cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steven Gill <stevengil...@gmail.com>
Subject Re: [Vote] Cordova 3.4.0 release
Date Thu, 20 Feb 2014 18:14:35 GMT
Vote closed!

The vote has passed successfully with 7 binding votes!

PMC Votes :
Andrew Grieve
Joe Bowser
Brian LeRoux
Jesse MacFadyen
Archana Naik
James Jong
Lisa Seacat DeLuca

Thanks all for voting!

I will be publishing the blog post + release zip + cli shortly!

Cheers,
-Steve



On Thu, Feb 20, 2014 at 7:30 AM, sebb <sebbaz@gmail.com> wrote:

> On 20 February 2014 14:47, Andrew Grieve <agrieve@chromium.org> wrote:
> > SCM == ?
>
> Source Code / Software Configuration   Management
>
> > Do you mean the git tags?
> > All of the repositories are tagged with the version number of the
> release.
> > So, "3.4.0" is the tag.
>
> OK, so where are the repos then please?
> Also, if the tag is not immutable, it would help to have the hash.
>
> >
> > On Thu, Feb 20, 2014 at 9:02 AM, sebb <sebbaz@gmail.com> wrote:
> >
> >> On 18 February 2014 23:26, Steven Gill <stevengill97@gmail.com> wrote:
> >> > Please review and vote on the Cordova 3.4.0 release.
> >> >
> >> > You can find the sample release at http://people.apache.org/~steven/
> >>
> >> At the risk of being flamed, I am concerned that the VOTE mail does
> >> not include a link to the SCM tag.
> >>
> >> Why is this important?
> >>
> >> The ASF releases source files which come with a LICENSE (and NOTICE).
> >> It is vital that the release only contains files that are permitted to
> >> be distributed, and we aren't accidentally including files that should
> >> not be distributed.
> >>
> >> Equally, it is important that the source release is not missing any
> >> required files.
> >>
> >> The only practical way to check all the files is to compare the source
> >> archive against the tag(s) it is supposed to contain.
> >>
> >> In theory, an automated build process will ensure that the archive
> >> only contains files from the tag, and does not omit any require files.
> >> However, in practice, the archives are built from workspaces that
> >> contain other files (e.g. compilation output).
> >> I know of at least two projects which used standard automated
> >> procedures (Maven), yet their source releases contained files that
> >> should not have been released.
> >>
> >> Should there be a complaint, it's important that the PMC can show that
> >> due diligence was done in checking the source archive contents.
> >> This will be easier to prove if the VOTE thread contains details of
> >> the SCM tags from which the archive was built.
> >>
> >> The SCM repo provides traceability of provenance.
> >>
> >> So please can someone provide the SCM tag(s) that were used to create
> >> the source release?
> >>
> >> > Voting will go on for 24 hours.
> >> >
> >> > Cheers,
> >> >
> >> > -Steve
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message