www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Clarified Release Policy
Date Tue, 27 May 2014 14:37:41 GMT
On 27 May 2014 03:33, Marvin Humphrey <marvin@rectangular.com> wrote:
> On Sat, May 24, 2014 at 12:21 AM, Ross Gardler
> <rgardler@opendirective.com> wrote:
>> For me the most important part of voting +1 is that the individual is
>> asserting that they have reviewed the source for compliance with ASF
>> policies. You have this in the last sentence as "verifying that the package
>> meets the requirements of the ASF policy on releases". However, it almost
>> feels like an afterthought rather than the most important part. I would move
>> this to the front of the paragraph and possibly even add "including, but not
>> limited to, verifying license files, notice file, ... as described below."
>
> I agree that this suggestion improves the policy draft and IMO reordering does
> not constitute a policy change.  Here is a proposed mod:
>
> https://github.com/rectang/asfrelease/commit/6ad23f6909ccbe71080e4b6c36c5552f863e829f
>
>     Before casting +1 binding votes, individuals are REQUIRED to download all
>     signed source code packages onto their own hardware, verify that they meet
>     all requirements of ASF policy on releases as described below, validate
>     all cryptographic signatures, compile as provided, and test the result on
>     their own platform.

I disagree that testing is necessary to vote +1.
What is vital is that the source files have the appropriate license
and follow the ASF policy requirements to ensure the ASF has the right
to publish the files under the ALv2. If the release turns out to have
some bugs (what software doesn't?) then another release can be made.
But it is harder to undo a release of code that should not have been
published.

If testing really is considered necessary, then testers should be
required to provide details of the platform used.

>> I would even consider making the part about meeting the requirements of the
>> ASF policy a MUST and the other items a SHOULD.
>
> In the section under consideration, I have upcased the word "required" (which
> is present in the existing policy).  There is a "SHOULD" in a section on
> performing a licensing audit before each release; that one I've left intact.
>
> Marvin Humphrey
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message