Andrew C. Oliver wrote: All legal matters are for the Board and the Foundation's attorneys to address.
Regarding audits ... There is a presumption of innocence in our legal system. I do not believe that due diligence requires an a priori presumption of fraud, and a investigation to "prove" its absence. Nor do I believe that due diligence requires all code to be subjected to http://www.catb.org/~esr/comparator/ across all published codebases, although that would be an interesting project. As I understand it, if we receive a signed CLA or Software Grant, there is a presumption that they had the right to provide it. In some cases, that may not have been the case, but such a situation would need to be dealt with at that time. However, the Incubator is in a position to learn from such situations, e.g., to remind people to be sure that they are not violating any work-for-hire issues. Code is audited as part of the Incubation process. That audit is done by the PPMC, as was done recently by several Avalon members for an incoming codebase. Early on, some GPL dependencies were discovered and removed. In the reverse situation, I cannot say what audit, if any, was done on codebases that bypassed the Incubator. We do know that no code grant was received, since that is one reason why the incident was belatedly brought to a PMC's attention. Finally, when concerns have been raised about a particular codebase, more people have looked. You are well aware that the code you are particularly interested in has been reviewed by people involved in the project, by people with no association at all with the project, by people with a vested interest in finding violations, and by tools looking for concordance. With respect to any follow-up questions you may have in mind, I remind you that "all legal matters are for the Board and the Foundation's attorneys to address." > you can read the archive for numerous "hey what the heck are you > guys doing other than yacking about status files and process"). To put this in perspective ... The Incubator as not working well. The entrance of a project such as Geronimo forced changes within the Incubator. In excess of 1000 e-mails were expended putting together new rules and structures and ... and that pretty much sucked, too. In late November, Geir made a proposal that became the germ of the PPMC concept, and it clicked. As the concept was refined, the cruft was replaced with a simple concept: direct, collaborative, authoritative management, while still maintaining the Incubator's oversight. That is in the archives, too. :-) The Incubator is not perfect, but the structure is finally right. Now we need to work on operations, such as improving responsiveness with respect to resource creation. But that is not isolated to the Incubator. And the Incubator just started a review with each project of its STATUS, prepatory to its own report to the Board, which should help to get everyone on the same page. >>> * Creates confusion. Most people will believe the project is an Apache >>> project at the point of incubation. > And it weakens Apache as a brand. It brings us all down. Thank you for confirming the importance of the Incubator branding. We agree. We will have to disagree about whether the ASF branding is weakened by the presence of quality projects in our Incubator. > If I had a mature project ready for production which had been so for > a number of years and then I said "I want to be part of Apache".... > You'd put it in the "incubator" and tell the world it needed incubation? > Pretty ugly perception that pushes about a mature project. Spam Assassin doesn't seem to have a problem with it. That would be an example of a mature project with an active, viable, community that is in the Incubator for a time to prepare for TLP status. And as soon as a project is ready, it leaves the Incubator. > The project must vote (or at least should). The Incubator PMC must vote. > The accepting project or board must vote. Thatıs three houses voting for > project promotion. Again, things no longer work that way. The PPMC votes to present the project to the Board. The Board must still vote to create a TLP. The Board doesn't want it until the PPMC says that it is ready, and the PPMC isn't authorized to create a TLP. > 1-2 sponsoring members specifically interested in that project are essential. The Incubator PMC makes sure that there are multiple interested PMC members actively participating in the PPMC. See: http://incubator.apache.org/whoweare.html#PMC+%28Project+Management+Commitee %29. Out of the currently 20 PMC members, 18 are ASF Members and 5 are either current or past Board members. Any ASF Member interested in the Incubation of the ASF's future projects is encouraged to participate. > > The goal of the incubator is to help people in. Part of that is, > > necessarily, determining that some projects maybe should not come > > in. I don't see this as a bad thing. > I do. Interested sponsoring members should determine that. Not > some...."administrator" or committee of them. A project is accepted into the Incubator if another PMC votes to accept it, or if the Incubator PMC votes to accept a project sponsored by an ASF Member or Officer. Considering the legal issues with which you began the message, let me point out that it is a fundamental tenet that individuals act at the direction of the PMC, which is a legal entity authorized to act on behalf of the Foundation. There are no individual decisions or responsibilities. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
