Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [orbit-dev] Continue to require ATO CQs?

On Thu, Apr 16, 2020 at 3:50 PM Roland Grunberg <rgrunber@xxxxxxxxxx> wrote:
> On Wed, Apr 15, 2020 at 6:31 PM Sina Madani <sinadoom@xxxxxxxxxxxxxx> wrote:
> >
> > Thanks for approving me to be a committer to Orbit. As I’m new here and came across this discussion, I thought I’d double check before I do anything. To be clear, we don’t need to open a new CQ to add libraries that have already been approved? If so, I would recommend updating the FAQ [1], the “Before you do anything” [2] and checklist [3] to reflect this, since they contradict what has been discussed in this thread.
> Yes, those definitely need to be updated, now that at a minimum, Add To Orbit
> CQs are gone. If the library being added is an updated version, then it should
> be fine, but I would still check to confirm the license is the same.

Keep in mind that in the worst case, the new CQ is still only doing a license
check and not a diff review.

Adding Wayne on CC for some clarification. I've heard it being said that
adding a newer version of a previously approved library doesn't require a
new CQ but the examples I can think of are special cases :

- clearlydefined license check is approved
- updated version is a service/security release only

Would it apply generally once the new process is in place or would a
new CQ still be needed if the above 2 points aren't satisfied.

Back to the top