www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ross Gardler <rgard...@opendirective.com>
Subject Re: Clarification about D&O insurance and bad acts
Date Sun, 25 May 2014 03:07:31 GMT
So how do we demonstrate that 'individual PMC members comply in good faith
with an *approved* ASF release policy"?

In my mind (and I am not a lawyer so that means almost nothing in these
situations) the requirement to have 3 PMC members indicate that, to the
best of their knowledge, the release is compliant with the policy is
sufficient.

Personally, I cannot be certain I have reviewed every single commit between
release X and release Y and therefore I will never vote +1 on a release
unless I have spent the time reviewing the license, upstream license
compatibility, NOTICE file etc. By voting +1 I am saying that I have done a
review against our agreed policy and thus believe it is a valid release.

If I were ever pulled up in court I'd probably point to this mail (and many
others I have posted like it over the years, including at least one of my
board nomination statements) and claim it demonstrates a good faith effort
to be in compliance with the policy. I'd hope that the evidence of myself
and other mentors communicating this to podlings (and the board to TLPs)
would further demonstrate good faith efforts.

For me this is why a +1 is more than the tick box many people think it is.

Ross








On 24 May 2014 12:08, Lawrence Rosen <lrosen@rosenlaw.com> wrote:

> [This is an aside for the "ASF Release Policy" discussion.]
>
>
>
> I wrote this earlier:
>
> > I can assure you that there are things that individuals *could do* here
> that would get them in trouble. :-)
>
>
>
> One of the first plaintiffs I ever represented was a welfare recipient who
> was sexually abused by her county social worker. Although this was
> obviously outside the scope of his official responsibilities, the defendant
> county was forced to pay for legal counsel to protect itself from civil
> damages. That California county was self-insured; ASF buys D&O insurance
> for similar reasons.
>
>
>
> A few years ago there was discussion on various FOSS lists about how women
> are sometimes harassed at technical conferences. That is an example of a
> bad act that can force ASF to defend its own official anti-harassment
> policies using its D&O insurance (assuming that such alleged bad acts are
> covered by the specific insurance policy), but the bad actor himself has
> his own individual legal problems too! That is why ASF directors and
> officers are encouraged to behave themselves at our conferences, for their
> own sake and for the sake of our insurance deductible!
>
>
>
> You obviously are more concerned here about what ASF projects do with
> their software, and our "Release Policy" (as revised) has had a long thread
> here. But as long as individual PMC members comply in good faith with an
> *approved* ASF release policy, it shouldn't matter much what policy we
> finally approve. Courts don't usually fault non-profits for developing
> their own rational policies, and we have D&O insurance to protect us - and
> our directors and officers doing their official acts - if we follow a
> rational release policy.
>
>
>
> This is a long and partly rambling message to suggest that the discussion
> about the ASF Release Policy isn't really a *legal* issue at all and
> probably doesn't belong on this list. Define a rational policy and the law
> won't interfere.
>
>
>
> /Larry
>
>
>
> Lawrence Rosen
>
> Rosenlaw & Einschlag (www.rosenlaw.com)
>
> 3001 King Ranch Road, Ukiah, CA 95482
>
> Cell: 707-478-8932   eFax: 707-485-1243
>
>
>
> *From:* Lawrence Rosen [mailto:lrosen@rosenlaw.com]
> *Sent:* Saturday, May 24, 2014 11:10 AM
> *To:* legal-discuss@apache.org
> *Cc:* Lawrence Rosen
> *Subject:* RE: Release Policy
>
>
>
> 'Twas written on this list:
>
> > "But the point already got covered and answered dozens of times imo.
> The answer is that the ALv2 protects the foundation and also the release
> manager already for all bona fides cases. End of story."
>
> Is the above statement incorrect also?
>
> The above statement is only part of the story. ASF has a fully-functioning
> board of directors and complies (AFAIK) with all relevant laws. ASF obtains
> D&O insurance to protect itself and its directors and officers from many
> kinds of liability for negligence and to provide legal representation if
> necessary. That is enough to encourage us to proceed with our activities
> without worrying about random lawsuits.
>
>
>
> "Bona fide cases" is not useful terminology in this context. I can assure
> you that there are things that individuals *could do* here that would get
