www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@gbiv.com>
Subject Re: Tool for automated merges into an ASF repository (Mergebot)
Date Tue, 26 Apr 2016 19:50:54 GMT
ASF internal legal questions should be addressed to legal-internal. Legal discuss is for general
discussion of licensing issues. But, to save time...

To clarify, IIRC, Infra is suggesting that allowing a bot to merge changes into our version
control does not provide sufficient proof of intent to contribute because the Apache committer
has not been authenticated as part of that process, which means we have not tied it to a specific
ICLA and verified that only authenticated users can cause the bot to proceed. 

I submit that this is a judgement call that can be assessed by infra or the board as they
see fit. It has nothing to do with legal process or licensing, since that is handled when
the code is submitted to the ASF (not when it is committed to version control via git) and
when a decision to release is made. Hence, this would be an infra mechanism, not a legal one.


....Roy

> On Apr 26, 2016, at 11:10 AM, Davor Bonaci <davor@google.com.INVALID> wrote:
> 
> Hi legal-discuss,
> 
> Apache Beam (incubating) project would like to develop and use a tool for (somewhat)
automated merges of pull requests into our ASF repository. We’d like to hear your opinion,
and address any legal issues that may come up.
> 
> In Beam, we already strictly use a review-then-commit workflow -- please see our Contribution
Guide for details [1]. All proposed code goes through a detailed, manual review by a project’s
committer.
> 
> Once the committer is happy with the proposed changes, the committer must manually merge
the changes into the ASF repository. We’d like to automate this part of the process, which
is completely manual and error-prone. A computer could do a much better job than a human on
this, manual part of the process.
> 
> Instead of manually merging a pull request branch onto the target branch in another repository,
potentially re-basing, potentially squashing commits, re-testing and pushing the changes,
a committer can issue a command to the tool to do the same job instead.
> 
> This would be hugely beneficial for our productivity. This manual process takes a lot
of time, with zero benefit back to the project. We have heard feedback from some committers
that it is hard to learn and get started with. It is error-prone -- we have had many unintentional
pushes, resulting in convoluted history that is hard to reason about.
> 
> This process is something that is widespread in the industry. For example, here at Google,
we sometimes use such a process. In a non-ASF GitHub workflow, there’s a button that does
it.
> 
> We believe this has zero legal implications, because nothing is really changing:
> 
> * Architecturally, this is very clean. We don’t need any special access that we currently
don’t have.
> * The process is the same as before. A committer does all the work, and makes all the
decisions. No code can be committed without a committer blessing it.
> * -- This is the key part -- The only difference is that the committer issues a command
to the tool to perform the job, instead of typing each command separately.
> * At the end of the day, nobody can tell whether a committer or the tool did the job.
> 
> Do you see anything problematic from a legal perspective? If so, please let us know and
we’ll try to address it.
> 
> If not, the last open question is which ASF account would the tool run under. Realistically,
we could run a tool under one of our own accounts already -- we don’t need any special access
whatsoever. However, it would be slightly nicer to have a dedicated mergebot account for this.
> 
> We have posed the same question to the ASF Infra [2]. Technically, they think a separate
account is fine, but they’d like to have Legal guidance to make sure they aren’t opening
a can of worms here.
> 
> Thanks for your consideration.
> 
> On behalf of Apache Beam,
> Davor Bonaci and JB Onofre.
> 
> [1] https://beam.incubator.apache.org/contribution-guide
> [2] https://issues.apache.org/jira/browse/INFRA-11644


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message