cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bowser <bows...@gmail.com>
Subject Re: [Vote] Cordova 3.4.0 release
Date Thu, 20 Feb 2014 18:16:55 GMT
Seriously, you can't find that yourself? You clearly know nothing
about this project.

On Thu, Feb 20, 2014 at 7:30 AM, sebb <sebbaz@gmail.com> wrote:
> On 20 February 2014 14:47, Andrew Grieve <agrieve@chromium.org> wrote:
>> SCM == ?
>
> Source Code / Software Configuration   Management
>
>> Do you mean the git tags?
>> All of the repositories are tagged with the version number of the release.
>> So, "3.4.0" is the tag.
>
> OK, so where are the repos then please?
> Also, if the tag is not immutable, it would help to have the hash.
>
>>
>> On Thu, Feb 20, 2014 at 9:02 AM, sebb <sebbaz@gmail.com> wrote:
>>
>>> On 18 February 2014 23:26, Steven Gill <stevengill97@gmail.com> wrote:
>>> > Please review and vote on the Cordova 3.4.0 release.
>>> >
>>> > You can find the sample release at http://people.apache.org/~steven/
>>>
>>> At the risk of being flamed, I am concerned that the VOTE mail does
>>> not include a link to the SCM tag.
>>>
>>> Why is this important?
>>>
>>> The ASF releases source files which come with a LICENSE (and NOTICE).
>>> It is vital that the release only contains files that are permitted to
>>> be distributed, and we aren't accidentally including files that should
>>> not be distributed.
>>>
>>> Equally, it is important that the source release is not missing any
>>> required files.
>>>
>>> The only practical way to check all the files is to compare the source
>>> archive against the tag(s) it is supposed to contain.
>>>
>>> In theory, an automated build process will ensure that the archive
>>> only contains files from the tag, and does not omit any require files.
>>> However, in practice, the archives are built from workspaces that
>>> contain other files (e.g. compilation output).
>>> I know of at least two projects which used standard automated
>>> procedures (Maven), yet their source releases contained files that
>>> should not have been released.
>>>
>>> Should there be a complaint, it's important that the PMC can show that
>>> due diligence was done in checking the source archive contents.
>>> This will be easier to prove if the VOTE thread contains details of
>>> the SCM tags from which the archive was built.
>>>
>>> The SCM repo provides traceability of provenance.
>>>
>>> So please can someone provide the SCM tag(s) that were used to create
>>> the source release?
>>>
>>> > Voting will go on for 24 hours.
>>> >
>>> > Cheers,
>>> >
>>> > -Steve
>>>

Mime
View raw message