Just to add my 50ct to this discussion.
Justin did bring up the issue. He even brought it when we were first discussing
starting a release. The discussion sort of dried out without a resolution, then
when it came to the release, he mentioned it again. But again no action was
taken. So I too see a complaint about PMCs coming up with such stuff in the
last minute as not valid.
ASF is community over code, but the one thing the ASF deals with is protecting
us as developers as well as our users from licensing issues. It's this extra
protection and care that distinguishes Apache releases from the typical Github
projects. This is why in every bank or insurance company I was working in,
there never was a discussion about using ASF software, if it's not ASF however
you have to jump quite a lot of obstacles in order to use a library. I remember
quite some rounds with legal and quality assurance people.
The ASF has earned that trust because we have people in our communities that
care about this sort of stuff. Having some legal caretaker is one of the
coolest thing a project can have, cause it lets us coding-monkeys do what we
like to do and we can somehow be lazy and trust that someone is taking care of
this. I hate legal stuff. To me it's just getting in my way ... sort of as
others think working on build-, code-quality or writing documentation should be
done by others.
We have a pretty heterogenous community. I know I'm definitely the
build-monkey, Justin's the legal-monkey, we have a lot of code-monkeys. Why not
use the specialities of each other instead of complaining about it? I know I
have to work on my side about not ranting about code-quality, for example, but
I'm trying ... hope you guys didn't notice any recent rants from my side ;-)
If we hadn't let the discussion about Justin's findings die when he brought it
up and had resolved the problem instead, the problem would have been solved. So
how about us addressing the issues Justin has and in case of a "I think this
way, you think that way", let's involve legal and have these things settled
once and for all?
Von: Alex Harui <aha...@adobe.com>
Gesendet: Donnerstag, 15. September 2016 06:15
Betreff: Re: [DRAFT] Apache FlexJS 0.7.0 and Apache Flex FalconJX 0.7.0 Released
On 9/14/16, 4:27 PM, "Justin Mclean" <jus...@classsoftware.com> wrote:
>Perhaps the question we should be asking is why are other PMC members are
>not finding these issues earlier as well?
Well, I can only speak for myself, but I have learned over the years that,
while we can't say "Community over Policy" since policy is important,
community is still more important than trying to nail every last detail of
the licensing. For sure, early on, I thought we had to nail every last
detail, but senior Apache members have advised us that we can use "trust"
and "intent" in approving releases. So I look at harder at what we are
saying is our source, take a trusting, high-level look at what
third-parties say we can do and go from there. Because if we do make a
mistake in the details, it isn't the end of the world, we can fix it in
the next release, and the best way to guarantee there will be a next
release is to make sure the release process is quick and more like a
celebration of work completed than a grind through fine print. If we can
do that, we might find more folks will want to be release managers,
releases will take less energy so they can happen more often, and the
community will grow as a result. IOW, I am always looking for reasons to
ship, not reasons not too, especially late in the game.
Now also for sure, there is nobody in the entire foundation (not just this
project) who is better than you at finding licensing issues, and if you
want to help other PMC members find more of these issues, it would be
great if you could share your processes with us and the ASF in general.
Another way to look at it is that if the ASF truly cared about nailing
every last detail, the policy would be that you could use a licensing
issue to veto a release. It puzzled me for a while that it wasn't that
way, but I've come to think that the real goal is to build communities and
share source code without involving lawyers and tons of time. I think the
ASF realizes that these communities are almost all non-lawyers trying to
make the world better through shared code and they may (as we know) have
not nailed their documentation down to the last detail. And thus, we
don't have to look too hard, especially at third-party bundles. If
something comes up, we can deal with it in the next release. We can trust
that third-parties are not trying to lay some trap or sneak in a trojan
I personally don't enjoy grinding through the details of license and
notice stuff. My sense is that there are several others in our community
who feel the same way and wonder if others have left us and what other
code we could have done, and contributors we could have attracted if we
didn't spend as much time grinding on it. As long as the right
attribution is there at a high-level, I think we are good to go and
volunteers can improve it, just like we improve our code, over time.
Now let's push the NPM bits, get the announcement out, and get going on
the building the future of Flex.