I think it's fundamental that VOTE emails contain the following information, as well as the links to the archives/jars:
SVN tag + the revision number ====================== This is vital to be able to check the provenance of the files in the source archive. The PMC is responsible for the quality of the source and to ensure that source is available under the correct license. This is obviously impossible to do for each file in a release, but files in SVN are effectively pre-approved. So if every file in the source matches the file in SVN, the PMC can be sure that no unauthorised files have been accidentally added. The check can also reveal files that are missing from the source archive. The revision number is required because SVN does not guarantee that tags are immutable. Using the tag+revision means that a reviewer can guarantee that they are using the correct source. Different reviewers are likely to focus on different aspects of the release. But it must be possible for any reviewer to make any checks that they wish to do. Also it's important that the vote results are recorded with the relevant information included, so it is clear exactly what the vote related to. Link to KEYS file ============ I know it will always be the same, but it makes it easier for others to check sigs It also shows that the KEYS are important. These are two additional lines to add each VOTE email and can easily be added to a template so they are not forgotten.
