On 18 February 2014 23:26, Steven Gill <stevengil...@gmail.com> wrote: > Please review and vote on the Cordova 3.4.0 release. > > You can find the sample release at http://people.apache.org/~steven/
At the risk of being flamed, I am concerned that the VOTE mail does not include a link to the SCM tag. Why is this important? The ASF releases source files which come with a LICENSE (and NOTICE). It is vital that the release only contains files that are permitted to be distributed, and we aren't accidentally including files that should not be distributed. Equally, it is important that the source release is not missing any required files. The only practical way to check all the files is to compare the source archive against the tag(s) it is supposed to contain. In theory, an automated build process will ensure that the archive only contains files from the tag, and does not omit any require files. However, in practice, the archives are built from workspaces that contain other files (e.g. compilation output). I know of at least two projects which used standard automated procedures (Maven), yet their source releases contained files that should not have been released. Should there be a complaint, it's important that the PMC can show that due diligence was done in checking the source archive contents. This will be easier to prove if the VOTE thread contains details of the SCM tags from which the archive was built. The SCM repo provides traceability of provenance. So please can someone provide the SCM tag(s) that were used to create the source release? > Voting will go on for 24 hours. > > Cheers, > > -Steve
