Awesome, thanks a lot for your help Jukka. On 12-01-13 4:44 PM, "Jukka Zitting" <jukka.zitt...@gmail.com> wrote:
>Hi, > >On Fri, Jan 13, 2012 at 11:00 PM, Filip Maj <f...@adobe.com> wrote: >> Yeah, add remote locally on your machine, pull in the changes, test it >>out >> locally. I assume checking CLA stuff is done by hand (as we have done >>all >> along anyways). Once you have it merged in locally you can easily push >>it >> up to the git apache repo. Theoretically that then will eventually get >> mirrored back over to github.com/apache (and hopefully auto-close the >>pull >> request, too). > >Right. The pull requests on Github should get automatically closed as >soon as the relevant commits hit the target repository. The only >missing piece is the nice "Merge pull request" button that the Github >UI provides, but with some effort I suppose we should be able to come >up with something similar. > >>>Also, is all the author/committer stuff maintained properly in the >>>commit? >>> Are there some commit hooks to ensure the committer is really a >>>committer, >>>and that the author has signed the ICLA? Guessing we'll have to do the >>>ICLA check by hand. But it would be nice to know that the info is >>>maintained in the repo. >> >> Maybe Jukka knows the answer to this? > >The authentication when you use your committer account to push stuff >to git-wip-us is tied to the ICLA you submitted, and that link is then >internally associated with all Git commits that you push. From the ASF >perspective that's enough legal audit trail as long as each committer >is trusted to only push changes that they can contribute under the >ICLA. (BTW, the lack of such a reliable commit >ICLA audit link is one >of the key reasons why the ASF can't use Github as the canonical place >for our repositories.) > >Normally when dealing with pull requests from contributors, there's no >need for extra checks as section 5 of ALv2 [1] already covers >licensing of intentionally submitted contributions. Thus no extra >checks are needed when someone actively sends us a patch, a pull >request or other contribution clearly intended for inclusion in Apache >Cordova (and it's reasonable to expect that the contributor has the >right to make such a contribution). > >The situation is a bit different when size of the contribution is >significant (like an entire new component) or when the author of the >code hasn't intentionally contributed it to us (like the third party >files mentioned in the thread on NOTICE files). For dealing with such >cases see the Incubator and the main Apache web sites (or ask us >mentors). > >[1] http://www.apache.org/licenses/LICENSE-2.0 > >BR, > >Jukka Zitting
