www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian LeRoux...@brian.io>
Subject Re: Clarification about D&O insurance and bad acts
Date Thu, 29 May 2014 16:31:57 GMT
Quoting Larry, "..as long as individual PMC members comply in good faith
with an approved ASF release policy, it shouldn't matter much what policy
we finally approve "

The reason we vote is to ensure compliance with our src legal requirements.
The rational I question as an unnecessary redundancy given this is our
daily responsibility for every commit we land. I deeply respect the history
here. Do not confuse that. Ultimately I'm really, truly, striving to help
the ASF streamline our ultimate premise: shipping software.
On May 29, 2014 11:29 AM, "Jim Jagielski" <jim@jagunet.com> wrote:

> Sure it is helpful. We have learned from them, and they
> have learned from us. However, the very fact that they
> do something different isn't sufficient for us to change
> a policy that we've had since before 1999... especially
> if the reason and rationale behind the policy has not
> changed at all.
>
> On May 29, 2014, at 11:18 AM, Brian LeRoux <b@brian.io> wrote:
>
> > It can be helpful to learn from contemporaries. I've found our dialogue
> instructive, for another direct example, and do not begrudge it. Willful
> ignorance of our colleagues here and elsewhere is not at all in the spirit
> of ASF aims. At least, I hope so!
> >
> > On May 29, 2014 10:48 AM, "Jim Jagielski" <jim@jagunet.com> wrote:
> > Who cares how *they* do it? This is *our* policy.
> > Certainly you understand that, right? And we've gone out
> > of our way to explain the reason and rationale behind it.
> > But simply because others don't do it is hardly a reason
> > for us to change what we do, or how we do it, in and
> > of itself.
> >
> > I believe that the moon landing actually happened. I can point
> > to people who are direct contrasts to that belief. Does that
> > mean that I should change my mind? The existence of direct
> > contrasts is moot.
> >
> > On May 29, 2014, at 10:35 AM, Brian LeRoux <b@brian.io> wrote:
> >
> > > No need to construct vapid analogies when direct contrasts exist.
> > >
> > > - fsf
> > > - software freedom conservancy
> > > - mozilla
> > >
> > > Etc.
> > >
> > > On May 29, 2014 8:15 AM, "Mark Struberg" <struberg@yahoo.de> wrote:
> > > +1
> > >
> > > Think about it like a QA department of a production line in a company
> building children toys.
> > >
> > > Of course all employees take care to not introduce a failure which
> might harm children. But even then it _might_ happen.
> > >
> > > Now what would happen if such a failure really appears? They would sue
> the hell out of this company...
> > >
> > > By having a QA department which does an independent check if all is
> fine over and over again this risk might get reduced. And even if a failure
> still slips through it will help the company to not get hit too hard at
> least.
> > >
> > > LieGrue,
> > > strub
> > >
> > > --------------------------------------------
> > > On Thu, 29/5/14, Jim Jagielski <jim@jaguNET.com> wrote:
> > >
> > >  Subject: Re: Clarification about D&O insurance and bad acts
> > >  To: legal-discuss@apache.org
> > >  Date: Thursday, 29 May, 2014, 13:49
> > >
> > >  Not sure what you mean by
> > >  that... One of the aspects
> > >  of verifying a
> > >  release is checking that the bits going out
> > >  are, in fact, the expected and correct bits...
> > >  which sounds
> > >  like src verification to me.
> > >  And is, obviously, appropriate
> > >  and
> > >  necessary.
> > >
> > >  On May 28, 2014,
> > >  at 2:47 PM, Brian LeRoux <b@brian.io> wrote:
> > >
> > >  > Agreed! That said, src
> > >  verification for releases is not always appropriate or
> > >  necessary. (Depending on the project, the people and their
> > >  unique attributes.)
> > >  >
> > >  > On May 28, 2014 1:01 PM, "Jim
> > >  Jagielski" <jim@jagunet.com>
> > >  wrote:
> > >  > That is true. But doing normal
> > >  work-in-progress, and the
> > >  > oversight
