You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cayenne.apache.org by Mike Kienenberger <mk...@gmail.com> on 2010/08/26 19:47:07 UTC
PMC's concensus about what we are voting on [was: [VOTE] 3.0.1 - reloaded]
Legally, PMC members are required to verify that the source code is properly
licensed. Most of this generally takes place when the file is committed,
but some diligence is also required for a release.
A release is completely independent of the svn repository, so there's no
need to match something against svn. As a convenience, it's nice to note
how you could pull the files back out of svn for any particular release, but
certainly no requirement.
On Thu, Aug 26, 2010 at 3:50 AM, Aristedes Maniatis <ar...@maniatis.org>wrote:
> On 26/08/10 5:00 PM, Andrus Adamchik wrote:
>
>> Please evaluate and cast your votes.
>>
>
> Given the previous discussion, I am unclear about what the PMC's consensus
> is about what we are voting on. I posted an email about this a few days
> ago... are others in agreement with the general ideas in that?
>
> If PMC decides that each voter needs to verify that the source code is
> properly licensed and matches the svn repository, then I don't know how to
> do that.
>
> Regards
>
> Ari
>
> --
> -------------------------->
> Aristedes Maniatis
> GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
>
Re: PMC's concensus about what we are voting on [was: [VOTE] 3.0.1 - reloaded]
Posted by Mike Kienenberger <mk...@gmail.com>.
I agree with some of it as a guideline and some of it as a rule.
The steps I took to determine if we had our licenses in order were
primarily against the dependencies used and dependencies bundled.
They needed to be properly recorded in the LICENSE and NOTICES file.
In practice, I think the primary bulk of the rest of the source
licensing checks happen during the the commit process as a "best
effort" rather than "guaranteed perfection". Some automated tools
like RAT also help, although I did not run them in my evaluation.
We have a certain level of trust in the release manager that the
individual is doing things to the best of their ability, and primarily
we are vouching that they've followed a certain procedure in creating
the release.
On Thu, Aug 26, 2010 at 8:04 PM, Aristedes Maniatis <ar...@maniatis.org> wrote:
> If that is the decision of this PMC then I'll be unable to vote +1 without
> matching the source back against svn.
>
> Mike, do you agree with the outline of steps required which I posted some
> days ago? How do you satisfy yourself that the source is properly licensed?
> That is, what steps do you take?
>
> Ari
>
>
> On 27/08/10 3:47 AM, Mike Kienenberger wrote:
>>
>> Legally, PMC members are required to verify that the source code is
>> properly
>> licensed. Most of this generally takes place when the file is committed,
>> but some diligence is also required for a release.
>>
>> A release is completely independent of the svn repository, so there's no
>> need to match something against svn. As a convenience, it's nice to note
>> how you could pull the files back out of svn for any particular release,
>> but
>> certainly no requirement.
>>
>> On Thu, Aug 26, 2010 at 3:50 AM, Aristedes
>> Maniatis<ar...@maniatis.org>wrote:
>>
>>> On 26/08/10 5:00 PM, Andrus Adamchik wrote:
>>>
>>>> Please evaluate and cast your votes.
>>>>
>>>
>>> Given the previous discussion, I am unclear about what the PMC's
>>> consensus
>>> is about what we are voting on. I posted an email about this a few days
>>> ago... are others in agreement with the general ideas in that?
>>>
>>> If PMC decides that each voter needs to verify that the source code is
>>> properly licensed and matches the svn repository, then I don't know how
>>> to
>>> do that.
>>>
>>> Regards
>>>
>>> Ari
>>>
>>> --
>>> -------------------------->
>>> Aristedes Maniatis
>>> GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
>>>
>>
>
> --
> -------------------------->
> Aristedes Maniatis
> GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
>
Re: PMC's concensus about what we are voting on [was: [VOTE] 3.0.1
- reloaded]
Posted by Aristedes Maniatis <ar...@maniatis.org>.
If that is the decision of this PMC then I'll be unable to vote +1 without matching the source back against svn.
Mike, do you agree with the outline of steps required which I posted some days ago? How do you satisfy yourself that the source is properly licensed? That is, what steps do you take?
Ari
On 27/08/10 3:47 AM, Mike Kienenberger wrote:
> Legally, PMC members are required to verify that the source code is properly
> licensed. Most of this generally takes place when the file is committed,
> but some diligence is also required for a release.
>
> A release is completely independent of the svn repository, so there's no
> need to match something against svn. As a convenience, it's nice to note
> how you could pull the files back out of svn for any particular release, but
> certainly no requirement.
>
> On Thu, Aug 26, 2010 at 3:50 AM, Aristedes Maniatis<ar...@maniatis.org>wrote:
>
>> On 26/08/10 5:00 PM, Andrus Adamchik wrote:
>>
>>> Please evaluate and cast your votes.
>>>
>>
>> Given the previous discussion, I am unclear about what the PMC's consensus
>> is about what we are voting on. I posted an email about this a few days
>> ago... are others in agreement with the general ideas in that?
>>
>> If PMC decides that each voter needs to verify that the source code is
>> properly licensed and matches the svn repository, then I don't know how to
>> do that.
>>
>> Regards
>>
>> Ari
>>
>> --
>> -------------------------->
>> Aristedes Maniatis
>> GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
>>
>
--
-------------------------->
Aristedes Maniatis
GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A