www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: Continuous release review
Date Wed, 28 May 2014 16:17:50 GMT


On 5/28/14 8:32 AM, "Jukka Zitting" <jukka.zitting@gmail.com> wrote:
>
>Thus I question the focus we're putting on the release as the point
>where all this review is supposed happens. Instead I'd rather see this
>becoming more of an ongoing task to be done at the level of each
>commit or push, with the release review more just a final confirmation
>that such a process has been followed.
Just wondering, if 3 humans are required to validate the
headers/LICENSE/NOTICE, does that mean 3 humans are required to review
each commit/push?  That sounds like more energy than focusing a review on
the actual package, but I guess that's a reasonable option to me.  I would
worry about accumulated error and tendency to get loose with the rules
having to do all of these reviews for highly active code bases.

I'm all for tooling that tries to summarize and flag interesting changes
between two tags.  An interesting problem is when code is deleted that had
licensing implications, like replacing a Category B implementation with a
Category A.  But it might be possible.

But yeah, I'm all for automation where we can get it.  I'm just not sure
we can ever fully automate.  IIRC, the other place were a human is
required is in the signing of the release artifacts.  That still has to be
done on that human's computer, right?  It can't be done on a CI server?

Thanks,
-Alex



---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message