Good point - mea culpa on the lazy consensus. I got overly optimistic there, and had gotten mixed messages in the past on the necessity/significance of the PPMC vote.
Let's turn this thread (on the dev list) into the PPMC vote thread - same deadline of 5pm PDT on Monday, if that's ok with everyone. And definitely do follow David's advice on vetting the release candidate. A. On Jun 1, 2013, at 6:41 AM, David Nalley <[email protected]> wrote: > On Fri, May 31, 2013 at 7:17 PM, Andrew Bayer <[email protected]> wrote: >> FYI, you don't need to vote this time - I'm taking it as written that we >> all approved, since there were no -1s earlier. >> >> A. >> > > > So from a legal standpoint you need explicit PMC votes on explicit > tarballs. No such thing as lazy consensus for a release. Admittedly > this is a release of the incubator, and thus you need three IPMC > votes, but you are supposedly doing this as if this were a TLP > release, and if the PPMC isn't satisfied, the IPMC will almost > certainly not be. > > Also - for PPMC folks voting - the IPMC generally prefers to know how > you personally vetted the release artifacts. (admittedly it's a bit > like showing your work on a math problem) So please include those > details in your vote. Presumably the software is in good shape or we > wouldn't be performing a release. Did you verify the checksums, the > GPG signatures? Are you sure that's really Andrew's key, and if so, > how? Did you run RAT against the release artifacts? Have you done > additional IP audit? Did you compare the commit hash of the tag with > the release tarball? Once you become a PMC, you'll be responsible for > complying with ASF policy and legal requirements around a release - we > already assume you are capable of releasing good software from a > technical perspective - so the concern is around ensuring that you are > performing due diligence to comply with the obligations that go along > with releases. > > --David
