We could both wax hypothetical about the merit of humans and error proneness. My point is whatever is work-in-progress is a daily responsibility and not something to be left for the last minute check by others. Ever. 

On Tue, May 27, 2014 at 2:59 PM, Ross Gardler <rgardler@opendirective.com> wrote:
Brian, you are absolutely correct. However, SVN is not the release and so having reviewed commits is not the same as having reviewed the release. In a well run project where people are reviewing code commits there should be no problem. But people make errors and you would be surprised how often those errors slip through.

Furthermore, since I (as a committer) cannot guarantee that I reviewed every change to every file between release a and release b I cannot, as a PMC member, be certain that the necessary files are present and correct. If I were to vote +1 without having reviewed the release then my vote would be worthless when it comes to demonstrating that our policy has been followed for that release.



On 27 May 2014 10:25, Brian LeRoux <b@brian.io> wrote:
From my perspective this is a daily requirement of a responsible committer. That final check isn't hurting anything but it is not even remotely acceptable for a committer to not be constantly vigilant when landing commits to our source.

On Sun, May 25, 2014 at 11:05 AM, Lawrence Rosen <lrosen@rosenlaw.com> wrote:

Ross Gardler wrote:

> In my mind (and I am not a lawyer so that means almost nothing in these situations) the requirement to have 3 PMC members indicate that, to the best of their knowledge, the release is compliant with the policy is sufficient.


Leaving my lawyer hat off for a bit, it seems so to me too. I'm not worried. I wasn't even worried about that when I served on the board. /Larry


From: Ross Gardler [mailto:rgardler@opendirective.com]
Sent: Saturday, May 24, 2014 8:08 PM
To: legal-discuss@apache.org; Larry Rosen
Subject: Re: Clarification about D&O insurance and bad acts