cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian LeRoux...@brian.io>
Subject Re: [Vote] Cordova 3.4.0 release
Date Thu, 20 Feb 2014 18:58:21 GMT
C'mon Joe, its our job to help him. You can take the high road and then
Sebb can start affording us the same courtesy.


On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bowserj@gmail.com> wrote:

> Seriously, you can't find that yourself? You clearly know nothing
> about this project.
>
> On Thu, Feb 20, 2014 at 7:30 AM, sebb <sebbaz@gmail.com> wrote:
> > On 20 February 2014 14:47, Andrew Grieve <agrieve@chromium.org> wrote:
> >> SCM == ?
> >
> > Source Code / Software Configuration   Management
> >
> >> Do you mean the git tags?
> >> All of the repositories are tagged with the version number of the
> release.
> >> So, "3.4.0" is the tag.
> >
> > OK, so where are the repos then please?
> > Also, if the tag is not immutable, it would help to have the hash.
> >
> >>
> >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <sebbaz@gmail.com> wrote:
> >>
> >>> On 18 February 2014 23:26, Steven Gill <stevengill97@gmail.com> wrote:
> >>> > Please review and vote on the Cordova 3.4.0 release.
> >>> >
> >>> > You can find the sample release at http://people.apache.org/~steven/
> >>>
> >>> At the risk of being flamed, I am concerned that the VOTE mail does
> >>> not include a link to the SCM tag.
> >>>
> >>> Why is this important?
> >>>
> >>> The ASF releases source files which come with a LICENSE (and NOTICE).
> >>> It is vital that the release only contains files that are permitted to
> >>> be distributed, and we aren't accidentally including files that should
> >>> not be distributed.
> >>>
> >>> Equally, it is important that the source release is not missing any
> >>> required files.
> >>>
> >>> The only practical way to check all the files is to compare the source
> >>> archive against the tag(s) it is supposed to contain.
> >>>
> >>> In theory, an automated build process will ensure that the archive
> >>> only contains files from the tag, and does not omit any require files.
> >>> However, in practice, the archives are built from workspaces that
> >>> contain other files (e.g. compilation output).
> >>> I know of at least two projects which used standard automated
> >>> procedures (Maven), yet their source releases contained files that
> >>> should not have been released.
> >>>
> >>> Should there be a complaint, it's important that the PMC can show that
> >>> due diligence was done in checking the source archive contents.
> >>> This will be easier to prove if the VOTE thread contains details of
> >>> the SCM tags from which the archive was built.
> >>>
> >>> The SCM repo provides traceability of provenance.
> >>>
> >>> So please can someone provide the SCM tag(s) that were used to create
> >>> the source release?
> >>>
> >>> > Voting will go on for 24 hours.
> >>> >
> >>> > Cheers,
> >>> >
> >>> > -Steve
> >>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message