Hi - Guys - please. If there is a legitimate question about a given file's provenance then please do make that query in private or in public. Find the commit in the log, watch commit emails and call for it at the time.
If there is a singular file here or there that is problematic then it is a judgement call, but it should not automatically hold a release. This is particularly so if a prior release contained that same artifact. The PMC shows it's diligence in how it treats these questions, but it is only a blocker if there is a large IP issue. Think of the process like cups and saucers. A little spill in the saucer is ok. You guys have tuned up the RAT report? You know what's in and not? Again follow the commits ML. Sticklers like Justin should be watching the commits ML. That is the most appropriate time to exercise IP due diligence. Release time is the worst time. Diligence should be done up front. Regards, Dave On Jan 24, 2015, at 12:07 AM, Justin Mclean wrote: > HI, > >> Donation procedures were followed correctly. Could some file have incorrect >> provenance? Sure. > > I think it a little more than some files. If a casual glance in 5 minutes can > pick up some issues it's quite likely there's more issues there. > > This is a formal request to have the PMC review those repos, I really can't > see why that the PMC would not be willing to do that given it takes little > effect, the Apache policy around this and once done it will give more > confidence in the IP provenance of those files. This stuff is sort of > important :-) > >> Folks have complained to me off-list that the tone and volume of emails that >> result >> from these quests tend to discourage their participation > > There should be no need for off list communication, but if someone has a > legitimate issue they email the private list or me personally if they want. > > Justin >
