www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Continuous release review
Date Mon, 02 Jun 2014 09:17:14 GMT
Le 02/06/2014 10:34, Bertrand Delacretaz a écrit :
> Hi,
> Jukka's two examples of how projects can manage releases, quoted
> below, are excellent examples of why it doesn't make sense to force
> the same *process* on all projects.

IMO, r-t-c and c-t-r process are different. I'm not sure that Jukka is
accurate when he writes that r-t-c type project will be validated
because each commit has been validated, unless each review is following
the same process that a release itself (ie, voting a commit would be
like voting a release. Not sure it's the case).

That being said,
> What's needed is to agree on the *invariants* for releasing software
> at the ASF, something like:
> 0) The ASF releases source code
> 1) Each line of code is traceable, we know who committed it when
> 2) All code (and additional files like NOTICE etc.) is reviewed to
> comply with the ASF's legal requirements
> 3) Release packages are signed in a way that allows users to check
> their integrity
4) the source package must be compiled locally, produces the same
output, and has to be tested.
5) I do think it's important to verify that we can pull the source from
the repo and produce the same result too.
> 4) The PMC votes to make the release an act of the foundation
> 5) All PMC members are given a fair chance to take part in release votes
> I might be missing a few things but those are the main points -
> agreeing on such a list and making it a hard requirement is what we
> need, the details of how each PMC implements it are not a foundation's
> concern.
I wish it is the case. That also means that if the ASF provides the
tooling - and the machines - to run this process, instead of expecting
people to set it up on their own machine, granted they *will* check the
output of the process, then a vote can be casted safely.

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message