Folks since the liability of Release manager has been called out explicitly for the release I want to call out that I cannot take personal liability for a release and I am not sure why would anyone else in Release Manager role will take up personal liability. I don't see anything called out in our bylaws that states Release Manager being liable.
That being said I am seeking advice from ASF mentors and will discuss it in PMC. I will proceed and build an RC after this issue is resolved. Thanks Animesh > -----Original Message----- > From: David Nalley [mailto:da...@gnsa.us] > Sent: Saturday, February 22, 2014 12:34 AM > To: dev@cloudstack.apache.org > Subject: Re: [DISCUSS] Policy blocker? > > On Sat, Feb 22, 2014 at 3:07 AM, Sebastien Goasguen <run...@gmail.com> > wrote: > > > > On Feb 21, 2014, at 7:37 PM, Animesh Chaturvedi > <animesh.chaturv...@citrix.com> wrote: > > > >> > >> > >>> -----Original Message----- > >>> From: David Nalley [mailto:da...@gnsa.us] > >>> Sent: Friday, February 21, 2014 4:13 PM > >>> To: dev@cloudstack.apache.org > >>> Subject: Re: [DISCUSS] Policy blocker? > >>> > >>>>> LEGAL - when I talk about legal problems below I refer to > >>>>> liability incurred by individuals in the project, especially the > >>>>> release manager, > >>>> > >>>> [Animesh] Can you clarify 'especially the release manager' part? > >>>> Release > >>> manager is just like any other volunteer and does not have any > >>> special privileges. The community VOTEs on the release. > >>>> > >>> > >>> Sure, it isn't about privilege, it's about liability. So the > >>> foundation covers (and has insurance for) actions taken on behalf of > >>> the Foundation. If process is followed (including getting the votes) > >>> releasing software is effectively a function of the Foundation - and > >>> thus it bears liability. The foundation needs to ensure that the > >>> release is a 'authorized business decision' on behalf of the Foundation > (which is why the Board has to ACK PMC additions, etc.). > >>> Hence all the process and policy. > >>> > >>> Publishing software however, if really done by the release manager. > >>> And if release process isn't followed, it's no longer a function of > >>> the foundation - and software is effectively released by the RM, and > >>> thus he is individually liable. > >> [Animesh] How do you define the release process being followed or not? > Isn't Voting on a release the process and PMC and everyone voting > responsible for it. Release Manager is a facilitator. Without the protection > why would anyone want to incur liability as a release manager? In the links > that you sent I have not seen specific reference to Release Manager being > liable. > >> > >> Sadly this isn't theoretical, and is one of the reasons that > >>> the foundation exists. > >> [Animesh] What does foundation provide in that case? > >>> > > > > I read David note as saying that if we follow the release process properly - > calling for votes, respecting bylaws timeframe, tallying...etc- then the ASF > is > liable for what's in the release. But if we were to not follow due process > then > the RM would be liable. > > > > In our case we follow process, so the Foundation is liable. > > > > Yes, if I wasn't clear - what Sebastien said was my intent. > > --David
