On Sun, 2014-06-29 at 19:07 +0100, sebb wrote: > On 29 June 2014 17:31, Oleg Kalnichevski <[email protected]> wrote: > > On Sun, 2014-06-29 at 17:22 +0100, sebb wrote: > >> On 29 June 2014 17:07, Oleg Kalnichevski <[email protected]> wrote: > > > > ... > > > >> >> > Ah, finally. So are website or any reports. > >> >> > >> >> The website is not really optional as far as consumers are concerned, > >> >> but is not generally subject to a release vote. > >> >> However there are still some rules (e.g. branding) which the site must > >> >> follow. > >> >> > >> >> The reports are not strictly needed for consumers, although the Clirr > >> >> one may be useful. > >> >> However, some of the are important for the purpose of the release vote. > >> >> > >> > > >> > So, they can be and should be built from source. > >> > >> As I wrote previously, RAT and Clirr are important parts of the > >> release vote process. > >> So yes of course the reviewers can and should run the checks themselves. > >> This applies to the RM as well. > >> > >> But I think it is important to document that these checks have been > >> done by providing the links in the release vote e-mail. > >> > > > > Links to what? > > The reports. >
What reports? Hosted where? > > As I said previously it is irrelevant what kind of reports are published > > by RM as there is no reliable way that they match the source. > > I already wrote, the reviewers can still run their own checks, as the RM must. > Including the reports in the RC VOTE shows that these items have been > considered. > As I already pointed out any content produced or referred by RM is irrelevant if it is not a part of source tarball. You simply insist on RM doing pointless and useless work. If a reviewer considers Clirr reports important for the vote he/she must generate them from source. ... > > And I do not see two issues here. I see one and only issue here which > > whether or not the source tarball being voted upon can be used to build > > binary artifacts meeting specific requirements. Binary artifacts built > > by RM are merely convenience. > > Yes, they are merely convenience, but as I already wrote, they are > distributions of software by the ASF. > And so are subject to rules on content and NOTICE and LICENSE etc. > > It is important that the binaries are subject to at least some scrutiny. > For example, suppose a product depends on an LGPL dependency (this is > allowed under some circumstances.) > However, the dependency must not be bundled with the binaries. > So it is important that the reviewers are able to check the contents > of the RC binaries. > > It does not really help if the reviewers check their own binaries, as > those are not the ones that are going to be distributed. > One might as well say that the reviewers should build their own source > bundle and vote on that, rather than voting on the artifacts that are > detailed in the RC vote. > As I already pointed out one should be checking the ability to produce binary artifacts that meet required criteria from source tarball being released rather than any particular binaries. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
