Return-Path: 
 <legal-discuss-return-9702-apmail-legal-discuss-archive=apache.org@apache.org>
X-Original-To: apmail-legal-discuss-archive@www.apache.org
Delivered-To: apmail-legal-discuss-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id B7ACD10CD4
	for <apmail-legal-discuss-archive@www.apache.org>;
 Wed, 28 May 2014 16:36:23 +0000 (UTC)
Received: (qmail 58094 invoked by uid 500); 28 May 2014 16:36:23 -0000
Delivered-To: apmail-legal-discuss-archive@apache.org
Received: (qmail 57918 invoked by uid 500); 28 May 2014 16:36:23 -0000
Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:legal-discuss-help@apache.org>
List-Unsubscribe: <mailto:legal-discuss-unsubscribe@apache.org>
List-Post: <mailto:legal-discuss@apache.org>
Reply-To: legal-discuss@apache.org
List-Id: <legal-discuss.apache.org>
Delivered-To: mailing list legal-discuss@apache.org
Received: (qmail 57911 invoked by uid 99); 28 May 2014 16:36:23 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 May 2014 16:36:23 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy includes SPF record at
 spf.trusted-forwarder.org)
Received: from [76.96.30.56] (HELO qmta06.emeryville.ca.mail.comcast.net)
 (76.96.30.56)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 May 2014 16:36:17 +0000
Received: from omta18.emeryville.ca.mail.comcast.net ([76.96.30.74])
	by qmta06.emeryville.ca.mail.comcast.net with comcast
	id 7UBY1o0051bwxycA6Ubt1f; Wed, 28 May 2014 16:35:53 +0000
Received: from [192.168.199.10] ([69.251.80.74])
	by omta18.emeryville.ca.mail.comcast.net with comcast
	id 7Ubr1o0071cCKD98eUbs8y; Wed, 28 May 2014 16:35:53 +0000
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
Subject: Re: Continuous release review
From: Jim Jagielski <jim@jaguNET.com>
In-Reply-To: <CFAB5871.22D96%aharui@adobe.com>
Date: Wed, 28 May 2014 12:35:49 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <30B257D4-E233-47DF-BFFB-FF043F9F6267@jaguNET.com>
References: 
 <CAOFYJNaqACY-JXUesx-V0PnsiCCkfVo_xKdEMO-N5Nt7Y_JTFQ@mail.gmail.com>
 <CFAB5871.22D96%aharui@adobe.com>
To: legal-discuss@apache.org
X-Mailer: Apple Mail (2.1878.2)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net;
	s=q20140121; t=1401294953;
	bh=/oB2WMT5A2P6taTP0M8rfWYE3g5kJXQJqC9o1i2d4/k=;
	h=Received:Received:Content-Type:Mime-Version:Subject:From:Date:
	 Message-Id:To;
	b=sgc4dzTBaHvxEBqYNU60JHc3RLIAU4u3CWsNQq/Ub+1KrGCNrS/OfEzbXDZ5kNZnQ
	 Yl+RdcHMMg5PdFQFAO0BvTKAYlHht4C43oT7QmR2uFq0WvMxqvTuhr3Diu6BhHOnYh
	 eNb1Tos6VBMwc1rAh3HMJ9fIoEsx/EHXDkjb+Q51rT4+2fyryXnxPYNgh5dyD8SvSk
	 ivSTzmMwsKMu9Hho4N7iLedQFn/D7fuwrqwP3fFdeLm2KPccopqGU+9ql9AVU8LntR
	 hqFvZ5RdZIM74bm6lLa3q4XHY5JKAeYXXXJ++ZSkf1RWjVMSrbnrFn0t1eY/nxh3P4
	 sbTZJ4R/w79MA==
X-Virus-Checked: Checked by ClamAV on apache.org

In general, unless there is lazy consensus, 3 +1 votes
are required for code that makes its way into a releasable
artifact.

There is the normal review of code, then there is the
review of a releasable artifact. They are 2 different
things.

On May 28, 2014, at 12:17 PM, Alex Harui <aharui@adobe.com> wrote:

> 
> 
> On 5/28/14 8:32 AM, "Jukka Zitting" <jukka.zitting@gmail.com> wrote:
>> 
>> Thus I question the focus we're putting on the release as the point
>> where all this review is supposed happens. Instead I'd rather see this
>> becoming more of an ongoing task to be done at the level of each
>> commit or push, with the release review more just a final confirmation
>> that such a process has been followed.
> Just wondering, if 3 humans are required to validate the
> headers/LICENSE/NOTICE, does that mean 3 humans are required to review
> each commit/push?  That sounds like more energy than focusing a review on
> the actual package, but I guess that's a reasonable option to me.  I would
> worry about accumulated error and tendency to get loose with the rules
> having to do all of these reviews for highly active code bases.
> 
> I'm all for tooling that tries to summarize and flag interesting changes
> between two tags.  An interesting problem is when code is deleted that had
> licensing implications, like replacing a Category B implementation with a
> Category A.  But it might be possible.
> 
> But yeah, I'm all for automation where we can get it.  I'm just not sure
> we can ever fully automate.  IIRC, the other place were a human is
> required is in the signing of the release artifacts.  That still has to be
> done on that human's computer, right?  It can't be done on a CI server?
> 
> Thanks,
> -Alex
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org