>> >> I have now read the threads that are referring to, and have not found >> a single link to any ASF rule stating that we need to include these >> things in a VOTE thread. > > So how do you propose that reviewers check the provenance of the files > in the source release?
Are you looking for files that are in a distribution that didn't come from source control? Everything else as far as provenance goes is covered. Errant content is a potential problem, but everything in a distribution should come from source control which no one has access to until they have a signed CLA on file. Thanks, Jason ---------------------------------------------------------- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl ---------------------------------------------------------
