Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm
Precedence: bulk
Reply-To: legal-discuss@apache.org
Received-SPF: pass (athena.apache.org: local policy includes SPF record at
 spf.trusted-forwarder.org)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
Subject: Re: Release Policy
From: Jim Jagielski <jim@jaguNET.com>
In-Reply-To: 
 <CADVgkyOevfr_6v+MNtKmrb+ajRAjJcAAbVvJXGJ+6Az07hiT3g@mail.gmail.com>
Date: Fri, 23 May 2014 11:33:13 -0400
Cc: Mark Struberg <struberg@yahoo.de>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D7718797-E053-4798-853C-C793B00EB468@jaguNET.com>
References: 
 <CAAS6=7jTVyaDhwepAqob-=83DxJ-uaMS9GyG5j5XdHYybvAtGQ@mail.gmail.com>
 <1400784905.88428.YahooMailNeo@web28903.mail.ir2.yahoo.com>
 <CAAS6=7iGt0xW4oBe0sSXC7RzGgDP=KUBhgkOjzUezBbirq2sJA@mail.gmail.com>
 <1400790465.3527.YahooMailNeo@web28902.mail.ir2.yahoo.com>
 <537E5ED4.4010209@apache.org>
 <1400792669.96132.YahooMailNeo@web28902.mail.ir2.yahoo.com>
 <CADVgkyO09rhuYkRUtBfCavJYMRxKneP8E_Hi5_LsOEdfpTWRtw@mail.gmail.com>
 <1400820943.12576.YahooMailNeo@web28901.mail.ir2.yahoo.com>
 <CADVgkyOevfr_6v+MNtKmrb+ajRAjJcAAbVvJXGJ+6Az07hiT3g@mail.gmail.com>
To: legal-discuss@apache.org

Most other OSS projects are not run the same way the ASF
projects are. Whether or not *they* need/want a vote or
not is moot and immaterial to *our* policy.

On May 23, 2014, at 11:01 AM, Brian LeRoux <b@brian.io> wrote:

> @mark agree, there are many layers to the stated legal perception and =
indeed most other OSS projects do not require a VOTE. It was =
communicated to me that the VOTE specifically mitigated risk to the =
releasing individual (publishing artifacts to ./dist). This, and human =
error, are mitigated by not using humans to perform those actions =
susceptible to human error. That is the point of a CI system and =
automated builds. All the actions of a release could be done by a =
machine and ensuring the policy will allow that is what I'm looking for.=20=

>=20
>=20
> On Thu, May 22, 2014 at 11:55 PM, Mark Struberg <struberg@yahoo.de> =
wrote:
> Brian, we only specifically talked about whether we should be allowed =
to give_intermediate_ build artifacts like nightly builds, etc to =
interested people. I personally find it a bit too restrictive to not =
allow to publish those for user testing. We (the foundation) already do =
this via our snapshots maven repos...
>=20
> And there are also different layers of 'legal'. There is no law in the =
US nor otherwhere in the world who requires a VOTE before an opensource =
release. JBoss doesn't do it, Eclipse doesn't do it, etc.=20
>=20
> BUT: it is an ASF policy and thus binding for all our projects to VOTE =
on releases.=20
> And it is a really good one as it increases the technical and legal =
quality of our products! It's really a good thing to have 10+ people =
looking at a release and e.g. discovering that a file has the wrong =
license and should get removed again for example. And of course it helps =
reducing the risk from getting sued because we obviously try to minimize =
human errors.=20
>=20
> @Shane I'm not sure how many ASF members are subscribed to the legal =
list, maybe it is enough if we just rise awareness.
>=20
> LieGrue,
> strub
>=20
>=20
> On Thursday, 22 May 2014, 23:19, Brian LeRoux <b@brian.io> wrote:
>=20
>=20
>=20
>=20
> "But the point already got covered and answered dozens of times imo. =
The answer is that the ALv2 protects the foundation and also the release =
manager already for all bona fides cases. End of story."
>=20
>=20
> Interesting for myself to note that it was communicated very directly =
to Cordova that this *was not* the case. Votes are a necessary component =
for a valid (aka legal) release. Also interesting for me to discover in =
this thread that the release policy is not adhered to by all ASF =
projects. We were lead to believe the rules are immutable, all projects =
obey them. End of story.=20
>=20
> I am dismayed to discover this is not the case and Cordova was singled =
out.=20
>=20
> However, clarity here is a great starting to amending the rules, and I =
recognize this effort is not forum for that. My perspective: the vote is =
a SHOULD and most certainly SHA verifciation SHOULD be the job of a =
computer (aka CI system) and not a human and I am very happy to hear =
there is precedent for this with other projects.
>=20
>=20
> =E2=80=8B
>=20
>=20
>=20


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org