On Mon, 2007-03-19 at 19:01 +0100, Oleg Kalnichevski wrote:
[... on vote-then-release ...]
Trust me, I have done my share of releases this way, too. The thing is,
that while it was/is common practice, there are ASF-wide guidelines that
are not there to hinder people / add administrative barriers / whatever
but to provide two things:
* Oversight
* Legal shielding
That is the difference between your private pet peeve that releases as
it wishes and a legal entity as the ASF, its acting officers (board /
PMC chairs) and its committers.
>From a technical PoV, I'm fully with you. However, this is not a
technical issue as you have probably found out by now.
Best regards
Henning
> In Commons HttpClient / HttpComponents land we historically voted on SVN
> revisions and published release packages based on a lazy consensus if no
> one raised complaints about the content of the release packages.
>
> Oleg
>
> > On 3/19/07, J Aaron Farr <[EMAIL PROTECTED]> wrote:
> > > "Jesse Kuhnert" <[EMAIL PROTECTED]> writes:
> > >
> > > > You have to be kidding me..
> > > >
> > > > The only problem I see is that people are all caught up in policies /
> > > > processes but I've yet to hear what the actual root "problem" is. I'm
> > > > sure it's intended to somehow prevent something nasty that has
> > > > happened in the past but these policies don't have any logic that I'm
> > > > able to follow. Why does the ASF need to dictate how we vote on
> > > > releases?
> > > >
> > > > Maybe I'm just having a bad morning, but for some reason this really
> > > > rubs me the wrong way and feels extremely inefficient.
> > >
> > > The problem is that Vote-Then-Release leaves opportunities for the
> > > small details to get missed and you end up with a sloppy release.
> > > Examples include non-signed distributables, incomplete legal notices,
> > > missing or incorrect hashes. The worst is someone slipping in some
> > > malicious code in between the time the vote is cast and the release is
> > > made.
> > >
> > > When a PMC votes on a release they should be approving the exact bits
> > > that hit the mirrors. That vote binds the ASF to be _legally_
> > > responsible. The only way to have sufficient and appropriate
> > > oversight is to give the PMC a chance to check that these final steps
> > > of a release have been properly handled. Otherwise the PMC risks
> > > releasing a half baked product.
> > >
> > > It is completely appropriate for the ASF to set guidelines on release
> > > procedures.
> > >
> > > --
> > > jaaron (who is not on the Jakarta PMC)
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
