[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [orbit-dev] Continue to require ATO CQs?
|
On Thu, Apr 16, 2020 at 3:50 PM Roland Grunberg <rgrunber@xxxxxxxxxx> wrote:
>
> On Wed, Apr 15, 2020 at 6:31 PM Sina Madani <sinadoom@xxxxxxxxxxxxxx> wrote:
> >
> > Thanks for approving me to be a committer to Orbit. As I’m new here and came across this discussion, I thought I’d double check before I do anything. To be clear, we don’t need to open a new CQ to add libraries that have already been approved? If so, I would recommend updating the FAQ [1], the “Before you do anything” [2] and checklist [3] to reflect this, since they contradict what has been discussed in this thread.
>
> Yes, those definitely need to be updated, now that at a minimum, Add To Orbit
> CQs are gone. If the library being added is an updated version, then it should
> be fine, but I would still check to confirm the license is the same.
Keep in mind that in the worst case, the new CQ is still only doing a license
check and not a diff review.
Adding Wayne on CC for some clarification. I've heard it being said that
adding a newer version of a previously approved library doesn't require a
new CQ but the examples I can think of are special cases :
- clearlydefined license check is approved
- updated version is a service/security release only
Would it apply generally once the new process is in place or would a
new CQ still be needed if the above 2 points aren't satisfied.
