On 12/17/06, Roland Weber <[EMAIL PROTECTED]> wrote:
Hello Niall,

> Why is it any different than Harmony?

Harmony requires that an "Authorized Contributor Questionnaire"
be signed. The ACQ surely has been reviewd by the ASF legal team,
and signatures are legally significant.

The POI "Get Involved" page only mentions this:
> Those submitting patches that show insight into the file format
> may be asked to state explicitly that they are eligible or
> possibly sign an agreement.

"may be"? "possibly"? Did the ASF legal team prepare such a
document for signing or not? If they did, shouldn't it be
linked on the web page? And why isn't every contributor required
to state or sign something? Who decides who will have to state
or sign? And who will process and keep track of the statements
or signed documents if not the ASF legal team, who obviously
are not aware of any such thing?

If there is an established procedure addressing these questions,
it should be documented on the web page. If there is not, the
statement quoted above is just idle.

I agree there should be an established policy endorsed by the PMC. My
fear is that Andy Oliver either won't have the patience to do what it
takes or fail to get anywhere because he pi**es off too many people in
the process. Hopefully he'll prove me wrong or someone else from POI
will sort it out.

> If someone has received
> knowledge of MS propriety formats under a NDA then wouldn't using that
> knowledge to contribute to POI put the POI project at risk?

Yes it would. That's why the page mentions that people with
access to NDA'd information are not allowed to contribute.
As far as I can tell, there is no discussion about this policy.
There is a discussion about access restrictions in SVN. Let me
throw the following statements/opinions into this discussion:

1. Jakarta committers have proven that they are responsible
 developers, otherwise they wouldn't have been voted committers.

2. No responsible developer would just commit some code to a
 Jakarta subproject with which he/she is not familiar, or
 ignore the rules and policies in place for that subproject.

Generally this is true, although I have seen a couple of occasions
where committers have made code changes on Commons components they had
no prior involvement with without pinging the mailing list first.

3. If current committers show interest in contributing to the
 POI subproject, they will make an appearance on the mailing
 lists and submit patches to the bug tracking system for review.
 There is plenty of opportunity to educate them about the policy
 and to question them about possible NDA contamination.

4. If anyone would commit unwanted/dangerous code to POI
 (directly without patch review!) that contribution would
 immediately be detected from the commit message that is
 automatically generated, and would be vetoed and undone
 by the regular committers to the subproject.

This discussion is about removing technical barriers in SVN,
not about throwing random (barbed ;-) code into POI. It's
about running a community based on mutual trust and review
as opposed to walls and fences. At least that's how I see it.

Personally I'm +/-0 on removing svn barriers anyway. I don't believe
any exisiting committer that starts to contribute to a project in the
normal way isn't going to get given commit access pretty quickly.
Anyway generally I don't disagree with the sentiments/opinions you've
expressed - but I do think POI has grounds for a slightly different
policy than most of our code bases since what they deal with is the IP
of a large company that if infringed could cause us problems in the
same way as with Harmony and Sun's source code. IMO then the
contrubuting policy for POI needs to be resolved/formally established
first and svn access should be decided afterwards once we have a
policy endorsed by the PMC.


> I also think its a mistake to deal with whatever issues people think
> there are in POI via a vote. Back in March the POI devs voted to
> exclude POI from this policy of opening SVN access. If we think the
> reason underlying POI's exclusion from this policy is not valid then
> it would have been far better to start a discussion with them
> regarding this first - rather than launching straight into a vote. I'd
> have rather seem an attempt at consensus first rather than going
> straight for conflict.


> Seems to me that svn access isn't the root of the issue here and
> therefore a red herring, since changing that isn't IMO going to
> resolve whatever the real issues people think there are.



To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to