Release Management

Leo Simons Mon, 16 Jan 2006 11:54:27 -0800

Release and build processes

Hi gang,


since I missed a lot of the initial talks, I'm writing this seperately. There
are a lot of "gotchas" related to release management. The ASF has historically
been real good at it and really lousy at creating a documented policy. Stuff
like

* There should be a documented and straightforward and automated way to
  re-generate any release or relase snapshot "n" years from now. All the
  artifacts for doing that should live in SVN. Eg we want to be able to do
  
    $ svn co http://.../tags/....
    $ cd ....
    $ sh release.sh
    $ wget http://www.apache.org/dist/harmony/..../.....tgz.sha1
    $ openssl dgst -sha1 -verify .....tgz.sha1 .....
    Verification OK
    $

  or get as close to something like that as possible.

* Releases should be properly GPG-signed, with SHA1 digest provided as well,
  etc etc.

There is documentation on release management somewhere on

  http://www.apache.org/dev/

(sorry, no network as I type). There are incubation rules pertaining to 
publishing releases and/or snapshots somewhere on

  http://incubator.apache.org/

I know I've previously written about this stuff to several mailing lists and
several wiki pages, IIRC by head something like

  http://wiki.apache.org/excalibur/ReleaseManagement

should still exist. (I think at some point about 20% of the files on
www.apache.org/dist/ where owned by me and I was the biggest policy-breaker
in terms of bad symlinks, messed up file permissions, missing GPG signatures
so I *had* to figure out some "right way" to do stuff...I still haven't fixed
all my problems there I believe...)

The thing I just want to stress right now...

**Do not take this stuff lightly.** Apache is one of the most trusted names in
the world when it comes to distributing large amounts of quality software and we
have a responsibility to keep up the standard. All contributors and committers
should take some time to review these links and all the technical details 
related to building and publishing releases. It might also be a good idea to
read eg  dev@httpd.apache.org and look at their commit logs and the like to get 
a feeling for what a "mature" release management process looks like here at the 
ASF. It  pays off bigtime to get a sound and solid release process in place  
ASAP. Eg the distro script for JCHEVM in etc/ is a good start.

Its a good idea to tackle doing a release process incrementally, so by all means
"just get started" and publish some of those snapshots. Just make sure we're
complying with all the relevant policies (URLs above). I wish I had
some time to commit to help out writing down some tips 'n tricks or better yet 
writing some scripts to help with this and getting a gump run going, but I 
don't 
think I have that time at the moment :-/.

Just some random rants, I'm sorry about not writing more clearly :-)

cheers,

Leo

Release Management

Reply via email to