celix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roman Shaposhnik <...@apache.org>
Subject Re: [VOTE] Release Celix version 1.0.0.incubating
Date Tue, 11 Feb 2014 19:37:52 GMT
Apologies for the late reply -- I am fine with you guys forwarding the
vote to general@

To put my comments in context, here's my only bit of feedback to you:
mentors are
volunteers. They are not being payed or otherwise incentivesed to
review releases
in cases where it is not immediately obvious how to do a certain bit of release
verification. This is a bit of accommodation that you may consider useful to get
votes quicker. On the other hand, like you mentioned in the case of
hashsums -- you
seem to be following some kind of documentation. The fact that to this
day, I don't know
of a tool that would let me automate that check doesn't mean other members
of the incubator community wouldn't be more creative.

The only way to find out is to try the vote and see what happens.

Thanks,
Roman.

On Tue, Feb 11, 2014 at 4:09 AM, Marcel Offermans
<marcel.offermans@luminis.eu> wrote:
> I'm in favor for forwarding the vote, we need someone else to look at it, or Roman to
answer to the responses given here. I tried pinging Roman last week. I think he must be very
busy at the moment, so let's try to move ahead!
>
> Greetings, Marcel
>
>
> On 07 Feb 2014, at 9:52 am, Pepijn Noltes <pepijnnoltes@gmail.com> wrote:
>
>> Hi All,
>>
>> I would like to propose to forward the release vote to the incubator
>> mailing list We got two +1 binding vote and -1 vote, so we are one binding
>> +1 short.
>> There is still some comments from Roman, but I think there is always some
>> room for improvement and again there is no  -1 vote.
>>
>> I would like to known if any mentors see a problem with this approach. I
>> don't want to step on anybody's toes, but would like to push the release
>> forward.
>>
>> Greetings,
>> Pepijn
>>
>>
>>
>>
>> On Tue, Jan 28, 2014 at 8:08 PM, Pepijn Noltes <pepijnnoltes@gmail.com>wrote:
>>
>>> Hi Roman,
>>>
>>> Could you have a look at the comments of Alexander? I known I'm pushing a
>>> bit, but we are hoping to get the release ready :).
>>>
>>>
>>> On Fri, Jan 24, 2014 at 12:11 PM, Alexander Broekhuis <
>>> a.broekhuis@gmail.com> wrote:
>>>
>>>> Hi Roman,
>>>>
>>>> See my remarks inline below. I hope this gives you enough confidence to
>>>> sign this release off.
>>>>
>>>> 2014/1/24 Roman Shaposhnik <rvs@apache.org>
>>>>
>>>>> I know that some of the items are nits, but if we are to
>>>>> re-cut an RC for Boost reasons -- I'd suggest we may
>>>>> as well take care of them
>>>>>
>>>>
>>>> The way I read [2], there is no need to add anything to the notice file at
>>>> all. All third party sources we use have a header with the respective
>>>> license information. At [2] it is even explicitly mentioned not to add
>>>> anything unless legally required.
>>>>
>>>> "Do not add anything to NOTICE which is not legally required."
>>>>
>>>> So I don't see a reason why a new release is needed for Boost.
>>>>
>>>>>
>>>>>> The checksum has been created with the command mentioned on the Apache
>>>>>> Signing Releases page [1]. I don't see what is wrong with this.
>>>>>
>>>>> There was an old discussion on that some time ago. Basically
>>>>> the problem boils down to a fact that I can't verify it with shasum(1)
>>>>> and thus can't sign off on it.
>>>>>
>>>>
>>>> This was indeed an old discussion, but there has never been reached a
>>>> consensus, and as stated before, I've explicitly used the method described
>>>> on the Apache pages, which uses the gpg tooling to verify a checksum.
>>>> Instead of using shasum, you can simply use gpg --print-md "filename".
>>>>
>>>> If all I do is follow the official Apache document then what am I doing
>>>> wrong?
>>>>
>>>> I've had some discussion with Marcel on this topic as well, and in some
>>>> other project where Marcel is involved, they use a script to compare the
>>>> checksums. A similar solution might be implemented for Celix as well, I
>>>> don't mind adding this to the backlog.
>>>>
>>>>
>>>>>
>>>>>>>   * it would be nice to have version embedded into the name of
the
>>>> top
>>>>>>>     level dir inside of the tarball
>>>>>>>
>>>>>>
>>>>>> We have decided to leave it out since else there would always be
an
>>>> issue
>>>>>> with the BUILDING instructions and the default directory. This was
a
>>>>> remark
>>>>>> by someone on the first (0.0.1) release where we did have the version
>>>> in
>>>>>> the top-level directory.
>>>>>
>>>>> Hm. I'm just curious -- was there a thread on this one?
>>>>>
>>>>
>>>> This was a remark made by Marcel on our first release. See [3] for his
>>>> message/the release thread.
>>>>
>>>>
>>>>
>>>>>
>>>>>>>   * boost license is missing in NOTICES
>>>>>>>
>>>>>>
>>>>>> Why should the boost license be in the NOTICES file? There have been
a
>>>>> lot
>>>>>> of discussions on this file, and my understanding always has been
that
>>>>> if a
>>>>>> license is in a header it is not needed to add it to the NOTICES
file.
>>>>>
>>>>> I honestly don't recall this. Care to point a thread?
>>>>>
>>>>
>>>> I can't find the thread, but [2] gives a good explanation.
>>>>
>>>>
>>>>>
>>>>> Thanks,
>>>>> Roman.
>>>>>
>>>>
>>>>
>>>> [1]: http://www.apache.org/dev/release-signing#sha-checksum
>>>> [2]: http://www.apache.org/dev/licensing-howto.html#mod-notice
>>>> [3]: http://incubator.markmail.org/thread/ot7cwepmcusdblqs
>>>>
>>>> --
>>>> Met vriendelijke groet,
>>>>
>>>> Alexander Broekhuis
>>>>
>>>
>>>
>

Mime
View raw message