Right. We're voting on the specific tarball. We're saying "this is something the ASF can stand behind".
If Olemis took the tarball contents and manually installed it and/or reviewed it in detail, then that's good enough. The auto-install script doesn't have to work for it to be releasable. As I've mentioned before, there can be lots of bugs; those will just get fixed in future releases. I'm going to be reviewing the contents, rather than the operation. I don't care if it works. I just want to be sure the licensing and notices are right, and that the tarball doesn't have trojans or other malware in there. I'll also check the md5 (tho not set up to check the sig right now). Should be done in an hour or so... Cheers, -g On Wed, Aug 1, 2012 at 9:32 PM, Gary Martin <[email protected]> wrote: > Thanks for the response Olemis. > > The advice from Greg might have been interpreted to mean that all voters > should be checking the release carefully before voting. This seems helpful > as any input into whether the release is fit is better if it is informed by > some level of checking. > > I don't have a definitive answer although it would seem sensible for the > Bloodhound PPMC to take particular note of Greg's advice. > > Cheers, > Gary > > > > On 02/08/12 01:57, Olemis Lang wrote: >> >> On 8/1/12, Gary Martin <[email protected]> wrote: >>> >>> On 30/07/12 12:48, Joachim Dreimann wrote: >>>> >>>> Just for the record, I have downloaded reviewed the files to my >>>> technical >>>> ability. >>>> >>>> +1 for the release from me. >>>> >> I second that . The only thing I can mention is that even if manual >> installation procedure works for me , on the other hand all the >> attempts I made so as to install it from tarball in a Jenkins build >> job have failed . This is mainly because : >> >> 1. I'm not a proficient Jenkins user ... >> 2. it seems there's an issue with virtualenv somewhere and ... >> 3. I've not been able to dedicate any time to this task after the >> few initial experiments >> >> That's obviously not a reason to stop release tarball from being >> released , so ... >> >> +1 for release >> >>> The following is a short description of how to verify that the package >>> is signed: >>> >> [...] >> >> ... and all these checks , well I've not tried them yet . Should I ? >> >
