Vote closed! The vote has passed successfully with 7 binding votes!
PMC Votes : Andrew Grieve Joe Bowser Brian LeRoux Jesse MacFadyen Archana Naik James Jong Lisa Seacat DeLuca Thanks all for voting! I will be publishing the blog post + release zip + cli shortly! Cheers, -Steve On Thu, Feb 20, 2014 at 7:30 AM, sebb <seb...@gmail.com> wrote: > On 20 February 2014 14:47, Andrew Grieve <agri...@chromium.org> wrote: > > SCM == ? > > Source Code / Software Configuration Management > > > Do you mean the git tags? > > All of the repositories are tagged with the version number of the > release. > > So, "3.4.0" is the tag. > > OK, so where are the repos then please? > Also, if the tag is not immutable, it would help to have the hash. > > > > > On Thu, Feb 20, 2014 at 9:02 AM, sebb <seb...@gmail.com> wrote: > > > >> On 18 February 2014 23:26, Steven Gill <stevengil...@gmail.com> wrote: > >> > Please review and vote on the Cordova 3.4.0 release. > >> > > >> > You can find the sample release at http://people.apache.org/~steven/ > >> > >> At the risk of being flamed, I am concerned that the VOTE mail does > >> not include a link to the SCM tag. > >> > >> Why is this important? > >> > >> The ASF releases source files which come with a LICENSE (and NOTICE). > >> It is vital that the release only contains files that are permitted to > >> be distributed, and we aren't accidentally including files that should > >> not be distributed. > >> > >> Equally, it is important that the source release is not missing any > >> required files. > >> > >> The only practical way to check all the files is to compare the source > >> archive against the tag(s) it is supposed to contain. > >> > >> In theory, an automated build process will ensure that the archive > >> only contains files from the tag, and does not omit any require files. > >> However, in practice, the archives are built from workspaces that > >> contain other files (e.g. compilation output). > >> I know of at least two projects which used standard automated > >> procedures (Maven), yet their source releases contained files that > >> should not have been released. > >> > >> Should there be a complaint, it's important that the PMC can show that > >> due diligence was done in checking the source archive contents. > >> This will be easier to prove if the VOTE thread contains details of > >> the SCM tags from which the archive was built. > >> > >> The SCM repo provides traceability of provenance. > >> > >> So please can someone provide the SCM tag(s) that were used to create > >> the source release? > >> > >> > Voting will go on for 24 hours. > >> > > >> > Cheers, > >> > > >> > -Steve > >> >