> them in trouble. :-) If there is something specific you are worried about,
> speak up.
>
>
>
> /Larry
>
>
>
> Lawrence Rosen
>
> Rosenlaw & Einschlag (www.rosenlaw.com)
>
> 3001 King Ranch Road, Ukiah, CA 95482
>
> Cell: 707-478-8932   Fax: 707-485-1243
>
>
>
> *From:* Dave Fisher [mailto:dave2wave@comcast.net <dave2wave@comcast.net>]
>
> *Sent:* Saturday, May 24, 2014 10:41 AM
> *To:* legal-discuss@apache.org
> *Subject:* Re: Release Policy
>
>
>
>
>
> On May 23, 2014, at 1:51 PM, Brian LeRoux wrote:
>
>
>
> Ok, so end user software needs a vote to be a release and all projects are
> doing this without exception. If they are that is bad. Got it.
>
> Earlier:
>
> "But the point already got covered and answered dozens of times imo. The
> answer is that the ALv2 protects the foundation and also the release
> manager already for all bona fides cases. End of story."
>
> Is the above statement incorrect also?
>
>
>
> On Fri, May 23, 2014 at 3:19 PM, Mark Thomas <markt@apache.org> wrote:
>
> On 23/05/2014 21:04, Joe Bowser wrote:
> > On Fri, May 23, 2014 at 12:46 PM, Andrea Pescetti <pescetti@apache.org>
> wrote:
> >> On 23/05/2014 Brian LeRoux wrote:
> >>>
> >>> Furthermore some projects such as OpenOffice mentioned
> >>> earlier do not follow the policy.
> >>
> >>
> >> OpenOffice does follow the policy. The only "special" thing OpenOffice
> did
> >> is to advertise development snapshots towards version 4.1 (these are NOT
> >> releases! we conduct formal votes on ALL releases, including beta
> releases!)
> >> outside the dev mailing list since we have a dedicated QA mailing lists
> and
> >> a testers community that does not coincide with our developers. And
> this was
> >> discussed in advance with both the board and the infrastructure lists.
> >>
> >
> > So, a snapshot is not a release?
>
> A snapshot is a release if only if it has been voted on as such by the
> PMC. It would also have to be tagged as part of the release which to my
> mind means it isn't really a snapshot. However the label that is
> attached to the release (RC, beta, stable, snapshot, etc.) is
> irrelevant. What matters is did the PMC vote on it. It the PMC voted
> (and assuming the rest of the release policy was followed) and the vote
> passed, it is a release. If that didn't happen then it isn't a release.
>
>
>
> > The problem is that there is one rule
> > for certain projects that have the board's favour and another for
> > projects that the board chooses to pick on for unknown reasons.
>
> Please provide some evidence to back up that assertion. I have been
> following a reasonable proportion if the discussion around Cordova and
> releases and, while I have seen plenty of evidence that the Cordova
> community doesn't like the constraints imposed by the ASF release
> policy, I have seen no evidence of the board doing anything other than
> requiring Cordova to follow the same release policy every other ASF
> project is expected to follow.
>
> If you are aware of any other ASF project not following the ASF release
> policy then please make the board aware. The board does not actively
> monitor the day to day activities of every project. If there are
> problems they rely on the VP to make them aware via the quarterly
> reports and if that route fails they rely on others in and around the
> project to bring the problem to their attention.
>
>
> > Why isn't a snapshot build a release?
>
> Short answer - because the PMC didn't vote. Long answer - see above.
>
> In this particular case this was not an OpenOffice release because it
> was not advertised to the end-user community for that software. It is
> perfectly within the intent of the current policy to include members of
> dedicated QA and test lists in the same category as members of the dev
> list. It is to the credit of the OpenOffice community that they went as
> far as checking that their understanding of the policy was correct
> before they did anything.
>
>
>
> The snapshots are very carefully fenced as a developer / qa resource in
> order to assure that when a release was made it would be of the highest
> quality.
>
>
>
> The PMC waited for complete consensus on the process and that took time -
> a number of weeks.
>
>
>
> Andrea did a very careful job communicating well within the ASF.
>
>
>
>
> What would not be acceptable would be for OpenOffice to start
> advertising snapshots to their end-user community unless votes had taken
> place and those snapshots had been formally released.
>
>
>
> Exactly.
>
>
>
> Regards,
>
> Dave
>
>
>
>
> Mark
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>
>
>
>

Mime
View raw message