On Monday, 2 June 2014, Jim Jagielski <jim@jagunet.com> wrote:

On Jun 2, 2014, at 4:34 AM, Bertrand Delacretaz <bdelacretaz@apache.org> wrote:
> 4) The PMC votes to make the release an act of the foundation
> 5) All PMC members are given a fair chance to take part in release votes
>

These 2 are the only ones which, it appears, are
the current topic of discussion. For #5 is issue seems
to be the reasoning behind the 72 hour rule.

#4 is the "main" issue, as I see it. And it appears that
I must be making myself especially unclear or else
my position is being (deliberately) misinterpreted.

Well you were the one, IIRC, that said PMC members must/should (not sure which but definitely not could) "download, build and test"...

If you are advocating that individual PMC members do what they see fit as long as:

1. Their voting +1 is not a foregone conclusion before they start doing what they do.
2. If they do vote +1 they are happy and comfortable so doing

Then that sounds like a radically different position from: must download, build and test.
 

First of all, there is/was an argument that a successful
artifact out of a CI was a de-facto "approved release" by
a PMC (basically, that there is/was no need for people
to vote on it, since the CI system could do a better
job than anyone)... I *hope* that this is now no longer
believed nor something that anyone considers valid.
I think we all (now) know that we (the ASF) require
the 3 +1 votes on a release.

I know I never had any doubts on that one. 

There is a second point: you cannot veto a release... So effectively once you have 3 +1's the release manager *can* release anyway... Yes that alienates the community... Yes it's not the apache way... Yes I would slap any release manager in the maven project if they were repeatedly doing that without good reason (a good reason I can think of I a zero-day security issue)
 

Now I think where we might be having some trouble
understanding each other is "what does a vote entail."
For me, a vote is not simply a "rubber stamping" of
an artifact/release ("Hey, it passed the CI, good
enough for me. +1"). After all, if it's just a
rubber stamp then it could be argued "why vote at
all? It's just unnecessary process"...

Recall again that one way in which a PMC knows it's
in trouble related to its health is when it finds
itself un-able to find 3 PMC members to vote +1
on a release. Now this concern *only* makes sense,
and has validity, when it is assumed that the +1
votes are not rubber stamps as well.

So the lynchpin in all this is that the vote are
personal actions by PMC members; they are conscious
and direct actions. One way that this is done in
by the voter doing their own "QA test" on the release
artifact. Now my QA testing will not be the same
as yours, and I am not specifying any "requirements"
of that testing other than "it should not be a
rubber stamp.". Whatever it takes for someone to
feel comfortable voting +1 is sufficient.

My point is that automatically rubber stamping anything
with a +1 is dangerous, and bypasses and "ignores" the
social aspect (and social health check of doing a release)
that forms a basis of how the ASF produces (and releases)
s/w.

I hope this clears some things up.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org



--
Sent from my phone