www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ross Gardler <rgard...@opendirective.com>
Subject Re: Clarified Release Policy
Date Tue, 27 May 2014 14:58:42 GMT
Good catch Sebb. As I said in my original post, I believe it is MUST for
policy conformance a ND optional for other items (test, build etc. these
items can be automated).


On Tue, May 27, 2014 at 7:37 AM, sebb <sebbaz@gmail.com> wrote:

On 27 May 2014 03:33, Marvin Humphrey <marvin@rectangular.com <javascript:;>>
wrote:
> On Sat, May 24, 2014 at 12:21 AM, Ross Gardler
> <rgardler@opendirective.com <javascript:;>> wrote:
>> For me the most important part of voting +1 is that the individual is
>> asserting that they have reviewed the source for compliance with ASF
>> policies. You have this in the last sentence as "verifying that the
package
>> meets the requirements of the ASF policy on releases". However, it almost
>> feels like an afterthought rather than the most important part. I would
move
>> this to the front of the paragraph and possibly even add "including, but
not
>> limited to, verifying license files, notice file, ... as described
below."
>
> I agree that this suggestion improves the policy draft and IMO reordering
does
> not constitute a policy change.  Here is a proposed mod:
>
>
https://github.com/rectang/asfrelease/commit/6ad23f6909ccbe71080e4b6c36c5552f863e829f
>
>     Before casting +1 binding votes, individuals are REQUIRED to download
all
>     signed source code packages onto their own hardware, verify that they
meet
>     all requirements of ASF policy on releases as described below,
validate
>     all cryptographic signatures, compile as provided, and test the
result on
>     their own platform.

I disagree that testing is necessary to vote +1.
What is vital is that the source files have the appropriate license
and follow the ASF policy requirements to ensure the ASF has the right
to publish the files under the ALv2. If the release turns out to have
some bugs (what software doesn't?) then another release can be made.
But it is harder to undo a release of code that should not have been
published.

If testing really is considered necessary, then testers should be
required to provide details of the platform used.

>> I would even consider making the part about meeting the requirements of
the
>> ASF policy a MUST and the other items a SHOULD.
>
> In the section under consideration, I have upcased the word "required"
(which
> is present in the existing policy).  There is a "SHOULD" in a section on
> performing a licensing audit before each release; that one I've left
intact.
>
> Marvin Humphrey
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org<javascript:;>
> For additional commands, e-mail: legal-discuss-help@apache.org<javascript:;>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org <javascript:;>
For additional commands, e-mail: legal-discuss-help@apache.org<javascript:;>



-- 
Sent from MetroMail

Mime
View raw message