www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Vesse <rve...@dotnetrdf.org>
Subject Re: Continuous release review
Date Thu, 29 May 2014 08:32:34 GMT
On 28/05/2014 19:10, "Alex Harui" <aharui@adobe.com> wrote:

>3 +1 votes: It is my understanding that we want humans to review the
>license/notice/headers in the artifacts because it is like proof-reading.
>A single person can still miss something and thus 3 reviewers is the
>current tolerance of human error allowed.  If that is the true rationale
>for 3 votes, then the next question will be: could any amount of
>automation reduce that need?  For example, it is my understanding that
>there are 'plagiarism' servers on the web where students upload papers and
>the their work is scored against whether they copied it from somewhere or
>actually wrote it themselves.  If Apache were to create a similar service
>that scoured the web for each commit and help determine its provenance,
>would that reduce the need for 3 human reviewers down to 2 or 1 or 0?

No I personally don't believe it can ever significantly reduce the need
for human reviewers.  As I've discussed in the past when this was raised
on the Incubator general list in the context of using Black Duck software
(http://s.apache.org/4GQ) while such tools do exist the suggestion that
they save work is something of a fallacy since the false positive rate of
these tools is frustratingly high.

Usually such tools require users to then go through the matches identified
and individually agree/disagree with each potential incident of plagiarism
and where you disagree and some justification.  And of course if you agree
with the match then you have to go take the relevant remedial action to
remove the offending code/update LICENSE & NOTICE etc.  If anything such
tools can often generate more work rather than less work.

And of course such tools only flag genuine plagiarism if the code being
examined has corresponding code/code signatures in the database of the
plagiarism checker.  So this does not protect us from things like
contributors copying and pasting code from private repositories that they
may have access to in the course of their work but do not have the rights
to contribute.

Automation may help to some extent but I worry that automating too much
gives people a false sense of security about the quality of reviews that
have occurred


>>To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>For additional commands, e-mail: legal-discuss-help@apache.org
>To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>For additional commands, e-mail: legal-discuss-help@apache.org

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message