www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Connolly <stephen.alan.conno...@gmail.com>
Subject Re: Continuous release review
Date Mon, 02 Jun 2014 11:41:30 GMT
On Monday, 2 June 2014, Jim Jagielski <jim@jagunet.com> wrote:

> On Jun 2, 2014, at 4:34 AM, Bertrand Delacretaz <bdelacretaz@apache.org
> <javascript:;>> wrote:
> > 4) The PMC votes to make the release an act of the foundation
> > 5) All PMC members are given a fair chance to take part in release votes
> >
> These 2 are the only ones which, it appears, are
> the current topic of discussion. For #5 is issue seems
> to be the reasoning behind the 72 hour rule.
> #4 is the "main" issue, as I see it. And it appears that
> I must be making myself especially unclear or else
> my position is being (deliberately) misinterpreted.

Well you were the one, IIRC, that said PMC members must/should (not sure
which but definitely not could) "download, build and test"...

If you are advocating that individual PMC members do what they see fit as
long as:

1. Their voting +1 is not a foregone conclusion before they start doing
what they do.
2. If they do vote +1 they are happy and comfortable so doing

Then that sounds like a radically different position from: must download,
build and test.

> First of all, there is/was an argument that a successful
> artifact out of a CI was a de-facto "approved release" by
> a PMC (basically, that there is/was no need for people
> to vote on it, since the CI system could do a better
> job than anyone)... I *hope* that this is now no longer
> believed nor something that anyone considers valid.
> I think we all (now) know that we (the ASF) require
> the 3 +1 votes on a release.

I know I never had any doubts on that one.

There is a second point: you cannot veto a release... So effectively once
you have 3 +1's the release manager *can* release anyway... Yes that
alienates the community... Yes it's not the apache way... Yes I would slap
any release manager in the maven project if they were repeatedly doing that
without good reason (a good reason I can think of I a zero-day security

> Now I think where we might be having some trouble
> understanding each other is "what does a vote entail."
> For me, a vote is not simply a "rubber stamping" of
> an artifact/release ("Hey, it passed the CI, good
> enough for me. +1"). After all, if it's just a
> rubber stamp then it could be argued "why vote at
> all? It's just unnecessary process"...
> Recall again that one way in which a PMC knows it's
> in trouble related to its health is when it finds
> itself un-able to find 3 PMC members to vote +1
> on a release. Now this concern *only* makes sense,
> and has validity, when it is assumed that the +1
> votes are not rubber stamps as well.
> So the lynchpin in all this is that the vote are
> personal actions by PMC members; they are conscious
> and direct actions. One way that this is done in
> by the voter doing their own "QA test" on the release
> artifact. Now my QA testing will not be the same
> as yours, and I am not specifying any "requirements"
> of that testing other than "it should not be a
> rubber stamp.". Whatever it takes for someone to
> feel comfortable voting +1 is sufficient.
> My point is that automatically rubber stamping anything
> with a +1 is dangerous, and bypasses and "ignores" the
> social aspect (and social health check of doing a release)
> that forms a basis of how the ASF produces (and releases)
> s/w.
> I hope this clears some things up.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> <javascript:;>
> For additional commands, e-mail: legal-discuss-help@apache.org
> <javascript:;>

Sent from my phone

View raw message