Return-Path: X-Original-To: apmail-incubator-general-archive@www.apache.org Delivered-To: apmail-incubator-general-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1A9E09623 for ; Sat, 20 Dec 2014 12:07:47 +0000 (UTC) Received: (qmail 25854 invoked by uid 500); 20 Dec 2014 12:07:46 -0000 Delivered-To: apmail-incubator-general-archive@incubator.apache.org Received: (qmail 25654 invoked by uid 500); 20 Dec 2014 12:07:46 -0000 Mailing-List: contact general-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@incubator.apache.org Delivered-To: mailing list general@incubator.apache.org Received: (qmail 25643 invoked by uid 99); 20 Dec 2014 12:07:46 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 20 Dec 2014 12:07:46 +0000 Received: from mail-lb0-f170.google.com (mail-lb0-f170.google.com [209.85.217.170]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 04F481A0233 for ; Sat, 20 Dec 2014 12:07:44 +0000 (UTC) Received: by mail-lb0-f170.google.com with SMTP id 10so2061526lbg.15 for ; Sat, 20 Dec 2014 04:07:40 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.153.4.44 with SMTP id cb12mr3511657lad.30.1419077260344; Sat, 20 Dec 2014 04:07:40 -0800 (PST) Received: by 10.25.90.130 with HTTP; Sat, 20 Dec 2014 04:07:40 -0800 (PST) In-Reply-To: References: <54948916.9090204@apache.org> Date: Sat, 20 Dec 2014 13:07:40 +0100 Message-ID: Subject: Re: Votes for git repos - commit id vs tag From: Bertrand Delacretaz To: Incubator General Content-Type: text/plain; charset=UTF-8 On Sat, Dec 20, 2014 at 7:16 AM, Niclas Hedhman wrote: > ...Releases are the tarball(s) prepared by the release manager, not a pointer > into the source control system.... Agreed. I also agree with Brane about the pointer into source code control system being useful for PMC members to check that the released code is what they expect, but as you say long-term it's only the signed release tarball that matters. > ...So, to make this clear to the community, I would discourage to publish the > commit ID in the vote request, and only provide the URL link to the > tarball(s).... The way we work in Sling is that the tarball's name points to a well-known svn tag URL. This matches your idea of having the commit ID or equivalent somewhere else, but easily accessible. I like that. OTOH I also like to include the tarball archive's digest (sha1 or equivalent) in the archived vote thread as that's a long term (*) guarantee that what you got is what was voted on. -Bertrand (*) As long as the digest algorithm is not broken, that is. --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org For additional commands, e-mail: general-help@incubator.apache.org