On Wed, Jul 3, 2019 at 2:38 PM Roman Shaposhnik <ro...@shaposhnik.org> wrote: > > On Tue, Jul 2, 2019 at 10:27 PM Greg Stein <gst...@gmail.com> wrote: > > > > On Wed, Jul 3, 2019 at 12:10 AM Justin Mclean <jus...@classsoftware.com> > > wrote: > > >... > > > > > Hi, > > > > > > > Although not a "real" PMC, we do need to provide legal protection for > > > each PPMC and distributing releases is the time that most legal > > > considerations "kick in" as it were. So we need a > > > > > > Or we *don't* provide legal protections. That *is* what the disclaimer is > > there for. > > That's exactly the direction I personally would like this to go into. >
As VP Legal, I think that's well within your bailiwick to make such a decision. As a member, I find that it's counter to one of the stated purposes of the Foundation - which is to shield individuals[1] and find it concerning that we are wanting to shift that back to the individual. > > > Which while I don’t disagree with, again I ask how can a PMC (i.e the > > > incubator) make releases that are not in line with policy? Current advice > > > seems that the board would not grant a blanket exception like to the IPMC > > > > > > I don't recall that advice. In fact, Roman seemed to indicate Legal would > > be just fine with that. > > This is correct. Provided we *do* explicitly acknowledge that special > status of the Incubator. > > This acknowledgement will basically put podling source code releases > at the same level we have convenience binary releases. Which is: they > are NOT acts of the foundation. > As I've said elsewhere, I don't think that argument holds water. We celebrate downloads of binaries with press releases, we adorn binaries with cryptographic signatures that identify the content as originating from us, we've entered into contractual agreements with vendors to explicitly distribute binaries on our behalf. Download of binaries from us, our mirrors, and our vendors dwarfs all of the other traffic to our web properties by a huge margin. As a result a substantial function of our operations - e.g. what the ASF actually spends money is facilitating the download of binaries. By taking these actions, or perhaps by not policing the fact that these actions have been taken, we are essentially telling the world its something we've done, and not something an individual has done. I can't imagine a court saying that the binary of Apache Foo which is: *uploaded by a member of the Foo PMC, a position granted to him by the consent of the board of directors of the Foundation, *signed by the official Foundation code signing keys, * placed on the Apache.org web properties, * linked to from foo.apache.org, * announced in an official Apache press release, * and with an Apache press release highlighting that we have eclipsed 5 million downloads of those same binaries is the work of an individual and not the calculated effort of the Foundation. That just doesn't pass the smell test. --David [1] https://www.apache.org/foundation/faq.html#why --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
