On Feb 21, 2014, at 7:37 PM, Animesh Chaturvedi <animesh.chaturv...@citrix.com> wrote:
> > >> -----Original Message----- >> From: David Nalley [mailto:da...@gnsa.us] >> Sent: Friday, February 21, 2014 4:13 PM >> To: dev@cloudstack.apache.org >> Subject: Re: [DISCUSS] Policy blocker? >> >>>> LEGAL - when I talk about legal problems below I refer to liability >>>> incurred by individuals in the project, especially the release >>>> manager, >>> >>> [Animesh] Can you clarify 'especially the release manager' part? Release >> manager is just like any other volunteer and does not have any special >> privileges. The community VOTEs on the release. >>> >> >> Sure, it isn't about privilege, it's about liability. So the foundation >> covers >> (and has insurance for) actions taken on behalf of the Foundation. If process >> is followed (including getting the votes) releasing software is effectively a >> function of the Foundation - and thus it bears liability. The foundation >> needs to ensure that the release is a 'authorized business decision' on >> behalf >> of the Foundation (which is why the Board has to ACK PMC additions, etc.). >> Hence all the process and policy. >> >> Publishing software however, if really done by the release manager. >> And if release process isn't followed, it's no longer a function of the >> foundation - and software is effectively released by the RM, and thus he is >> individually liable. > [Animesh] How do you define the release process being followed or not? Isn't > Voting on a release the process and PMC and everyone voting responsible for > it. Release Manager is a facilitator. Without the protection why would anyone > want to incur liability as a release manager? In the links that you sent I > have not seen specific reference to Release Manager being liable. > > Sadly this isn't theoretical, and is one of the reasons that >> the foundation exists. > [Animesh] What does foundation provide in that case? >> I read David note as saying that if we follow the release process properly -calling for votes, respecting bylaws timeframe, tallying…etc- then the ASF is liable for what's in the release. But if we were to not follow due process then the RM would be liable. In our case we follow process, so the Foundation is liable. >> http://www.apache.org/dev/release.html#why >> https://www.apache.org/foundation/faq.html#why >> >> --David
