commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Goers <>
Subject Re: [OT] Verifying releases Was: svn commit: r1452037 - /commons/proper/beanutils/trunk/src/test/java/org/apache/commons/beanutils/bugs/
Date Sat, 09 Mar 2013 00:39:08 GMT
I'm not sure I understand what the big deal is.  Sebb vetoed a commit and identified exactly
what needed to be changed for him to remove the veto.  If the requested change is made then
all should be fine with the world again.  Sure, he could have said all the same words without
the -1 but then it wouldn't be evident that he expected the change to be made.


On Mar 8, 2013, at 2:15 AM, Mark Thomas wrote:

> Niall Pemberton <> wrote:
>> On Thu, Mar 7, 2013 at 11:54 PM, Mark Thomas <> wrote:
> <snip/>
>>> One of the primary responsibilities of a PMC member when voting on a
>>> release is verifying what is being voted on against the tag.
>> Different
>>> client locales and $Date$ combine to make every single source file
>>> different from the tag requiring a manual check of the diff of every
>>> file to do the verification check properly. Even with good diff
>> tooling
>>> the verification process is a lot slower and can't be automated.
>> Its not required for a release - although I would agree its a nice
>> thing to do.Spot check of the files is good enough to see if it has
>> been created from the tag
> I very strongly disagree. Any PMC member voting on a release should be
> verifying every single file in the src tarball with the tag. There are
> plenty of tools available that make this the work of a few seconds -
> providing the files agree.
>> - otherwise we trust our release managers.
> Not trusting the release managers is not the primary reason that PMC
> members should be verifying the tarball agrees with the tag (although if
> a release manager ever does do anything malicious it will catch that
> to). The primary reason is to catch errors in build process or mistakes
> made by the release manager. BeanUtils is likely simpler than Tomcat but
> the sorts of things a full verification has caught has included:
> - missing files (usually after some form of code re-org)
> - extra files (IDE files, intermediate files, .svn/.git files,
> etc)
> - wrong line endings (Tomcat tries to use CRLF for zip and LF for tar.gz)
> - local edits to the source files
> Some are minor but missing or edited files are clearly serious issues
> that should cause the release to fail.
>> BeanUtils has used the $Date$ keyword since 2005 and I cannot remember
>> it ever coming up in a release vote - so it hasn't stopped it being
>> released.
> If the release manager and the people checking the tarball all have the
> same locale you won't see the issue.
> Mark
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message