www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Connolly <stephen.alan.conno...@gmail.com>
Subject Re: Continuous release review
Date Sun, 01 Jun 2014 14:14:23 GMT
On Sunday, 1 June 2014, Emmanuel Lécharny <elecharny@gmail.com> wrote:

> Le 31/05/2014 14:33, James Carman a écrit :
> > On Fri, May 30, 2014 at 8:33 PM, Emmanuel Lécharny <elecharny@gmail.com
> <javascript:;>> wrote:
> >> " And since the officer is acting on behalf of the corporation, there is
> >> no personal liability".
> >>
> > Liability != responsibility
> Hopefully !
> In the context of Stephen's mail, I just wanted to stress out that being
> a chairman does not bring any legal pressure on your shoulder.
> You are just resposible for a few more things, which are clearly
> explicited on http://www.apache.org/dev/pmc.html#chair. Nothing to be
> afraid of, IMHO.

Sadly that page omits to mention this bit from
http://www.apache.org/dev/release-publishing.html says
    The PMC in general, and the PMC chair in particular (as an officer of
the Foundation) is responsible for compliance with requirements.

I agree that it shouldn't be too scary, but we chairs are particularly
responsible for compliance with requirements... So the chair has to be
*that* person... You know, the one who reminds people of the rules and that
they must be followed and shit!

It also means that when we chairs are casting our votes we should be
providing an example of sticking to the rules... Rather than just following
the chorus and voting along with half the PMC just because everyone else
+1'd the release.

I read that as saying: if you are PMC chair, you should only vote +1 if you
are happy with the release from a follows the rules PoV

Where I get worried is our wooly requirements on code provenance... Can I
say "oh well all these files were in ASF SCM so they can only have got
there if committed by a committer... All committers have an ICLA... Thus my
provenance checking is done once I do a diff against the SCM tag"? Is that
the extent of the checks on code provenance that are required *for a

Should I be spot checking some files at random?

Should I be reviewing the entire history?

This is the crux. As a chair I am "particularly" responsible... If I cannot
resolve how responsible I should be wrt code provenance, can I in good
faith cast +1 vote for any release at all?

Now if being "particularly responsible" just means I have to remind people
of the rules and pull people up if they are not following them... Well
that's ok.

But the text is unclear... It could mean that the chair is the last bastion
of hope for a valid release... If that is the case then I have been lax
because I have only mostly been keeping track of commits to Maven (when I
have more than a few 100's of unread emails they can end up in the bin) and
I have not verified our code provenance all the way to the initial
commit... Instead I have assumed that our PMC has done the required checks
before I was invited... I suspect I am in the majority of PMC chairs in
this regard...

I know that - hyperbole as a techinque to spur debate aside - it would
makes more comfortable if we had clearer guidance in this regard... Absence
such clearer guidance I look forward to rotating the PMC chair on! (Though
that doesn't mean I won't seek the position when the next chair rotates it
on next time)

> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> <javascript:;>
> For additional commands, e-mail: legal-discuss-help@apache.org
> <javascript:;>

Sent from my phone

View raw message