Hello Roman, On 11 Feb 2014, at 20:37 pm, Roman Shaposhnik <[email protected]> wrote:
> Apologies for the late reply -- I am fine with you guys forwarding the > vote to general@ No worries, Roman, thanks for getting back to us. > To put my comments in context, here's my only bit of feedback to you: > mentors are > volunteers. They are not being payed or otherwise incentivesed to > review releases > in cases where it is not immediately obvious how to do a certain bit of > release > verification. This is a bit of accommodation that you may consider useful to > get > votes quicker. On the other hand, like you mentioned in the case of > hashsums -- you > seem to be following some kind of documentation. The fact that to this > day, I don't know > of a tool that would let me automate that check doesn't mean other members > of the incubator community wouldn't be more creative. This was exactly the feedback I provided to the community: please provide some kind of script that allows everybody to quickly validate such hashsums. There is no need for everybody to validate them by hand, I totally agree there. Greetings, Marcel > The only way to find out is to try the vote and see what happens. > > Thanks, > Roman. > > On Tue, Feb 11, 2014 at 4:09 AM, Marcel Offermans > <[email protected]> wrote: >> I'm in favor for forwarding the vote, we need someone else to look at it, or >> Roman to answer to the responses given here. I tried pinging Roman last >> week. I think he must be very busy at the moment, so let's try to move ahead! >> >> Greetings, Marcel >> >> >> On 07 Feb 2014, at 9:52 am, Pepijn Noltes <[email protected]> wrote: >> >>> Hi All, >>> >>> I would like to propose to forward the release vote to the incubator >>> mailing list We got two +1 binding vote and -1 vote, so we are one binding >>> +1 short. >>> There is still some comments from Roman, but I think there is always some >>> room for improvement and again there is no -1 vote. >>> >>> I would like to known if any mentors see a problem with this approach. I >>> don't want to step on anybody's toes, but would like to push the release >>> forward. >>> >>> Greetings, >>> Pepijn >>> >>> >>> >>> >>> On Tue, Jan 28, 2014 at 8:08 PM, Pepijn Noltes >>> <[email protected]>wrote: >>> >>>> Hi Roman, >>>> >>>> Could you have a look at the comments of Alexander? I known I'm pushing a >>>> bit, but we are hoping to get the release ready :). >>>> >>>> >>>> On Fri, Jan 24, 2014 at 12:11 PM, Alexander Broekhuis < >>>> [email protected]> wrote: >>>> >>>>> Hi Roman, >>>>> >>>>> See my remarks inline below. I hope this gives you enough confidence to >>>>> sign this release off. >>>>> >>>>> 2014/1/24 Roman Shaposhnik <[email protected]> >>>>> >>>>>> I know that some of the items are nits, but if we are to >>>>>> re-cut an RC for Boost reasons -- I'd suggest we may >>>>>> as well take care of them >>>>>> >>>>> >>>>> The way I read [2], there is no need to add anything to the notice file at >>>>> all. All third party sources we use have a header with the respective >>>>> license information. At [2] it is even explicitly mentioned not to add >>>>> anything unless legally required. >>>>> >>>>> "Do not add anything to NOTICE which is not legally required." >>>>> >>>>> So I don't see a reason why a new release is needed for Boost. >>>>> >>>>>> >>>>>>> The checksum has been created with the command mentioned on the Apache >>>>>>> Signing Releases page [1]. I don't see what is wrong with this. >>>>>> >>>>>> There was an old discussion on that some time ago. Basically >>>>>> the problem boils down to a fact that I can't verify it with shasum(1) >>>>>> and thus can't sign off on it. >>>>>> >>>>> >>>>> This was indeed an old discussion, but there has never been reached a >>>>> consensus, and as stated before, I've explicitly used the method described >>>>> on the Apache pages, which uses the gpg tooling to verify a checksum. >>>>> Instead of using shasum, you can simply use gpg --print-md "filename". >>>>> >>>>> If all I do is follow the official Apache document then what am I doing >>>>> wrong? >>>>> >>>>> I've had some discussion with Marcel on this topic as well, and in some >>>>> other project where Marcel is involved, they use a script to compare the >>>>> checksums. A similar solution might be implemented for Celix as well, I >>>>> don't mind adding this to the backlog. >>>>> >>>>> >>>>>> >>>>>>>> * it would be nice to have version embedded into the name of the >>>>> top >>>>>>>> level dir inside of the tarball >>>>>>>> >>>>>>> >>>>>>> We have decided to leave it out since else there would always be an >>>>> issue >>>>>>> with the BUILDING instructions and the default directory. This was a >>>>>> remark >>>>>>> by someone on the first (0.0.1) release where we did have the version >>>>> in >>>>>>> the top-level directory. >>>>>> >>>>>> Hm. I'm just curious -- was there a thread on this one? >>>>>> >>>>> >>>>> This was a remark made by Marcel on our first release. See [3] for his >>>>> message/the release thread. >>>>> >>>>> >>>>> >>>>>> >>>>>>>> * boost license is missing in NOTICES >>>>>>>> >>>>>>> >>>>>>> Why should the boost license be in the NOTICES file? There have been a >>>>>> lot >>>>>>> of discussions on this file, and my understanding always has been that >>>>>> if a >>>>>>> license is in a header it is not needed to add it to the NOTICES file. >>>>>> >>>>>> I honestly don't recall this. Care to point a thread? >>>>>> >>>>> >>>>> I can't find the thread, but [2] gives a good explanation. >>>>> >>>>> >>>>>> >>>>>> Thanks, >>>>>> Roman. >>>>>> >>>>> >>>>> >>>>> [1]: http://www.apache.org/dev/release-signing#sha-checksum >>>>> [2]: http://www.apache.org/dev/licensing-howto.html#mod-notice >>>>> [3]: http://incubator.markmail.org/thread/ot7cwepmcusdblqs >>>>> >>>>> -- >>>>> Met vriendelijke groet, >>>>> >>>>> Alexander Broekhuis >>>>> >>>> >>>> >>
