Just to add my 50ct to this discussion.
Justin did bring up the issue. He even brought it when we were first discussing starting a release. The discussion sort of dried out without a resolution, then when it came to the release, he mentioned it again. But again no action was taken. So I too see a complaint about PMCs coming up with such stuff in the last minute as not valid. ASF is community over code, but the one thing the ASF deals with is protecting us as developers as well as our users from licensing issues. It's this extra protection and care that distinguishes Apache releases from the typical Github projects. This is why in every bank or insurance company I was working in, there never was a discussion about using ASF software, if it's not ASF however you have to jump quite a lot of obstacles in order to use a library. I remember quite some rounds with legal and quality assurance people. The ASF has earned that trust because we have people in our communities that care about this sort of stuff. Having some legal caretaker is one of the coolest thing a project can have, cause it lets us coding-monkeys do what we like to do and we can somehow be lazy and trust that someone is taking care of this. I hate legal stuff. To me it's just getting in my way ... sort of as others think working on build-, code-quality or writing documentation should be done by others. We have a pretty heterogenous community. I know I'm definitely the build-monkey, Justin's the legal-monkey, we have a lot of code-monkeys. Why not use the specialities of each other instead of complaining about it? I know I have to work on my side about not ranting about code-quality, for example, but I'm trying ... hope you guys didn't notice any recent rants from my side ;-) If we hadn't let the discussion about Justin's findings die when he brought it up and had resolved the problem instead, the problem would have been solved. So how about us addressing the issues Justin has and in case of a "I think this way, you think that way", let's involve legal and have these things settled once and for all? Chris ________________________________ Von: Alex Harui <aha...@adobe.com> Gesendet: Donnerstag, 15. September 2016 06:15 An: dev@flex.apache.org Betreff: Re: [DRAFT] Apache FlexJS 0.7.0 and Apache Flex FalconJX 0.7.0 Released On 9/14/16, 4:27 PM, "Justin Mclean" <jus...@classsoftware.com> wrote: > >Perhaps the question we should be asking is why are other PMC members are >not finding these issues earlier as well? Well, I can only speak for myself, but I have learned over the years that, while we can't say "Community over Policy" since policy is important, community is still more important than trying to nail every last detail of the licensing. For sure, early on, I thought we had to nail every last detail, but senior Apache members have advised us that we can use "trust" and "intent" in approving releases. So I look at harder at what we are saying is our source, take a trusting, high-level look at what third-parties say we can do and go from there. Because if we do make a mistake in the details, it isn't the end of the world, we can fix it in the next release, and the best way to guarantee there will be a next release is to make sure the release process is quick and more like a celebration of work completed than a grind through fine print. If we can do that, we might find more folks will want to be release managers, releases will take less energy so they can happen more often, and the community will grow as a result. IOW, I am always looking for reasons to ship, not reasons not too, especially late in the game. Now also for sure, there is nobody in the entire foundation (not just this project) who is better than you at finding licensing issues, and if you want to help other PMC members find more of these issues, it would be great if you could share your processes with us and the ASF in general. Another way to look at it is that if the ASF truly cared about nailing every last detail, the policy would be that you could use a licensing issue to veto a release. It puzzled me for a while that it wasn't that way, but I've come to think that the real goal is to build communities and share source code without involving lawyers and tons of time. I think the ASF realizes that these communities are almost all non-lawyers trying to make the world better through shared code and they may (as we know) have not nailed their documentation down to the last detail. And thus, we don't have to look too hard, especially at third-party bundles. If something comes up, we can deal with it in the next release. We can trust that third-parties are not trying to lay some trap or sneak in a trojan horse. I personally don't enjoy grinding through the details of license and notice stuff. My sense is that there are several others in our community who feel the same way and wonder if others have left us and what other code we could have done, and contributors we could have attracted if we didn't spend as much time grinding on it. As long as the right attribution is there at a high-level, I think we are good to go and volunteers can improve it, just like we improve our code, over time. Now let's push the NPM bits, get the announcement out, and get going on the building the future of Flex. Thanks, -Alex
