www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ru...@apache.org
Subject svn commit: r1751293 - /infrastructure/site/trunk/content/legal/ghmon.mdtext
Date Mon, 04 Jul 2016 14:25:53 GMT
Author: rubys
Date: Mon Jul  4 14:25:53 2016
New Revision: 1751293

URL: http://svn.apache.org/viewvc?rev=1751293&view=rev
publish draft policy


Added: infrastructure/site/trunk/content/legal/ghmon.mdtext
URL: http://svn.apache.org/viewvc/infrastructure/site/trunk/content/legal/ghmon.mdtext?rev=1751293&view=auto
--- infrastructure/site/trunk/content/legal/ghmon.mdtext (added)
+++ infrastructure/site/trunk/content/legal/ghmon.mdtext Mon Jul  4 14:25:53 2016
@@ -0,0 +1,65 @@
+Title: Release Policy
+Notice:    Licensed to the Apache Software Foundation (ASF) under one
+           or more contributor license agreements.  See the NOTICE file
+           distributed with this work for additional information
+           regarding copyright ownership.  The ASF licenses this file
+           to you under the Apache License, Version 2.0 (the
+           "License"); you may not use this file except in compliance
+           with the License.  You may obtain a copy of the License at
+           .
+             http://www.apache.org/licenses/LICENSE-2.0
+           .
+           Unless required by applicable law or agreed to in writing,
+           software distributed under the License is distributed on an
+           KIND, either express or implied.  See the License for the
+           specific language governing permissions and limitations
+           under the License.
+This **draft** document describes the requirements placed upon PMCs who wish to
+host their repositories outside of the ASF.  This policy is not in effect until
+appoved by VP, Legal Affairs.  While the focus on this draft is on GitHub as a
+potential host, the intent is that future drafts will expand this to other
+## Short Version ## {#short-version}
+The short version is that we need "push logs", i.e. to be able to establish
+both in real time and well after the fact that all pushes are done by people
+with ICLAs on file.
+VP, Legal will designate who is responsible for monitoring PMCs for compliance
+with this policy.
+## Longer Version ## {#long-version}
+Now a longer version, in three parts.
+Part 1: 
+People with ICLAs on file can be be invited to be a committer by a PMC.  Those
+that have done so and accepted have an "avail ID" assigned by the ASF.  
+ASF's LDAP has an `githubUsername` attribute which can be used to associate
+avail IDs with GitHub ids.  GitHub provides hooks which let us know when a push
+occurs, and the email address of the person who did the push.  If two factor
+authentication is enabled for that GitHub user, and that email matches an avail
+ID, that's sufficient for our purposes.
+Part 2: 
+The record needs to be maintained by the ASF; having only subpoena access after
+the fact is not sufficient.  That record would also involve maintaining a copy
+(clone) of the repository in question, along with all of the deltas.
+Part 3: 
+While gaps in the records may occur for various reasons (e.g. network
+failures), they are expected to be addressed in a matter of days.  Gaps that go
+unaddressed for multiple weeks are to be reported to the board.
+## Additional-requirements ## {#additional-requirements}
+There are other things that should be a part of this.  For example, it
+has long been a practice that all commits produce an archived email
+(and for that matter, all changes to issue trackers too).

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message