SCM == ? Do you mean the git tags? All of the repositories are tagged with the version number of the release. So, "3.4.0" is the tag.
On Thu, Feb 20, 2014 at 9:02 AM, sebb <seb...@gmail.com> wrote: > On 18 February 2014 23:26, Steven Gill <stevengil...@gmail.com> wrote: > > Please review and vote on the Cordova 3.4.0 release. > > > > You can find the sample release at http://people.apache.org/~steven/ > > At the risk of being flamed, I am concerned that the VOTE mail does > not include a link to the SCM tag. > > Why is this important? > > The ASF releases source files which come with a LICENSE (and NOTICE). > It is vital that the release only contains files that are permitted to > be distributed, and we aren't accidentally including files that should > not be distributed. > > Equally, it is important that the source release is not missing any > required files. > > The only practical way to check all the files is to compare the source > archive against the tag(s) it is supposed to contain. > > In theory, an automated build process will ensure that the archive > only contains files from the tag, and does not omit any require files. > However, in practice, the archives are built from workspaces that > contain other files (e.g. compilation output). > I know of at least two projects which used standard automated > procedures (Maven), yet their source releases contained files that > should not have been released. > > Should there be a complaint, it's important that the PMC can show that > due diligence was done in checking the source archive contents. > This will be easier to prove if the VOTE thread contains details of > the SCM tags from which the archive was built. > > The SCM repo provides traceability of provenance. > > So please can someone provide the SCM tag(s) that were used to create > the source release? > > > Voting will go on for 24 hours. > > > > Cheers, > > > > -Steve >
