On 16/09/14 17:13 , sebb wrote:
On 16 September 2014 15:15, Oleg Kalnichevski <[email protected]> wrote:
On Tue, 2014-09-09 at 14:22 +0200, Oleg Kalnichevski wrote:
Sebastian et al
I would like to cut HC 4.4b1 releases soon.
Could you please find a few minutes to review the latest snapshots with
regards to legal compliance?
This would also be the right time to discuss and if necessary revise our
release process.
IMO the release vote e-mail must include everything needed to perform
a check of the tarballs.
It should be possible for an outsider to perform the audit directly
from the provided info.
This means links to KEYS,
What should be considered the master copy of KEYS file?
source repo tag (with unique id), link to
Clirr and Rat report.
Where should these reports be stored?
Also it should be possible to trace the provenance of the published
tarballs back to the vote e-mail.
This means that it should be possible to compare a published tarball
against the one in the vote e-mail.
The e-mail can contain hashes of the tarballs.
This can be done.
Oleg
If the RC tarballs are published via the dist/dev repo, then the URL
and revision should be enough to identify them.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
