cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bowser <bows...@gmail.com>
Subject Re: [Vote] Cordova 3.4.0 release
Date Thu, 20 Feb 2014 19:28:52 GMT
On Thu, Feb 20, 2014 at 11:16 AM, Brian LeRoux <b@brian.io> wrote:
> we should start a thread about coho. it kind of grew into a tool that I'm
> fairly certain only the googlers use and aligning our flows would be a good
> thing.

We're pretty much forced to use it to tag now, whether we like it or not.

>
>
> On Thu, Feb 20, 2014 at 11:06 AM, Michal Mocny <mmocny@chromium.org> wrote:
>
>> (I was wrong about firefoxos, its just cli thats missing the tag)
>>
>>
>> On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b@brian.io> wrote:
>>
>> > C'mon Joe, its our job to help him. You can take the high road and then
>> > Sebb can start affording us the same courtesy.
>> >
>> >
>> > On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bowserj@gmail.com> wrote:
>> >
>> > > Seriously, you can't find that yourself? You clearly know nothing
>> > > about this project.
>> > >
>> > > On Thu, Feb 20, 2014 at 7:30 AM, sebb <sebbaz@gmail.com> wrote:
>> > > > On 20 February 2014 14:47, Andrew Grieve <agrieve@chromium.org>
>> wrote:
>> > > >> SCM == ?
>> > > >
>> > > > Source Code / Software Configuration   Management
>> > > >
>> > > >> Do you mean the git tags?
>> > > >> All of the repositories are tagged with the version number of
the
>> > > release.
>> > > >> So, "3.4.0" is the tag.
>> > > >
>> > > > OK, so where are the repos then please?
>> > > > Also, if the tag is not immutable, it would help to have the hash.
>> > > >
>> > > >>
>> > > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <sebbaz@gmail.com>
wrote:
>> > > >>
>> > > >>> On 18 February 2014 23:26, Steven Gill <stevengill97@gmail.com>
>> > wrote:
>> > > >>> > Please review and vote on the Cordova 3.4.0 release.
>> > > >>> >
>> > > >>> > You can find the sample release at
>> > http://people.apache.org/~steven/
>> > > >>>
>> > > >>> At the risk of being flamed, I am concerned that the VOTE
mail does
>> > > >>> not include a link to the SCM tag.
>> > > >>>
>> > > >>> Why is this important?
>> > > >>>
>> > > >>> The ASF releases source files which come with a LICENSE (and
>> NOTICE).
>> > > >>> It is vital that the release only contains files that are
permitted
>> > to
>> > > >>> be distributed, and we aren't accidentally including files
that
>> > should
>> > > >>> not be distributed.
>> > > >>>
>> > > >>> Equally, it is important that the source release is not missing
any
>> > > >>> required files.
>> > > >>>
>> > > >>> The only practical way to check all the files is to compare
the
>> > source
>> > > >>> archive against the tag(s) it is supposed to contain.
>> > > >>>
>> > > >>> In theory, an automated build process will ensure that the
archive
>> > > >>> only contains files from the tag, and does not omit any require
>> > files.
>> > > >>> However, in practice, the archives are built from workspaces
that
>> > > >>> contain other files (e.g. compilation output).
>> > > >>> I know of at least two projects which used standard automated
>> > > >>> procedures (Maven), yet their source releases contained files
that
>> > > >>> should not have been released.
>> > > >>>
>> > > >>> Should there be a complaint, it's important that the PMC can
show
>> > that
>> > > >>> due diligence was done in checking the source archive contents.
>> > > >>> This will be easier to prove if the VOTE thread contains details
of
>> > > >>> the SCM tags from which the archive was built.
>> > > >>>
>> > > >>> The SCM repo provides traceability of provenance.
>> > > >>>
>> > > >>> So please can someone provide the SCM tag(s) that were used
to
>> create
>> > > >>> the source release?
>> > > >>>
>> > > >>> > Voting will go on for 24 hours.
>> > > >>> >
>> > > >>> > Cheers,
>> > > >>> >
>> > > >>> > -Steve
>> > > >>>
>> > >
>> >
>>

Mime
View raw message