On Sat, Feb 22, 2014 at 3:07 AM, Sebastien Goasguen <run...@gmail.com> wrote: > > On Feb 21, 2014, at 7:37 PM, Animesh Chaturvedi > <animesh.chaturv...@citrix.com> wrote: > >> >> >>> -----Original Message----- >>> From: David Nalley [mailto:da...@gnsa.us] >>> Sent: Friday, February 21, 2014 4:13 PM >>> To: dev@cloudstack.apache.org >>> Subject: Re: [DISCUSS] Policy blocker? >>> >>>>> LEGAL - when I talk about legal problems below I refer to liability >>>>> incurred by individuals in the project, especially the release >>>>> manager, >>>> >>>> [Animesh] Can you clarify 'especially the release manager' part? Release >>> manager is just like any other volunteer and does not have any special >>> privileges. The community VOTEs on the release. >>>> >>> >>> Sure, it isn't about privilege, it's about liability. So the foundation >>> covers >>> (and has insurance for) actions taken on behalf of the Foundation. If >>> process >>> is followed (including getting the votes) releasing software is effectively >>> a >>> function of the Foundation - and thus it bears liability. The foundation >>> needs to ensure that the release is a 'authorized business decision' on >>> behalf >>> of the Foundation (which is why the Board has to ACK PMC additions, etc.). >>> Hence all the process and policy. >>> >>> Publishing software however, if really done by the release manager. >>> And if release process isn't followed, it's no longer a function of the >>> foundation - and software is effectively released by the RM, and thus he is >>> individually liable. >> [Animesh] How do you define the release process being followed or not? Isn't >> Voting on a release the process and PMC and everyone voting responsible for >> it. Release Manager is a facilitator. Without the protection why would >> anyone want to incur liability as a release manager? In the links that you >> sent I have not seen specific reference to Release Manager being liable. >> >> Sadly this isn't theoretical, and is one of the reasons that >>> the foundation exists. >> [Animesh] What does foundation provide in that case? >>> > > I read David note as saying that if we follow the release process properly > -calling for votes, respecting bylaws timeframe, tallying...etc- then the ASF > is liable for what's in the release. But if we were to not follow due process > then the RM would be liable. > > In our case we follow process, so the Foundation is liable. >
Yes, if I wasn't clear - what Sebastien said was my intent. --David
