Reminders for properly license adherence and that individuals make commits

[Joe Witt <jo...@gmail.com>]

All,

A couple of important reminders for us all to keep in mind.  The
community is growing rapidly and we're seeing a lot of contributions
from new people in the form of JIRAs, code, and reviews.  It is really
awesome to see and thanks to everyone for their efforts!

Two key things we want to remind ourselves of:

1) We must be very careful, always, to ensure proper ASF compatible
License adherence.  This means during code commits it should be
accounted for and during reviews (this part takes a lot of time and
due diligence).  You must account for any source that is copied and
all binary dependencies.  It can be complicated at first but
eventually it starts to make sense.
https://nifi.apache.org/licensing-guide.html  Please ask questions as
needed.  As a general rule of thumb if you found that reviewing a pull
request that changes dependencies (adds/removes/etc..) and that it was
'easy' - then you might not have done the license and notice
verification correctly :)

2) We must understand that code commits are from individuals and not
corporations.  There are various places in Apache Software Foundation
sites that talk about this
https://www.apache.org/foundation/governance/
https://www.apache.org/dev/new-committers-guide.html
I bring this up because I'm starting to see contributors using
accounts/account names that are suggestive that their commits are on
behalf of a given company.  It is ok that someone might use a
bob@mycompany.com email address.  But there are now github accounts
and email names that are even suggestive that a commit is coming from
a particular company rather than an individual.  This is a bridge too
far and we need to be very cautious in taking in such commits.

Thanks
Joe