www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian LeRoux...@brian.io>
Subject Re: Clarification about D&O insurance and bad acts
Date Wed, 28 May 2014 18:47:12 GMT
Agreed! That said, src verification for releases is not always appropriate
or necessary. (Depending on the project, the people and their unique
attributes.)
On May 28, 2014 1:01 PM, "Jim Jagielski" <jim@jagunet.com> wrote:

> That is true. But doing normal work-in-progress, and the
> oversight thereof, is a different thing than doing a
> release.
>
> One does not negate the other, nor does it remove the
> need for the other. Saying "we do X oversight for our day
> to day development" does not mean that no oversight is
> needed for a release, simply because it's a different
> kind of oversight for a different kind of activity.
>
> On May 27, 2014, at 5:22 PM, Brian LeRoux <b@brian.io> wrote:
>
> > We could both wax hypothetical about the merit of humans and error
> proneness. My point is whatever is work-in-progress is a daily
> responsibility and not something to be left for the last minute check by
> others. Ever.
> >
> >
> > On Tue, May 27, 2014 at 2:59 PM, Ross Gardler <
> rgardler@opendirective.com> wrote:
> > Brian, you are absolutely correct. However, SVN is not the release and
> so having reviewed commits is not the same as having reviewed the release.
> In a well run project where people are reviewing code commits there should
> be no problem. But people make errors and you would be surprised how often
> those errors slip through.
> >
> > Furthermore, since I (as a committer) cannot guarantee that I reviewed
> every change to every file between release a and release b I cannot, as a
> PMC member, be certain that the necessary files are present and correct. If
> I were to vote +1 without having reviewed the release then my vote would be
> worthless when it comes to demonstrating that our policy has been followed
> for that release.
> >
> > Ross
> >
> >
> >
> >
> >
> >
> > On 27 May 2014 10:25, Brian LeRoux <b@brian.io> wrote:
> > From my perspective this is a daily requirement of a responsible
> committer. That final check isn't hurting anything but it is not even
> remotely acceptable for a committer to not be constantly vigilant when
> landing commits to our source.
> >
> >
> > On Sun, May 25, 2014 at 11:05 AM, Lawrence Rosen <lrosen@rosenlaw.com>
> wrote:
> > Ross Gardler wrote:
> >
> > > In my mind (and I am not a lawyer so that means almost nothing in
> these situations) the requirement to have 3 PMC members indicate that, to
> the best of their knowledge, the release is compliant with the policy is
> sufficient.
> >
> >
> >
> > Leaving my lawyer hat off for a bit, it seems so to me too. I'm not
> worried. I wasn't even worried about that when I served on the board. /Larry
> >
> >
> >
> > From: Ross Gardler [mailto:rgardler@opendirective.com]
> > Sent: Saturday, May 24, 2014 8:08 PM
> > To: legal-discuss@apache.org; Larry Rosen
> > Subject: Re: Clarification about D&O insurance and bad acts
> >
> > <snip>
> >
> >
> >
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>

Mime
View raw message