cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: [Vote] Cordova 3.4.0 release
Date Thu, 20 Feb 2014 14:02:34 GMT
On 18 February 2014 23:26, Steven Gill <stevengill97@gmail.com> wrote:
> Please review and vote on the Cordova 3.4.0 release.
>
> You can find the sample release at http://people.apache.org/~steven/

At the risk of being flamed, I am concerned that the VOTE mail does
not include a link to the SCM tag.

Why is this important?

The ASF releases source files which come with a LICENSE (and NOTICE).
It is vital that the release only contains files that are permitted to
be distributed, and we aren't accidentally including files that should
not be distributed.

Equally, it is important that the source release is not missing any
required files.

The only practical way to check all the files is to compare the source
archive against the tag(s) it is supposed to contain.

In theory, an automated build process will ensure that the archive
only contains files from the tag, and does not omit any require files.
However, in practice, the archives are built from workspaces that
contain other files (e.g. compilation output).
I know of at least two projects which used standard automated
procedures (Maven), yet their source releases contained files that
should not have been released.

Should there be a complaint, it's important that the PMC can show that
due diligence was done in checking the source archive contents.
This will be easier to prove if the VOTE thread contains details of
the SCM tags from which the archive was built.

The SCM repo provides traceability of provenance.

So please can someone provide the SCM tag(s) that were used to create
the source release?

> Voting will go on for 24 hours.
>
> Cheers,
>
> -Steve

Mime
View raw message