I disagree that the revision is required. I know that the RM is going to recreate the tag with each release candidate. Therefore, so long as I refetch that tag for every release vote I can be confident that I am reviewing the release contents.
Ralph On Jun 25, 2013, at 9:52 AM, sebb wrote: > The mission of the ASF is to release software as source, and to ensure > that the released source is available under the Apache Licence. > > Before a release can be approved it must be voted on by the PMC. > The review process needs to establish that the proposed source release > meets those aims. > > It's all but impossible for reviewers to examine every single file in > a source archive to determine if it meets the criteria. > And it's not unknown for spurious files to creep into a release > (perhaps from a stale workspace - are releases always built from a > fresh checkout of the tag?) > > However, PMCs are also required to check what is added to the SCM > (SVN/Git) to make sure it meets the required license criteria. > This is done on an ongoing basis as part of reviewing check-ins and > accepting new contributions. > So provided that all the files in the source release are also present > in SCM, the PMC can be reasonably sure that the source release meets > the ASF criteria. > > Without having the SCM as a database of validated files, there are far > too many files in the average source archive to check individually. > And how would one check their provenance? The obvious way is to > compare them with the entries in SCM. > > Therefore, I contend that a release vote does not make sense without > the SCM tag. > In the case of SVN, since tags are not immutable, the vote e-mail also > needs the revision. > > Whether every reviewer actually checks the source archive against SCM > is another matter. > But if the required SCM information is not present, it would be > difficult to argue that the RM had provided sufficient information for > a valid review to take place. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
