www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: Continuous release review
Date Wed, 28 May 2014 18:04:30 GMT
On Wed, May 28, 2014 at 8:32 AM, Jukka Zitting <jukka.zitting@gmail.com> wrote:
> I hope to avoid conflicting too
> much with Marvin and others in the effort to clarify existing release
> policy; as he pointed out, this should be considered a separate
> discussion.

Should there be any change to the existing policy page before the recast
policy makes it through the gauntlet, I will happily update the draft as

In the meantime, I am pleased that the proposal seems to have had the side
effect of catalyzing support for long-overdue policy reforms around CI.
If those actually come through, it will have been worth annoying Jukka. ;)

>     Before casting +1 binding votes, individuals are REQUIRED to
>     a) download all signed source code packages onto their own hardware,
>     b) verify that they meet all requirements of ASF policy on
>        releases as described below,
>     c) validate all cryptographic signatures,
>     d) compile as provided, and
>     e) test the result on their own platform.
> Steps a, c, d and e are all things that would arguably be better and
> more reliably done by a CI server.

As mentioned elsewhere: +1

Personally, I think we should be going further and exploring the legal
implications of disposable build servers -- do they reduce the liability risk
of org-sanctioned binaries to an acceptable level?

Marvin Humphrey

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message