On Fri, May 31, 2013 at 7:17 PM, Andrew Bayer <[email protected]> wrote: > FYI, you don't need to vote this time - I'm taking it as written that we > all approved, since there were no -1s earlier. > > A. >
So from a legal standpoint you need explicit PMC votes on explicit tarballs. No such thing as lazy consensus for a release. Admittedly this is a release of the incubator, and thus you need three IPMC votes, but you are supposedly doing this as if this were a TLP release, and if the PPMC isn't satisfied, the IPMC will almost certainly not be. Also - for PPMC folks voting - the IPMC generally prefers to know how you personally vetted the release artifacts. (admittedly it's a bit like showing your work on a math problem) So please include those details in your vote. Presumably the software is in good shape or we wouldn't be performing a release. Did you verify the checksums, the GPG signatures? Are you sure that's really Andrew's key, and if so, how? Did you run RAT against the release artifacts? Have you done additional IP audit? Did you compare the commit hash of the tag with the release tarball? Once you become a PMC, you'll be responsible for complying with ASF policy and legal requirements around a release - we already assume you are capable of releasing good software from a technical perspective - so the concern is around ensuring that you are performing due diligence to comply with the obligations that go along with releases. --David
