Again trying to collect the daily responses in one place.

Thanks Mark, for your patience in answering my questions.  My takeaway is that PMC members have the option to use Trust and Intent and Judgement in casting their votes for a release.  I will be more determined and explicit in requesting early review of L&N Issues.

Hopefully we can now close out this thread.

-Alex

From: Justin Mclean <justin@classsoftware.com>
Reply-To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Date: Wednesday, April 6, 2016 at 11:52 PM
To: "legal-discuss@apache.org" <legal-discuss@apache.org>
Subject: Re: Bundling and LICENSE

Hi,

Again this is going to depend on a lot of factors. I’m more likely to trust something from a large company with a legal team or something that has a public IP review and ICLAs than something from a random repo on github with drive-by committers.

OK, but for the record, you didn't trust Google and a popular Bootstrap theme developer.  Are you saying they are the work of drive-by committers?

Reviewing commits may not be enough here as you could accidentally bring in a GPL dependancy or include something of doubtful IP or perhaps include something not compatible with Apache. (As some Apache compatible licences are compatible with GPL but the reverse isn’t true.)

Both a mentor and now a board member has recommended watching the commits.  And even if that is hard, commits are turned into a proposed release package by our CI system often as soon as an hour after commit.  And both a mentor and a board member have recommended early review, which is what we request with a "Last Call" email.  We waited two weeks for feedback, but somehow you were only able to find time to do the review after the vote thread was opened.

So by extension an IPMC member voting on a release should be responsible for fixing any issue that find rather than the PPMC?

Extensions don't matter here.  We are only discussing the Flex PMC.

I think [1] is important here. The PMC should be capable of dealing with any license issues that come up, when they come up, and decide what the best course of action is. Most of these issues are easily dealt with and just involve a few simple modifications to LICENSE and NOTICE.

My takeaway is the advice from mentors and board members is that we should try harder to not make the "when" during the vote process.  We have a process where the Last Call provides ample time IMO.

1. http://www.apache.org/dev/release-publishing#release_manager
2. http://www.apache.org/dev/licensing-howto.html#guiding-principle