>> LEGAL - when I talk about legal problems below I refer to liability incurred >> by >> individuals in the project, especially the release manager, > > [Animesh] Can you clarify 'especially the release manager' part? Release > manager is just like any other volunteer and does not have any special > privileges. The community VOTEs on the release. >
Sure, it isn't about privilege, it's about liability. So the foundation covers (and has insurance for) actions taken on behalf of the Foundation. If process is followed (including getting the votes) releasing software is effectively a function of the Foundation - and thus it bears liability. The foundation needs to ensure that the release is a 'authorized business decision' on behalf of the Foundation (which is why the Board has to ACK PMC additions, etc.). Hence all the process and policy. Publishing software however, if really done by the release manager. And if release process isn't followed, it's no longer a function of the foundation - and software is effectively released by the RM, and thus he is individually liable. Sadly this isn't theoretical, and is one of the reasons that the foundation exists. http://www.apache.org/dev/release.html#why https://www.apache.org/foundation/faq.html#why --David