jmalkin commented on issue #54: URL: https://github.com/apache/datasketches-python/issues/54#issuecomment-2523960070
@AlexanderSaydakov and I debated it and since we do include the wheels as part of what gets voted on and approved with the release, it feels like a process violation to have new wheels built from a different commit hash. Especially since the wheels aren't auto-pushed directly from the github action and transit through one of the developer's computer it seems good to ensure that the gpg signature and shasum can be matched against the release artifact. There's debate within the Apache community on how to streamline the release process, and I'm very much in favor of that. Being able to trigger deployments from workflows would be wonderful! But those discussions seem to be moving along very slowly. In the meantime, the process is designed both to protect the Apache organization but, equally importantly, to make it hard to rush out changes without proper review. The hope is to avoid an XZ Utils type situation where a rogue developer (or group) took over a critical utility. So I very much appreciate the intent and try to work within the confines of the release process even though there are times like this where it can be quite annoying. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
