having reviewed the
release then my vote would be worthless when it comes to demonstrating that our policy has
been followed for that release.
> >
> > Ross
> >
> >
> >
> >
> >
> >
> > On 27 May 2014 10:25, Brian LeRoux <b@brian.io> wrote:
> > From my perspective this is a daily requirement of a responsible committer. That
final check isn't hurting anything but it is not even remotely acceptable for a committer
to not be constantly vigilant when landing commits to our source.
> >
> >
> > On Sun, May 25, 2014 at 11:05 AM, Lawrence Rosen <lrosen@rosenlaw.com> wrote:
> > Ross Gardler wrote:
> >
> > > In my mind (and I am not a lawyer so that means almost nothing in these situations)
the requirement to have 3 PMC members indicate that, to the best of their knowledge, the release
is compliant with the policy is sufficient.
> >
> >
> >
> > Leaving my lawyer hat off for a bit, it seems so to me too. I'm not worried. I wasn't
even worried about that when I served on the board. /Larry
> >
> >
> >
> > From: Ross Gardler [mailto:rgardler@opendirective.com]
> > Sent: Saturday, May 24, 2014 8:08 PM
> > To: legal-discuss@apache.org; Larry Rosen
> > Subject: Re: Clarification about D&O insurance and bad acts
> >
> > <snip>
> >
> >
> >
> >
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message