Suggestion: The DISCLAIMER references a detached copy of the DISCLAIMER at
dist.a.o/releases/incubator/project and that detached copy is the one that gets
updated with late breaking stuff.
Re-rolling required re-GPG-signing, new hashes, etc.
-Alex
On 7/3/19, 2:08 PM, "Daniel Shahaf" <d...@daniel.shahaf.name> wrote:
Dave Fisher wrote on Wed, 03 Jul 2019 12:16 -0700:
> This only works for issues known before a release is cut. It does NOT
> WORK if the issue is discovered during the release vote. Why? Because we
> are trying to allow the release to go through without redoing it and
> this would require reworking the release.
>
> I would rather do it outside of the release. Policing the actual
> DISCLAIMER is not easily feasible and decreases the burden.
I recommend to put the information in DISCLAIMER. Yes, that means bugs
in DISCLAIMER require re-rolling, but:
1. Bugs in DISCLAIMER should be found before the first artifact is
rolled. It's simply an audit and it can be done directly on the
source tree in version control.
2. Re-rolling shouldn't be an expensive step that should be avoided. It
should be "Edit DISCLAIMER, commit, run script to roll" followed by
everyone diffing the old artifact to the new one and re-casting their
votes based on the work they already did to review the old artifact.
(And yes, it's still some effort, about which, see #1.)
3. Artifacts should state their exact license terms — accurately,
completely, and (de facto standard) in-band.
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
