incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevan Miller <>
Subject Re: How strict should podling release reviews be?
Date Wed, 03 Oct 2007 04:26:10 GMT

On Oct 2, 2007, at 5:33 PM, Robert Burrell Donkin wrote:

> On 9/28/07, Niclas Hedhman <> wrote:
>> On Friday 28 September 2007 17:12, Guillaume Nodet wrote:
>>> On 9/28/07, Bertrand Delacretaz <> wrote:
>>>> What we care about is that podlings get the "legal stuff" right,  
>>>> and
>>>> letting releases out without this being ok is not an option, due to
>>>> potential legal risks.
>>> I thought projects in incubator were not endorsed by the ASF, hence
>>> the ASF could not be responsible for the legal stuff in podling
>>> releases...  Did I miss something here ?
>> Yes, you missed the fact that Incubator is part of ASF, and the  
>> Incubator are
>> doing the releases on behalf of the podling.
>> AFAIUI, we are responsible of the legal aspects of the releases  
>> (i.e. upstream
>> sources), but we have no practical responsibilities towards the  
>> downstream
>> users.
> +1
> the disclaimer is really aimed at informing users and has no force  
> in law
> the responsibility for the release rests with those IPMCers who  
> vote in favour

I think most people would agree that reviews should be "strict" -- as  
many problems as possible should be identified during a release  
review. However, there seem to be some who feel that voting for  
incubator releases can be a bit more "lenient".

If I understand the Incubator process correctly, there is some  
relaxation of standards for incubator releases. Perhaps there is some  
confusion on just what requirements are relaxed for incubator  
releases. The following summarizes my understanding. Is it more or  
less correct?

IIUC, the external dependencies of an incubating project need not  
strictly conform to Apache policy. For instance, a project may enter  
incubation with dependencies on artifacts that have an excluded  
license (  
It's my understanding that incubator releases could be created with  
these dependencies. However, the project would be expected to be  
working to remove these dependencies (certainly would be expected to  
be removed prior to graduation). Is my understanding correct?

This relaxation of Apache policy towards external dependency policy  
does not translate to a relaxation of licensing requirements. Any  
Apache release must observe and follow the license requirements of  
the artifacts that it contains (no matter what category the license  
falls under). Failure to adhere to the license requirements of these  
dependencies are non-negotiable. Once identified, they must be  
addressed prior to release.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message