jclouds-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Bayer <andrew.ba...@gmail.com>
Subject Re: [VOTE] Release Apache jclouds 1.6.1-incubating, RC2
Date Sat, 01 Jun 2013 17:56:07 GMT
Good point - mea culpa on the lazy consensus. I got overly optimistic there, and had gotten
mixed messages in the past on the necessity/significance of the PPMC vote.

Let's turn this thread (on the dev list) into the PPMC vote thread - same deadline of 5pm
PDT on Monday, if that's ok with everyone. And definitely do follow David's advice on vetting
the release candidate.

A.

On Jun 1, 2013, at 6:41 AM, David Nalley <david@gnsa.us> wrote:

> On Fri, May 31, 2013 at 7:17 PM, Andrew Bayer <andrew.bayer@gmail.com> wrote:
>> FYI, you don't need to vote this time - I'm taking it as written that we
>> all approved, since there were no -1s earlier.
>> 
>> A.
>> 
> 
> 
> So from a legal standpoint you need explicit PMC votes on explicit
> tarballs. No such thing as lazy consensus for a release. Admittedly
> this is a release of the incubator, and thus you need three IPMC
> votes, but you are supposedly doing this as if this were a TLP
> release, and if the PPMC isn't satisfied, the IPMC will almost
> certainly not be.
> 
> Also - for PPMC folks voting - the IPMC generally prefers to know how
> you personally vetted the release artifacts. (admittedly it's a bit
> like showing your work on a math problem) So please include those
> details in your vote. Presumably the software is in good shape or we
> wouldn't be performing a release.  Did you verify the checksums, the
> GPG signatures? Are you sure that's really Andrew's key, and if so,
> how? Did you run RAT against the release artifacts? Have you done
> additional IP audit? Did you compare the commit hash of the tag with
> the release tarball? Once you become a PMC, you'll be responsible for
> complying with ASF policy and legal requirements around a release - we
> already assume you are capable of releasing good software from a
> technical perspective - so the concern is around ensuring that you are
> performing due diligence to comply with the obligations that go along
> with releases.
> 
> --David

Mime
View raw message