cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Mocny <mmo...@chromium.org>
Subject Re: [Vote] Cordova 3.4.0 release
Date Thu, 20 Feb 2014 18:59:48 GMT
So I was a bit curious to try this myself, so I ran:

> coho --repo cadence repo-clone
> coho --repo cadence foreach "git remote -v"
> coho --repo cadence foreach "git show-ref 3.4.0"

It seems that cordova-cli is included in the cadence release, but hasn't
been tagged passed rc.2 yet?

(also, cordova-firefoxos has had no tags from 3.4.0 at all)

Sebb, I think thats the best way to know whats in the release, is to use
our cordova-coho tool (which help manage all the repos and tag releases
automatically).

-Michal


On Thu, Feb 20, 2014 at 1:16 PM, Joe Bowser <bowserj@gmail.com> wrote:

> Seriously, you can't find that yourself? You clearly know nothing
> about this project.
>
> On Thu, Feb 20, 2014 at 7:30 AM, sebb <sebbaz@gmail.com> wrote:
> > On 20 February 2014 14:47, Andrew Grieve <agrieve@chromium.org> wrote:
> >> SCM == ?
> >
> > Source Code / Software Configuration   Management
> >
> >> Do you mean the git tags?
> >> All of the repositories are tagged with the version number of the
> release.
> >> So, "3.4.0" is the tag.
> >
> > OK, so where are the repos then please?
> > Also, if the tag is not immutable, it would help to have the hash.
> >
> >>
> >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <sebbaz@gmail.com> wrote:
> >>
> >>> On 18 February 2014 23:26, Steven Gill <stevengill97@gmail.com> wrote:
> >>> > Please review and vote on the Cordova 3.4.0 release.
> >>> >
> >>> > You can find the sample release at http://people.apache.org/~steven/
> >>>
> >>> At the risk of being flamed, I am concerned that the VOTE mail does
> >>> not include a link to the SCM tag.
> >>>
> >>> Why is this important?
> >>>
> >>> The ASF releases source files which come with a LICENSE (and NOTICE).
> >>> It is vital that the release only contains files that are permitted to
> >>> be distributed, and we aren't accidentally including files that should
> >>> not be distributed.
> >>>
> >>> Equally, it is important that the source release is not missing any
> >>> required files.
> >>>
> >>> The only practical way to check all the files is to compare the source
> >>> archive against the tag(s) it is supposed to contain.
> >>>
> >>> In theory, an automated build process will ensure that the archive
> >>> only contains files from the tag, and does not omit any require files.
> >>> However, in practice, the archives are built from workspaces that
> >>> contain other files (e.g. compilation output).
> >>> I know of at least two projects which used standard automated
> >>> procedures (Maven), yet their source releases contained files that
> >>> should not have been released.
> >>>
> >>> Should there be a complaint, it's important that the PMC can show that
> >>> due diligence was done in checking the source archive contents.
> >>> This will be easier to prove if the VOTE thread contains details of
> >>> the SCM tags from which the archive was built.
> >>>
> >>> The SCM repo provides traceability of provenance.
> >>>
> >>> So please can someone provide the SCM tag(s) that were used to create
> >>> the source release?
> >>>
> >>> > Voting will go on for 24 hours.
> >>> >
> >>> > Cheers,
> >>> >
> >>> > -Steve
> >>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message