I'm pretty confident it's working as intended for now.
On Mon, Apr 28, 2014 at 3:05 PM, Marvin Humphrey <[email protected]>wrote: > On Mon, Apr 28, 2014 at 9:20 AM, Andrew Grieve <[email protected]> > wrote: > > Interesting! Going by this description, it sounds like we wound't need > > ICLAs for the majority of pull requests since pull requests details get > > forwarded to the mailing-list. > > Legally, the party making the pull request implicitly asserts that they > have > the right to contribute the commits under the ALv2 section 5. > > However, if a release with infringing material escapes out into the wild, > having somebody to blame will be cold comfort. Should the original > copyright > owner request that we cease distributing the offending release, Cordova's > users are going to be in a bad situation regardless. > > > New proposal: don't worry about CLAs at release time. > > The key here is that the Cordova PMC needs to be vigilant with every pull > request from somebody who has not signed a CLA or is otherwise well-known > to > be submitting clean IP. The Cordova committer who accepts the pull request > and pushes to the ASF repo is the first line of defense. However, the > rest of > the PMC is also collectively responsible for reviewing all commits. > > So the question is, how confident are you in the existing review process? > If > it's working as intended, then there's indeed no need to perform an > additional > audit at release time. On the other hand if it's porous, then building in > more checks might be wise. > > Marvin Humphrey >
