Re: PMC's concensus about what we are voting on [was: [VOTE] 3.0.1 - reloaded]

From: Mike Kienenberger (mkienen..mail.com)
Date: Fri Aug 27 2010 - 16:23:29 UTC

  • Next message: Andrus Adamchik: "Re: 3.0.1 - next steps"

    I agree with some of it as a guideline and some of it as a rule.

    The steps I took to determine if we had our licenses in order were
    primarily against the dependencies used and dependencies bundled.
    They needed to be properly recorded in the LICENSE and NOTICES file.

    In practice, I think the primary bulk of the rest of the source
    licensing checks happen during the the commit process as a "best
    effort" rather than "guaranteed perfection". Some automated tools
    like RAT also help, although I did not run them in my evaluation.

    We have a certain level of trust in the release manager that the
    individual is doing things to the best of their ability, and primarily
    we are vouching that they've followed a certain procedure in creating
    the release.

    On Thu, Aug 26, 2010 at 8:04 PM, Aristedes Maniatis <ar..aniatis.org> wrote:
    > If that is the decision of this PMC then I'll be unable to vote +1 without
    > matching the source back against svn.
    >
    > Mike, do you agree with the outline of steps required which I posted some
    > days ago? How do you satisfy yourself that the source is properly licensed?
    > That is, what steps do you take?
    >
    > Ari
    >
    >
    > On 27/08/10 3:47 AM, Mike Kienenberger wrote:
    >>
    >> Legally, PMC members are required to verify that the source code is
    >> properly
    >> licensed.   Most of this generally takes place when the file is committed,
    >> but some diligence is also required for a release.
    >>
    >> A release is completely independent of the svn repository, so there's no
    >> need to match something against svn.   As a convenience, it's nice to note
    >> how you could pull the files back out of svn for any particular release,
    >> but
    >> certainly no requirement.
    >>
    >> On Thu, Aug 26, 2010 at 3:50 AM, Aristedes
    >> Maniatis<ar..aniatis.org>wrote:
    >>
    >>> On 26/08/10 5:00 PM, Andrus Adamchik wrote:
    >>>
    >>>> Please evaluate and cast your votes.
    >>>>
    >>>
    >>> Given the previous discussion, I am unclear about what the PMC's
    >>> consensus
    >>> is about what we are voting on. I posted an email about this a few days
    >>> ago... are others in agreement with the general ideas in that?
    >>>
    >>> If PMC decides that each voter needs to verify that the source code is
    >>> properly licensed and matches the svn repository, then I don't know how
    >>> to
    >>> do that.
    >>>
    >>> Regards
    >>>
    >>> Ari
    >>>
    >>> --
    >>> -------------------------->
    >>> Aristedes Maniatis
    >>> GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A
    >>>
    >>
    >
    > --
    > -------------------------->
    > Aristedes Maniatis
    > GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A
    >



    This archive was generated by hypermail 2.0.0 : Fri Aug 27 2010 - 16:24:19 UTC