Return-Path: X-Original-To: apmail-legal-discuss-archive@www.apache.org Delivered-To: apmail-legal-discuss-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A79AB10B0C for ; Tue, 27 May 2014 20:00:34 +0000 (UTC) Received: (qmail 62725 invoked by uid 500); 27 May 2014 20:00:34 -0000 Delivered-To: apmail-legal-discuss-archive@apache.org Received: (qmail 62561 invoked by uid 500); 27 May 2014 20:00:34 -0000 Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: Reply-To: legal-discuss@apache.org List-Id: Delivered-To: mailing list legal-discuss@apache.org Received: (qmail 62523 invoked by uid 99); 27 May 2014 20:00:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 May 2014 20:00:34 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of rgardler@opendirective.com designates 209.85.215.47 as permitted sender) Received: from [209.85.215.47] (HELO mail-la0-f47.google.com) (209.85.215.47) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 May 2014 20:00:30 +0000 Received: by mail-la0-f47.google.com with SMTP id pn19so6827379lab.34 for ; Tue, 27 May 2014 13:00:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=opendirective.com; s=opendirective; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=c1khINUffJOiC96NQTLhFp3meQvjtXMmk1aygTLotLI=; b=QOCaFZ3MdsLSPd1jp/DMgP/SNbtS/4i6uMuDvT6QKp1VNS6GDiLIbqCkLOnLutYezj YayrEIaLq/+wN2kc1EJVXF77tIb5PLZJFDLoHUAub/255O8ZnvAewKT3qniDeyqumZrD Zh/V/dj/FE3gNSO3nM6m0RZHk1DlfgaNtebF0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=c1khINUffJOiC96NQTLhFp3meQvjtXMmk1aygTLotLI=; b=Gz/8hrcXFnfAOFnO1K0LG8tEphSguS9NBW/au2Stg+AObqmrLJDNSLI1uQMBX0LBrT Bu4ROHq9gT/zBUQixowCR7eVzLU7Ogb7tjGmXuDnSi9Y4wpy+4nQh8H6AHsA79GniHAI yaInCucrGJuvlvn8ActxXxS7PF1RgY8mRMLboBhwmCjw5/FLMnpIj5hDtEmcF4Mp/mKV gRZV6kBki2qOghMs2RP4M8l/rE+4SZs/BbxQGFdHmQLtk3MX2N+CF0wYaI1kZEbtmZSl FSVT9sAEj9PKe57EuHfHwzxCs7PZR7zfhX02FSwU/RB7TkPdxlaeF7HkTlShgyTEesFT p+5w== X-Gm-Message-State: ALoCoQkAoViMn6sa4IAySc9LWDUY1w5nRtk+KcA29RQ25K7WI9SNwzddweVl7eNuPKQcsgPwMydl X-Received: by 10.152.27.134 with SMTP id t6mr26071365lag.41.1401220808874; Tue, 27 May 2014 13:00:08 -0700 (PDT) MIME-Version: 1.0 Received: by 10.112.172.134 with HTTP; Tue, 27 May 2014 12:59:28 -0700 (PDT) X-Originating-IP: [2001:4898:80e0:ee43::3] In-Reply-To: References: <074b01cf7783$99630be0$cc2923a0$@rosenlaw.com> <089e01cf7833$289eba70$79dc2f50$@rosenlaw.com> From: Ross Gardler Date: Tue, 27 May 2014 12:59:28 -0700 Message-ID: Subject: Re: Clarification about D&O insurance and bad acts To: "legal-discuss@apache.org" Content-Type: multipart/alternative; boundary=089e0160bf6890af4104fa672413 X-Virus-Checked: Checked by ClamAV on apache.org --089e0160bf6890af4104fa672413 Content-Type: text/plain; charset=ISO-8859-1 Brian, you are absolutely correct. However, SVN is not the release and so having reviewed commits is not the same as having reviewed the release. In a well run project where people are reviewing code commits there should be no problem. But people make errors and you would be surprised how often those errors slip through. Furthermore, since I (as a committer) cannot guarantee that I reviewed every change to every file between release a and release b I cannot, as a PMC member, be certain that the necessary files are present and correct. If I were to vote +1 without having reviewed the release then my vote would be worthless when it comes to demonstrating that our policy has been followed for that release. Ross On 27 May 2014 10:25, Brian LeRoux wrote: > From my perspective this is a daily requirement of a responsible > committer. That final check isn't hurting anything but it is not even > remotely acceptable for a committer to not be constantly vigilant when > landing commits to our source. > > > On Sun, May 25, 2014 at 11:05 AM, Lawrence Rosen wrote: > >> Ross Gardler wrote: >> >> > In my mind (and I am not a lawyer so that means almost nothing in >> these situations) the requirement to have 3 PMC members indicate that, to >> the best of their knowledge, the release is compliant with the policy is >> sufficient. >> >> >> >> Leaving my lawyer hat off for a bit, it seems so to me too. I'm not >> worried. I wasn't even worried about that when I served on the board. /Larry >> >> >> >> *From:* Ross Gardler [mailto:rgardler@opendirective.com] >> *Sent:* Saturday, May 24, 2014 8:08 PM >> *To:* legal-discuss@apache.org; Larry Rosen >> *Subject:* Re: Clarification about D&O insurance and bad acts >> >> >> >> >> > > --089e0160bf6890af4104fa672413 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Brian, you are absolutely correct. However, SVN is no= t the release and so having reviewed commits is not the same as having revi= ewed the release. In a well run project where people are reviewing code com= mits there should be no problem. But people make errors and you would be su= rprised how often those errors slip through.

Furthermore, since I (as a committer) cannot guarantee = that I reviewed every change to every file between release a and release b = I cannot, as a PMC member, be certain that the necessary files are present = and correct. If I were to vote +1 without having reviewed the release then = my vote would be worthless when it comes to demonstrating that our policy h= as been followed for that release.

Ross
=

=A0
=A0
=A0


On 27 May 2014 10:25, Brian LeRoux <b@brian.io= > wrote:
From my perspective this is a daily requirement of a respo= nsible committer. That final check isn't hurting anything but it is not= even remotely acceptable for a committer to not be constantly vigilant whe= n landing commits to our source.


On Sun,= May 25, 2014 at 11:05 AM, Lawrence Rosen <lrosen@rosenlaw.com> wrote:

Ross Gardler wrote:

> In my mind (and I am not a lawyer so t= hat means almost nothing in these situations) the requirement to have 3 PMC= members indicate that, to the best of their knowledge, the release is=A0co= mpliant with the policy is sufficient.

=A0

Leavin= g my lawyer hat off for a bit, it seems so to me too. I'm not worried. = I wasn't even worried about that when I served on the board. /Larry<= /u>

=A0

From: Ro= ss Gardler [mailto:rgardler@opendirective.com]
Sent: Saturday, May 24, 2014 8:08 PM
To: legal-discuss@apache.org; = Larry Rosen
Subject: Re: Clarification about D&O insurance an= d bad acts

<snip>

=A0



--089e0160bf6890af4104fa672413--