cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Grieve <agri...@chromium.org>
Subject Re: [Vote] Cordova 3.4.0 release
Date Thu, 20 Feb 2014 14:47:39 GMT
SCM == ?

Do you mean the git tags?
All of the repositories are tagged with the version number of the release.
So, "3.4.0" is the tag.


On Thu, Feb 20, 2014 at 9:02 AM, sebb <sebbaz@gmail.com> wrote:

> On 18 February 2014 23:26, Steven Gill <stevengill97@gmail.com> wrote:
> > Please review and vote on the Cordova 3.4.0 release.
> >
> > You can find the sample release at http://people.apache.org/~steven/
>
> At the risk of being flamed, I am concerned that the VOTE mail does
> not include a link to the SCM tag.
>
> Why is this important?
>
> The ASF releases source files which come with a LICENSE (and NOTICE).
> It is vital that the release only contains files that are permitted to
> be distributed, and we aren't accidentally including files that should
> not be distributed.
>
> Equally, it is important that the source release is not missing any
> required files.
>
> The only practical way to check all the files is to compare the source
> archive against the tag(s) it is supposed to contain.
>
> In theory, an automated build process will ensure that the archive
> only contains files from the tag, and does not omit any require files.
> However, in practice, the archives are built from workspaces that
> contain other files (e.g. compilation output).
> I know of at least two projects which used standard automated
> procedures (Maven), yet their source releases contained files that
> should not have been released.
>
> Should there be a complaint, it's important that the PMC can show that
> due diligence was done in checking the source archive contents.
> This will be easier to prove if the VOTE thread contains details of
> the SCM tags from which the archive was built.
>
> The SCM repo provides traceability of provenance.
>
> So please can someone provide the SCM tag(s) that were used to create
> the source release?
>
> > Voting will go on for 24 hours.
> >
> > Cheers,
> >
> > -Steve
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message