mxnet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Weimer <mar...@weimo.de>
Subject Re: July 2017 Release
Date Thu, 13 Jul 2017 16:47:54 GMT
Hi,

thanks for sharing the plans! Is there a specific reason to skip the
SHA hashes? Much of the integrity of Apache releases stems from having
those SHAs in as many inboxes as possible, after all.

Thanks,

Markus

On Tue, Jul 11, 2017 at 4:07 PM, Ly Nguyen <nguyenlyx@gmail.com> wrote:
> @mentors, we would like to hold a RC vote and release on Monday July 17th.
>
>    - Are there any blockers (i.e., licenses)?
>    - Can you validate the proposal below?
>
>
> *PROPOSAL FOR JULY RELASE (version?):*
> *Start voting THIS week. Release on Monday July 17th.*
>
>    1. Create signing keys
>       1. SKIP web of trust linking and upload to public keyserver this time
>    2. Create RC in
>    https://dist.apache.org/repos/dist/dev/incubator/podlingName
>       1. Currently missing a DISCLAIMER file - do we need that?
>       2. SKIP creating SHA checksum this time
>    3. Start a vote on dev@ list
>    4. svn mv RC to the release location
>
>
>
>
> *NOTES FROM DOCS FOR REFERENCE:*
> http://incubator.apache.org/guides/releasemanagement.html
>
>    - 3 +1 votes from IPMC members (these are the votes that count but we
>    should open up to the whole podling community)
>    - For podlings, 2 additional constraints:
>       - Release artifacts must include “incubating” in final file name (ex:
>       apache-mxnet-src-0.10.1-incubating.tar.gz)
>       - Release artifacts must include disclaimer in the release artifacts
>
>
>    - The Incubator PMC expects the source releases to be staged on
>    https://dist.apache.org/repos/dist/dev/incubator/podlingName so that
>    they can easily be moved to the release location via svn mv   (
>    http://www.apache.org/dist/incubator/)
>    - After graduating, RC’s go into https://dist.apache.org/repos/dist/dev/
>    and official releases go into https://dist.apache.org/repos/dist/release/
>
>
> http://incubator.apache.org/guides/branding.html#disclaimers
>
>    - Apache Press Team [http://www.apache.org/press/index.html#whoweare]
>    must review and coordinate releases for branding
>    - On website and in release DISCLAIMER file:
>    - Apache Podling-Name is an effort undergoing incubation at The Apache
>       Software Foundation (ASF), sponsored by the name of Apache TLP sponsor.
>       Incubation is required of all newly accepted projects until a further
>       review indicates that the infrastructure, communications, and decision
>       making process have stabilized in a manner consistent with other
> successful
>       ASF projects. While incubation status is not necessarily a reflection of
>       the completeness or stability of the code, it does indicate that the
>       project has yet to be fully endorsed by the ASF.
>       - Website should include Apache Incubator logo:
>       http://incubator.apache.org/guides/press-kit.html
>
>
>    - Release should include:
>       - DISCLAIMER
>       - LICENSE
>       - NOTICE - attribution notices
>
>
> http://www.apache.org/legal/release-policy.html
>
>    - A release must contain source package which is cryptographically
>    signed by Release Manager with detached signature. It must be tested prior
>    to voting for release.
>    - Release must only contain appropriately licensed code
>    - Please ensure you wait >=24 hours after uploading a release before
>    making announcements so mirrors catch up
>    - Releases of more than 1GB of artifacts require a heads-up to
>    Infrastructure in advance.
>    - Which directory for what build?
>    http://www.apache.org/legal/release-policy.html#build-directories
>
>
> http://www.apache.org/dev/release-distribution.html
>
>    - Artifacts MUST be accompanied by:
>       - apache-mxnet-src-0.10.1-incubating.asc - contains OpenPGP
>       compatible ASCII armored detached signature
>       - apache-mxnet-src-0.10.1-incubating.md5 - MD5 checksum
>       - apache-mxnet-src-0.10.1-incubating.sha - SHA checksum (SHOULD)
>    - Publish KEYS file in distribution directory root
>       - Signing keys MUST be published in KEYS file, SHOULD be available in
>       global public keyserver
>       http://www.apache.org/dev/release-signing#keyserver, SHOULD be linked
>       into web of trust
>       - Keys MUST be RSA & 4096 bits
>
>
> http://www.apache.org/dev/release-publishing.html
>
>    - Apache RAT can assist in checking license compliance
>    http://creadur.apache.org/rat/
>    - Eventually we should set up a build system to sign our releases with
>    cryptographic signatures. For now we’ll do it manually.
>
>
> http://www.apache.org/dev/release-signing.html
>
>    - Create a signature and sign releases as mentioned above

Mime
View raw message