Sebb, is this sufficient? Or do we want a list of git hash's? http://git-wip-us.apache.org/repos/asf?p=cordova-android.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-ios.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-blackberry.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-windows.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-wp8.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-firefoxos.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-ubuntu.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-amazon-fireos.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-js.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-mobile-spec.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-app-hello-world.git;a=shortlog;h=refs/tags/3.4.0 http://git-wip-us.apache.org/repos/asf?p=cordova-docs.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-cli.git;a=shortlog;h=refs/tags/3.4.0-0.1.0 On Thu, Feb 20, 2014 at 2:28 PM, Joe Bowser <bows...@gmail.com> wrote: > On Thu, Feb 20, 2014 at 11:16 AM, Brian LeRoux <b...@brian.io> wrote: > > we should start a thread about coho. it kind of grew into a tool that I'm > > fairly certain only the googlers use and aligning our flows would be a > good > > thing. > > We're pretty much forced to use it to tag now, whether we like it or not. > > > > > > > On Thu, Feb 20, 2014 at 11:06 AM, Michal Mocny <mmo...@chromium.org> > wrote: > > > >> (I was wrong about firefoxos, its just cli thats missing the tag) > >> > >> > >> On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b...@brian.io> wrote: > >> > >> > C'mon Joe, its our job to help him. You can take the high road and > then > >> > Sebb can start affording us the same courtesy. > >> > > >> > > >> > On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bows...@gmail.com> > wrote: > >> > > >> > > Seriously, you can't find that yourself? You clearly know nothing > >> > > about this project. > >> > > > >> > > On Thu, Feb 20, 2014 at 7:30 AM, sebb <seb...@gmail.com> wrote: > >> > > > On 20 February 2014 14:47, Andrew Grieve <agri...@chromium.org> > >> wrote: > >> > > >> SCM == ? > >> > > > > >> > > > Source Code / Software Configuration Management > >> > > > > >> > > >> Do you mean the git tags? > >> > > >> All of the repositories are tagged with the version number of the > >> > > release. > >> > > >> So, "3.4.0" is the tag. > >> > > > > >> > > > OK, so where are the repos then please? > >> > > > Also, if the tag is not immutable, it would help to have the hash. > >> > > > > >> > > >> > >> > > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <seb...@gmail.com> wrote: > >> > > >> > >> > > >>> On 18 February 2014 23:26, Steven Gill <stevengil...@gmail.com> > >> > wrote: > >> > > >>> > Please review and vote on the Cordova 3.4.0 release. > >> > > >>> > > >> > > >>> > You can find the sample release at > >> > http://people.apache.org/~steven/ > >> > > >>> > >> > > >>> At the risk of being flamed, I am concerned that the VOTE mail > does > >> > > >>> not include a link to the SCM tag. > >> > > >>> > >> > > >>> Why is this important? > >> > > >>> > >> > > >>> The ASF releases source files which come with a LICENSE (and > >> NOTICE). > >> > > >>> It is vital that the release only contains files that are > permitted > >> > to > >> > > >>> be distributed, and we aren't accidentally including files that > >> > should > >> > > >>> not be distributed. > >> > > >>> > >> > > >>> Equally, it is important that the source release is not missing > any > >> > > >>> required files. > >> > > >>> > >> > > >>> The only practical way to check all the files is to compare the > >> > source > >> > > >>> archive against the tag(s) it is supposed to contain. > >> > > >>> > >> > > >>> In theory, an automated build process will ensure that the > archive > >> > > >>> only contains files from the tag, and does not omit any require > >> > files. > >> > > >>> However, in practice, the archives are built from workspaces > that > >> > > >>> contain other files (e.g. compilation output). > >> > > >>> I know of at least two projects which used standard automated > >> > > >>> procedures (Maven), yet their source releases contained files > that > >> > > >>> should not have been released. > >> > > >>> > >> > > >>> Should there be a complaint, it's important that the PMC can > show > >> > that > >> > > >>> due diligence was done in checking the source archive contents. > >> > > >>> This will be easier to prove if the VOTE thread contains > details of > >> > > >>> the SCM tags from which the archive was built. > >> > > >>> > >> > > >>> The SCM repo provides traceability of provenance. > >> > > >>> > >> > > >>> So please can someone provide the SCM tag(s) that were used to > >> create > >> > > >>> the source release? > >> > > >>> > >> > > >>> > Voting will go on for 24 hours. > >> > > >>> > > >> > > >>> > Cheers, > >> > > >>> > > >> > > >>> > -Steve > >> > > >>> > >> > > > >> > > >> >
