Incubating progress is something how to fix such issue, there's no need such plan at this moment
Ryan Blue <rb...@netflix.com.invalid>于2018年6月19日周二 上午4:13写道: > Okay, then let me rephrase: I would like to see a plan in the Palo proposal > for a licensing scrub to be done before graduation. > > I'm still a little skeptical about this practice because the Incubator PMC > validates the release on behalf of the foundation, but I think that's a > separate issue to consider that doesn't need to distract on this Palo > thread. Thanks for the explanation, Greg! > > On Mon, Jun 18, 2018 at 1:00 PM, Greg Stein <gst...@gmail.com> wrote: > > > Heya Ryan, > > > > On Mon, Jun 18, 2018 at 2:39 PM Ryan Blue <rb...@netflix.com> wrote: > > > >> > we have allowed (and IMO should continue) podlings to have licensing > >> issues during their incubator releases > >> > >> Thanks for pointing this out, Greg. I wasn't aware of this and have > >> always had releases fail when we discover licensing issues. I think > there's > >> a significant risk of license problems, so I had assumed we would > require a > >> thorough scrub before the first release. > >> > >> What's the argument for finishing this work before graduation rather > than > >> first release? Isn't the release a product for which the ASF is legally > >> responsible? Given that we fail releases for known license issues, > >> shouldn't we also be more careful when we know there are likely to be > >> issues? > >> > > > > This is why incubator releases have a disclaimer. It gives them time to > > work through dependency and licensing issues, even while they're testing > > their release process with our KEYS and distribution framework. So the > > "argument" is simply to allow the podling to multitask, rather than gate > > one of their activities. > > > > When you really want to lift the cover, there isn't a problem if a > podling > > releases (say) a hard LGPL dependency. That's just a policy choice of the > > Foundation, to avoid such dependencies. We don't like it, and maybe some > > messed up licensing downstream, possibly, for somebody to tease apart. > But > > historically, the Incubator has let these issues slide for a while, yet > > gate on graduation. > > > > I also feel that podling releases are in a grey area, that don't truly > > have the full backing of the ASF (thus the disclaimer, and them not > being a > > TLP; although technically the Apache Incubator is the stand-in PMC behind > > the release). > > > > Cheers, > > -g > > > > > > > -- > Ryan Blue > Software Engineer > Netflix >