On Tue, 2014-09-16 at 22:42 +0100, sebb wrote: > On 16 September 2014 20:12, Oleg Kalnichevski <[email protected]> wrote: > > On 16/09/14 17:13 , sebb wrote: > >> > >> On 16 September 2014 15:15, Oleg Kalnichevski <[email protected]> wrote: > >>> > >>> On Tue, 2014-09-09 at 14:22 +0200, Oleg Kalnichevski wrote: > >>>> > >>>> Sebastian et al > >>>> > >>>> I would like to cut HC 4.4b1 releases soon. > >>>> > >>>> Could you please find a few minutes to review the latest snapshots with > >>>> regards to legal compliance? > >>>> > >>>> This would also be the right time to discuss and if necessary revise our > >>>> release process. > >>>> > >> > >> IMO the release vote e-mail must include everything needed to perform > >> a check of the tarballs. > >> It should be possible for an outsider to perform the audit directly > >> from the provided info. > >> This means links to KEYS, > > > > > > What should be considered the master copy of KEYS file? > > I would choose the one that is published to downloaders, i.e. from > www.apache.org/dist >
OK. Will do. > > source repo tag (with unique id), link to > >> > >> Clirr and Rat report. > >> > > > > Where should these reports be stored? > > Does not matter so long as they are accessible. > Could be your personal people login. > > I don't think these need to be kept after the vote finishes, but they > are necessary for the audit. > I added RAT plugin to HttpCore and will add to all other projects. You are welcome to extend the release tools to generate and upload those reports automatically and as well as add links to those reports to the vote email template. > >> Also it should be possible to trace the provenance of the published > >> tarballs back to the vote e-mail. > >> This means that it should be possible to compare a published tarball > >> against the one in the vote e-mail. > >> The e-mail can contain hashes of the tarballs. > > Will do that. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
