> On 19 Aug 2015, at 4:04 am, Dennis E. Hamilton <dennis.hamil...@acm.org> > wrote: > > I did some digging into the release and release-review procedures and I > noticed that one practice is to place a KEYS file in the same folder as the > release candidates (and then the release folder) on the Apache site where the > candidates are stored. This would include at least the public key that can > be used to verify the .asc digital signature on the RC. > > I think that can be done now, even with [VOTE]ing in progress, because it is > not about the substance of the [VOTE].
I wish you had raised this during the discussion period, because we’ve already started on the vote, and what I (and possibly others, by I can only speak for myself) have based my vote on is am I happy with this *exact* release. I don’t agree with making changes or additions to the release artefacts (however small) once a vote has begun. If enough people consider the lack of a KEYS file to be a sufficiently major problem, then they are free to vote -1 and then we can make changes and start another [VOTE]. Keep in mind this is the very first release, we have plenty of opportunities to change thing in the second and subsequent releases. I’d be interested to see a link to the official policy which states that this is required; I haven’t been able to find any reference to it. I had a brief look through the release directories of other projects and found the file in some but not others. If it turns out it is officially required, well, we can fix it. I’m keen to get this release out and into IPMC’s hands for a vote, as it’s possible there may be other issues we need to fix. If this is the case, i’d prefer to get a list of them, and fix them all in one go, rather than aborting/restarting [VOTE]s after the discussion period as they are fixed one by one. — Dr Peter M. Kelly pmke...@apache.org PGP key: http://www.kellypmk.net/pgp-key <http://www.kellypmk.net/pgp-key> (fingerprint 5435 6718 59F0 DD1F BFA0 5E46 2523 BAA1 44AE 2966)
