Hi Christopher, I do understand that some of the things Apache requires from its projects may seem obsolete and outdated. However, I can assure you that this is usually not the case. We have in the past just done a bad job at relaying the reasons why some things are important. That’s also something we are currently trying to improve.
So, the thing is … the “binding” is important. One of the main pillars of Apache is the legal shield. This protects our contributors from prosecution. This is done by contributors signing ICLAs which hand over the rights and obligations of code they produce to the ASF. As the ASF is bound by Delaware corporate law, technically the board has the right to decide things. It can however decide to delegate things to others it seems fit. That’s why the board creates PMCs and nominates PMC members (of course upon request). With this the board delegates the duties for releasing software that’s in line with the project mission to that PMC. That’s also the reason why projects are still required to send the notice emails to the board when nominating a new PMC member … we’ve introduced the shortcut of you folks adding people to the PMC and sending the notice in parallel, but this email that many think are unnecessary is required, because otherwise it’s no longer the Board who delegates to the PMC. Same with releases: Releases are an act of the foundation and that’s how the legal shield works. Only votes by PMC members are acts of the foundation … that’s also why there must be at least 3 binding votes … otherwise it would just be an “act of Chris” (I’m also a Chris ;-) ). The committers and contributors technically have absolutely no say (from a legal standpoint) on what’s an act of the foundation and what’s not. Therefore the “binding” and “non-binding” is important. Now you say: Of course, do we do the checks and of course are we a small PMC and of course do we know who’s binding and who’s not. However, keep in mind, that people outside of the PMC don’t know this. I didn’t start doing these very thorough checks every month because I wanted to invest so much time. Initially I started reading the board reports, maybe asking a question or two and then signing them off … however did I learn quite quickly that these board reports don’t always reflect reality. So, what I usually do each month for 1/3 of all projects the ASF has, is to go through everything each project has been doing over the last 3 months and double check the things that many projects have been doing wrong. I know that my job as a director is executing oversight over the many projects that we have. For me it’s not just skimming through the reports and clicking on the “approve” button. I actually have a detailed look at what’s going on in the foundation and unfortunately every month there are something around 10 projects that prove that it was good to do so. Releases being a very large portion of what projects have been doing wrong: Not waiting the 72h for regular releases, releasing with only 1 or 2 votes at all (cause “we don’t have enough PMCs active”), mixing binding and non-binding votes (cause the RM decided to treat them equally). The list is quite long. Releases are crucial to the ASF, and we really need to be sure that were doing them right. That’s also why I’m checking them in so much detail. So please forgive me, that I don’t blindly trust every project that they are doing everything right. I think I would be doing a bad job if I was doing that. That’s also why I started writing hopefully friendly “personal feedback” emails. By simply adding a “binding” in the result email you at least tell me that you have paid attention to the difference of binding and non-binding votes (believe me … there are projects that don’t understand the difference) and in that case, I usually don’t validate the correctness if I don’t have a reason to doubt it. You are just making things easier for people doing unpleasant jobs like investing 2-3 full working days (mostly on the weekend and after work) each month with nothing else than having 2-3 coffee and reviewing the projects activity. Thanks, and sorry for the many words in this email ;-) Chris Von: Christopher <ctubb...@apache.org> Datum: Montag, 15. Januar 2024 um 00:21 An: accumulo-dev <dev@accumulo.apache.org> Cc: cd...@apache.org <cd...@apache.org> Betreff: Re: Personal feedback on your last release vote-thread Hi Christofer, I've seen other projects do this and I disagree that it's useful for us to do that on each vote. First, we are a relatively small community of active committers and typically already aware of who among us is in the PMC and who isn't. Second, aside from a few emeritus PMC members, all our committers are also PMC members. And we have a relatively low barrier to entry. So we only have a handful of active contributors who aren't PMC members at any given time, and we'd notice if they voted, or if somebody we didn't recognize tried to vote. Third, on the rare occasion when a non-committer votes, they usually specify non-binding. Fourth, and most importantly, specifying that a vote is binding doesn't make it binding. What makes it binding is if the voter is a PMC member. If the release manager who tallies the vote isn't already aware of who is a PMC member or not, it would be their responsibility to check, regardless of what the voter said about their own vote, and the tally is subject to review by all for correction. So, specifying it doesn't actually help at all. It just adds noise. I actually think that specifying it is counter productive, because the release manager could start relying on what the user said instead of doing their due diligence to verify when they tally. Speaking frankly, I don't personally find it useful, and I'm most often the one lately who steps up to be a release manager for our votes. I verify every time who is on the PMC list, regardless of what people say in their vote, as I consider it the responsibility of whoever tallies the vote to get an accurate count, and I would do the same to verify the tally if somebody else were to do it. I think this practice of declaring a vote binding is one of those strange customs that has worked its way into some projects because somebody did it once and others copied it without questioning it's value. But I have questioned its value and find it to be without any. As for mentioning it in the RESULT email, if there are both kinds of votes, we do mention the non-binding ones separately. In our last RESULT email, however, I merely said that it "passes with 6 +1s". Since we are aware that only binding votes can cause a vote to pass, it is clearly implied that they were binding. Ultimately, this comes down to trust. If you trust that we tallied the vote correctly, then mentioning they were binding votes is merely redundant. However, if you don't trust that we did it correctly, or just want to double check, then you should not merely accept what we said and should check each vote regardless of what we said, just as you did. In either case, explicitly specifying that they were binding doesn't actually help, I think Regardless, thank you for double checking our tally and for providing this feedback. If it helps, we can try to be more clear in the RESULT emails with some redundancy, but I think it's strange to trust a count more just because of the presence of redundant phrasing. If I were to audit a vote, I'd check the count, regardless of how it was phrased. I also don't think it's useful at all to ask all voters to specify it in their individual votes, for the reasons stated above, especially that it's a potentially harmful custom if the release manager relies on it. Kind regards, Christopher On Sun, Jan 14, 2024, 10:14 Christofer Dutz <cd...@apache.org<mailto:cd...@apache.org>> wrote: Hi all, while reviewing the project's activity as part of me preparing for the upcoming board meeting, i noticed that in the last vote thread, there were only simple +1 votes and no mentions of them being binding votes or not. Even if this is quite common throughout project, it would be good, if in the result email they would explicitly be mentioned as binding votes, if they were counted as such. I currently had to check each name with the PMC list in order to check that they were all actually binding votes. Chris PS: If you reply to this email, please make sure I'm in CC, as I'm not subscribed to this list.