> > >  thereof, is a different thing than doing a
> > >  > release.
> > >  >
> > >  > One does not negate the other, nor does it
> > >  remove the
> > >  > need for the other. Saying
> > >  "we do X oversight for our day
> > >  > to
> > >  day development" does not mean that no oversight is
> > >  > needed for a release, simply because
> > >  it's a different
> > >  > kind of oversight
> > >  for a different kind of activity.
> > >  >
> > >  > On May 27, 2014, at 5:22 PM, Brian LeRoux
> > >  <b@brian.io> wrote:
> > >  >
> > >  > > We could both
> > >  wax hypothetical about the merit of humans and error
> > >  proneness. My point is whatever is work-in-progress is a
> > >  daily responsibility and not something to be left for the
> > >  last minute check by others. Ever.
> > >  >
> > >  >
> > >  > >
> > >  > > On
> > >  Tue, May 27, 2014 at 2:59 PM, Ross Gardler <
> rgardler@opendirective.com>
> > >  wrote:
> > >  > > Brian, you are absolutely
> > >  correct. However, SVN is not the release and so having
> > >  reviewed commits is not the same as having reviewed the
> > >  release. In a well run project where people are reviewing
> > >  code commits there should be no problem. But people make
> > >  errors and you would be surprised how often those errors
> > >  slip through.
> > >  > >
> > >  >
> > >  > Furthermore, since I (as a committer) cannot guarantee
> > >  that I reviewed every change to every file between release a
> > >  and release b I cannot, as a PMC member, be certain that the
> > >  necessary files are present and correct. If I were to vote
> > >  +1 without having reviewed the release then my vote would be
> > >  worthless when it comes to demonstrating that our policy has
> > >  been followed for that release.
> > >  > >
> > >  > > Ross
> > >  > >
> > >  > >
> > >  > >
> > >  > >
> > >  > >
> > >  > >
> > >  > > On 27 May
> > >  2014 10:25, Brian LeRoux <b@brian.io> wrote:
> > >  > > From my perspective this is a daily
> > >  requirement of a responsible committer. That final check
> > >  isn't hurting anything but it is not even remotely
> > >  acceptable for a committer to not be constantly vigilant
> > >  when landing commits to our source.
> > >  >
> > >  >
> > >  > >
> > >  > > On
> > >  Sun, May 25, 2014 at 11:05 AM, Lawrence Rosen <lrosen@rosenlaw.com>
> > >  wrote:
> > >  > > Ross Gardler wrote:
> > >  > >
> > >  > > > In my
> > >  mind (and I am not a lawyer so that means almost nothing in
> > >  these situations) the requirement to have 3 PMC members
> > >  indicate that, to the best of their knowledge, the release
> > >  is compliant with the policy is sufficient.
> > >  > >
> > >  > >
> > >  > >
> > >  > > Leaving my
> > >  lawyer hat off for a bit, it seems so to me too. I'm not
> > >  worried. I wasn't even worried about that when I served
> > >  on the board. /Larry
> > >  > >
> > >  > >
> > >  > >
> > >  > > From: Ross Gardler [mailto:rgardler@opendirective.com]
> > >  > > Sent: Saturday, May 24, 2014 8:08
> > >  PM
> > >  > > To: legal-discuss@apache.org;
> > >  Larry Rosen
> > >  > > Subject: Re:
> > >  Clarification about D&O insurance and bad acts
> > >  > >
> > >  > >
> > >  <snip>
> > >  > >
> > >  >
> > >  >
> > >  > >
> > >  > >
> > >  > >
> > >  > >
> > >  >
> > >  >
> > >  >
> > >  ---------------------------------------------------------------------
> > >  > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> > >  > For additional commands, e-mail: legal-discuss-help@apache.org
> > >  >
> > >
> > >
> > >
> > >  ---------------------------------------------------------------------
> > >  To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> > >  For additional commands, e-mail: legal-discuss-help@apache.org
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> > > For additional commands, e-mail: legal-discuss-help@apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> > For additional commands, e-mail: legal-discuss-help@apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>

Mime
View raw message