On Wed, Jan 14, 2015 at 11:46 AM, Rob Vesse <rve...@dotnetrdf.org> wrote: > LC50: > > I think the LC50 is actually correct but could perhaps be phrased better > > My understanding was that the ASF owns the copyright for the collective > work of the project I.e. releases. As Benson notes contributors retain > copyright on their contributions but grant the ASF a perpetual license to > their contributions
I think that the wording should be expanded to mention both aspects. > > QU30: > > Agreed, some projects may not do anything that is attack prone or are > likely only to be run such that any "security" is provided by whatever > runtime they use and the security of that runtime is well beyond the > purview of the project. > > Consensus building: > > Should there be a CS60 about the rare need for private discussions > > CS60: > > In rare situations (typically security, brand enforcement, legal and > personnel discussions) the project may need to first reach consensus in > private in which case the project should use their official private > communications channel such that these rare private discussions are > privately archived. The outcomes of such consensus should where possible > be discussed in public as soon as it is appropriate to do so. > > That isn't great wording but hopefully you get what I am trying to convey > - projects should rarely discuss in private and any discussions should > become public as soon as it is possible to do so > > Rob > > On 14/01/2015 15:33, "Benson Margulies" <bimargul...@gmail.com> wrote: > >>CD40: perhaps change 'previous version' to 'released version' >> >>CD50: the committer is not necessarily the author; someone might read >>this and not understand what it implies for committers committing >>contributions via all of the channels allowed for by the AL. One patch >>would be 'immediate provenance', another would be some more lengthier >>language about the process. >> >>LC20: do we need to explain what we mean by 'dependencies'? This has >>been a point of friction. Expand or footnote to the distinctions >>between essential and optional? >> >>LC50: the footnote seems wrong; the ASF does not own copyright, >>rather, the author retains, and grants the license. >> >>RE40: do you want to add an explicit statement that legal >>responsibility falls upon the head of the person who happened to run >>the build? >> >>QU20: Maybe we need to expands on 'secure'? Maybe this is too strong? >>What's wrong with building a product that is explicitly not intended >>for use attack-prone environments. >> >>QU40: Not all communities might agree. Some communities might see >>themselves as building fast-moving products. Some communities may lack >>the level of volunteer effort required to satisfy this. Does this make >>them immature, or just a group of volunteers with different >>priorities? >> >>IN10: I fear that a more detailed definition of independence is going >>to be called for here to avoid controversy. > > > >
