Author: luke1410 Date: Thu Jul 5 21:13:36 2018 New Revision: 1835191 URL: http://svn.apache.org/viewvc?rev=1835191&view=rev Log: * docs/community-guide/releasing.part.html (#tarball-signing): Relax the signing restrictions per the dev-list discussion - https://mail-archives.apache.org/mod_mbox/subversion-dev/201806.mbox/%3C20180624062057.GH79457%40ted.stsp.name%3E
Modified: subversion/site/publish/docs/community-guide/releasing.part.html Modified: subversion/site/publish/docs/community-guide/releasing.part.html URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/community-guide/releasing.part.html?rev=1835191&r1=1835190&r2=1835191&view=diff ============================================================================== --- subversion/site/publish/docs/community-guide/releasing.part.html (original) +++ subversion/site/publish/docs/community-guide/releasing.part.html Thu Jul 5 21:13:36 2018 @@ -975,22 +975,19 @@ in the same directory as the tarballs.</ <p>Before a release is officially made public, it must receive three +1 votes from members of the Subversion PMC. In addition, as a matter of project -policy (<span class="notice">being revisited: see -<a href="https://mail-archives.apache.org/mod_mbox/subversion-dev/201708.mbox/%3C20170812173507.a37xm5lujkdo7jw3%40tarpaulin.shahaf.local2%3E" ->dev@ thread</a></span>), -we require testing and signatures from at least three PMC members on +policy, we require testing and signatures from at least three PMC members on <em>each</em> of the major platforms we support: Windows and *nix. -For -alpha and -beta releases, we still require at least one +1 vote on each -major platform we support, but waive the requirement for three signers on each platform. (The requirement for at least three signers in total remains.) -Members of the PMC, -as well as enthusiastic community members are encourages to download the -tarballs from the preliminary distribution location, run the tests, and then -provide their signatures. The public keys for these signatures should be -included in the ASF LDAP instance through +Members of the PMC, as well as enthusiastic community members are encourages to +download the tarballs from the preliminary distribution location, run the +tests, and then provide their signatures. The public keys for these signatures +should be included in the ASF LDAP instance through <a href="https://id.apache.org/">id.apache.org</a>. (A list of the <a href="https://people.apache.org/keys/group/subversion-pmc.asc">current public keys</a> for members of the Subversion PMC is autogenerated from LDAP -each day.)</p> +each day.) +The release manager is encouraged to wait at least 5 days for the signatures +before rolling the release to allow anybody (planning to) test(ing) the release +to complete signing the release before it's being rolled.</p> <p>Signing a tarball means that you assert certain things about it. When announcing your signature, indicate in the mail what steps you've taken to