On 27 March 2013 20:33, Simone Tripodi <simonetrip...@apache.org> wrote: >> >> No, sorry, it's just not as safe. >> >> I'd rather a file be missing from the release than have a release with >> a spurious file that could contain anything. > > The only risk we have ATM is that the RM includes Idea's or Netbean's > dedicated files -
IDE files are the most likely to be found, but those can be easily excluded. The problem is another file which could come from anywhere. > and produced archives are reviewed and voted, so if > they contain a spurious file that contains whatever potentially > dangerous - not just technically, but also under a legal PoV - vote is > cancelled. That assumes reviewers compare the tag with the releases - does anyone apart from me do that? >> Once released, it cannot be unreleased. Whereas a missing file means > at worst doing a point release. > > but that could be applied to other logic as well, the RM can > potentially forget to include some required file - or not? Yes, but reviewers are likely to notice a missing NOTICE or LICENSE file. And unless the N&L files are renamed or removed from the assembly descriptor, if one build is OK, future builds will be OK. The same is not true of the unexpected file that can appear in a release. Besides, as I already wrote, one can do a new point release if a file is missing. One cannot remove a file from a release. It's just not worth the risk. > http://people.apache.org/~simonetripodi/ > http://simonetripodi.livejournal.com/ > http://twitter.com/simonetripodi > http://www.99soft.org/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
