On Fri, 17 Feb 2023 at 20:27, Antonio <[email protected]> wrote: > I have voted using the template, I think we should rephrase it somewhow. > It's too verbose to clearly understand.
This I agree with, and as mentioned above it's interesting to compare with the OpenOffice votes where we took a lead on the form - https://lists.apache.org/thread/kt1jwt6zzzc5koq3pgyvgd8qm8gx6omh The form was mainly just added to the end of the existing voting email we have used for a long time. That's been getting longer and longer! Although it does cover (and has always covered) what you need to do in the section above the form, including a checklist of steps for the sources. I think we should possibly extract the instructions into a wiki page we can link to anyway, and keep the email and response form short? > Maybe next time we want to clarify what are mandatory actions (should I > check signatures of the main thing being voted on? Any others?) and > optional ones. Requirements for PMC (binding) votes and community ones are somewhat different. At least every PMC member voting should have read the ASF release policy linked in the email at least once - https://www.apache.org/legal/release-policy.html#management Building and testing the sources, along with checking the signatures of the sources, and ensuring the voter is happy with compliance on ASF release rules (notice, license, no binary, etc.) is mandatory for a binding vote. Any PMC member vote without ticking that off will be treated as non-binding. >From the above policy "Before voting +1 PMC members are required to download the signed source code package, compile it as provided, and test the resulting executable on their own platform, along with also verifying that the package meets the requirements of the ASF policy on releases." We'd really appreciate community voters doing similar, but will still count non-binding votes that don't - eg. just checking binaries. For binaries, a PMC member ticking off one of those sections should have checked signatures, done some check of functionality, and made sure they're confident the binary is derived from the main source artefact. Again, from the above policy - "Note that the PMC is responsible for all artifacts in their distribution directory, which is a subdirectory of downloads.apache.org ; and all artifacts placed in their directory must be signed by a committer, preferably by a PMC member. It is also necessary for the PMC to ensure that the source package is sufficient to build any binary artifacts associated with the release." Again, community voters checking binaries need not include all of those steps. Best wishes, Neil --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
