Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [orbit-dev] Continue to require ATO CQs?

Hi Roland,


Thanks for the clarification. I’m just working through adding a bundle now, and I noticed that the in orbit-recipes also needs updating. However for ip_log.xml it appears that the <ipzilla bug_id> element is still mandatory under <legal>. Can I just pick any CQ from IPZilla that has been approved for the bundle I’m adding (there are multiple, since in the past every project had to submit a separate CQ for the same bundle) and use that as the reference? I’m currently adding ANTLR 3.5.2 runtime [1].







From: Roland Grunberg
Sent: 16 April 2020 22:09
To: Orbit Developer discussion
Cc: Beaton, Wayne
Subject: Re: [orbit-dev] Continue to require ATO CQs?


On Thu, Apr 16, 2020 at 3:50 PM Roland Grunberg <rgrunber@xxxxxxxxxx> wrote:


> On Wed, Apr 15, 2020 at 6:31 PM Sina Madani <sinadoom@xxxxxxxxxxxxxx> wrote:

> >

> > Thanks for approving me to be a committer to Orbit. As I’m new here and came across this discussion, I thought I’d double check before I do anything. To be clear, we don’t need to open a new CQ to add libraries that have already been approved? If so, I would recommend updating the FAQ [1], the “Before you do anything” [2] and checklist [3] to reflect this, since they contradict what has been discussed in this thread.


> Yes, those definitely need to be updated, now that at a minimum, Add To Orbit

> CQs are gone. If the library being added is an updated version, then it should

> be fine, but I would still check to confirm the license is the same.


Keep in mind that in the worst case, the new CQ is still only doing a license

check and not a diff review.


Adding Wayne on CC for some clarification. I've heard it being said that

adding a newer version of a previously approved library doesn't require a

new CQ but the examples I can think of are special cases :


- clearlydefined license check is approved

- updated version is a service/security release only


Would it apply generally once the new process is in place or would a

new CQ still be needed if the above 2 points aren't satisfied.



orbit-dev mailing list


To unsubscribe from this list, visit


Back to the top