On 12 August 2013 20:10, Jason van Zyl <ja...@tesla.io> wrote: > >>> >>> I have now read the threads that are referring to, and have not found >>> a single link to any ASF rule stating that we need to include these >>> things in a VOTE thread. >> >> So how do you propose that reviewers check the provenance of the files >> in the source release? > > Are you looking for files that are in a distribution that didn't come from > source control? Everything else as far as provenance goes is covered. Errant > content is a potential problem, but everything in a distribution should come > from source control which no one has access to until they have a signed CLA > on file.
Yes. That is where the whole saga started. Proving provenance is why the SCM coordinates are needed for the vote. The SCM details may also be useful to discover files accidentally omitted from the source archive. > Thanks, > > Jason > > ---------------------------------------------------------- > Jason van Zyl > Founder, Apache Maven > http://twitter.com/jvanzyl > --------------------------------------------------------- > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
