Hi, Asking for 3+1 binding is very near to a vote. I would prefer voting to have something formal to every bits that go to dist or repository. I did not see a major difference full-on vote and 3+1 requirement. Maybe the 72h hour delay ? I feel better to wait the 72h that allow PMC with different time constraint to check. I hope that for next round 11.2 maven artefacts can be part of conveniences for no more bothering for this particular case.
Regards Eric -----Message d'origine----- De : Neil C Smith <[email protected]> Envoyé : mardi 23 juillet 2019 11:00 À : dev <[email protected]> Objet : Convenience binary policy? Hi All, OK, starting a discussion thread, as we seem to have two quite different threads ongoing about installers and Maven artefacts for 11.1, and I'd quite like to see the completion of the binaries aspect of the release! The release vote was on the sources. Some binaries were linked from that vote thread, and were checked by some, but are not strictly part of that process. And it's likely in future we'll have convenience binaries made after a release vote for a variety of reasons. We don't need to have a vote on convenience binaries (from an ASF point of view, as far as I'm aware). Eric made the point that "Not voting means we can put binaries/artefacts without control of PMC I find this path dangerous." I personally agree that some oversight across the PMC is a good idea, although I don't think it requires a full-on vote. We need to have a process that ensures we meet our PMC obligations at http://www.apache.org/legal/release-policy.html#what-must-every-release-contain "Note that the PMC is responsible for all artifacts in their distribution directory, which is a subdirectory of www.apache.org/dist/ ; and all artifacts placed in their directory must be signed by a committer, preferably by a PMC member. It is also necessary for the PMC to ensure that the source package is sufficient to build any binary artifacts associated with the release." In one respect, I think that anyone that is trusted to be on the PMC should be trusted to act correctly on behalf of the PMC! However, a little extra oversight might not be a bad thing, which is why I'd suggested beforehand to Reema to start a thread about the installers to get 3 +1s from other PMC members to verify keys, checksums, locations, functionality. It's quicker and less formal than a vote, but does involve at least 4 PMC members, which feels like oversight enough personally. So, thoughts? Do we do this, or do we let any PMC member just get on with binary releases, or do we require a full on vote? There's also probably a separate question around clarifying requirements on externally distributed convenience binaries and use of the Apache NetBeans name too. Thanks and best wishes, Neil --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
