Adding some context to this discussion: - Apache KIE mentor Brian has provided guidance on similar matters before [1][2]. - A guideline is already in place to define how discussions, proposals, and votes should work [3], and it was formally approved [4].
Regarding the proposals in question, they strictly involve moving code from one repository to another. There is no impact on the software itself—only on contributors working within the project. The example given—storing passwords in plain text—seems extreme. Any change with serious implications for users would be subject to review and could be vetoed based on existing guidance [2]. Approved proposals do not grant a "blank check"; changes must still be scrutinized. Ultimately, I believe that in any open-source project, any proposal will lead to code changes, in a way or another. - Alex [1] - https://lists.apache.org/thread/1vrtdv4jy3db8wj86bgd3w6ofd0w5zb8 [2] - https://lists.apache.org/thread/sofswb9ol7srncj6fqwz1ohtq2x550ky [3] - https://cwiki.apache.org/confluence/display/KIE/%5BPROPOSAL%5D+Community+guideline+to+define+discussion%2C+proposal+and+vote [4] - https://lists.apache.org/thread/2vmnnnlx89f6tg4m4td46ofm7sk5mv76 On Tue, Mar 11, 2025 at 4:48 PM Paolo Bizzarri <pibi...@gmail.com> wrote: > > Hello, > > this is Paolo Bizzarri. I am part of the Apache Kie project. > > I am looking for clarifications about the official policy of Apache > foundation about code changes and vetoes. > > As per this document in the Apache web site, a -1 to a proposal for a code > change is a veto - i.e. it "kills the proposals" > > https://www.apache.org/foundation/voting.html#:~:text=Votes%20On%20Code%20Modification,approve%20of%20this%20change.%27 > > However we got two proposals that are getting pushed through even in > presence of -1 > > https://lists.apache.org/thread/drojdtvz6xx1zo35ggjm75xdngnfcl21 > > and > > https://lists.apache.org/thread/c09l9xq0d8jz7th6k23gf5svoky06955 > > I got an answer from Alex Porcelly stating that "-1 are not vetos on > proposals" which seems wrong to me. These are code changes and so the rules > for vetoes should apply. > > Otherwise I could make a proposal like "put all passwords in plain text in > the code" and then pretend that the PR cannot be vetoed because the > corresponding proposal has already been approved, so there is consensus. > > https://lists.apache.org/thread/r37j54k3fyg5h18d4xdlb43ff9wcq96b > > Can you clarify and provide an answer that I can forward to the kie mailing > list? > > I understand that some projects have defined less restricting veto > policies, but I understand also that this is a matter of internal rules - > i.e. a way for the community of a project to decide how to work. My > understanding is that in the absence of such a decision, the Apache default > rules apply. > > Regards > > Paolo Bizzarri --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
