Maybe it should be a 'lazy consensus' thread instead of a vote? Or would that be too weak. I agree asking for 3+1 binding is very near to a vote -- but maybe that's appropriate?
Gj On Tue, Jul 23, 2019 at 2:06 PM Eric Barboni <[email protected]> wrote: > Hi, > Asking for 3+1 binding is very near to a vote. > > I would prefer voting to have something formal to every bits that go to > dist or repository. > I did not see a major difference full-on vote and 3+1 requirement. Maybe > the 72h hour delay ? > I feel better to wait the 72h that allow PMC with different time > constraint to check. > > I hope that for next round 11.2 maven artefacts can be part of > conveniences for no more bothering for this particular case. > > Regards > Eric > > -----Message d'origine----- > De : Neil C Smith <[email protected]> > Envoyé : mardi 23 juillet 2019 11:00 > À : dev <[email protected]> > Objet : Convenience binary policy? > > Hi All, > > OK, starting a discussion thread, as we seem to have two quite different > threads ongoing about installers and Maven artefacts for 11.1, and I'd > quite like to see the completion of the binaries aspect of the release! > > The release vote was on the sources. Some binaries were linked from that > vote thread, and were checked by some, but are not strictly part of that > process. And it's likely in future we'll have convenience binaries made > after a release vote for a variety of reasons. We don't need to have a > vote on convenience binaries (from an ASF point of view, as far as I'm > aware). > > Eric made the point that "Not voting means we can put binaries/artefacts > without control of PMC I find this path dangerous." > I personally agree that some oversight across the PMC is a good idea, > although I don't think it requires a full-on vote. > > We need to have a process that ensures we meet our PMC obligations at > http://www.apache.org/legal/release-policy.html#what-must-every-release-contain > > "Note that the PMC is responsible for all artifacts in their distribution > directory, which is a subdirectory of www.apache.org/dist/ ; and all > artifacts placed in their directory must be signed by a committer, > preferably by a PMC member. It is also necessary for the PMC to ensure that > the source package is sufficient to build any binary artifacts associated > with the release." > > In one respect, I think that anyone that is trusted to be on the PMC > should be trusted to act correctly on behalf of the PMC! However, a little > extra oversight might not be a bad thing, which is why I'd suggested > beforehand to Reema to start a thread about the installers to get 3 +1s > from other PMC members to verify keys, checksums, locations, > functionality. It's quicker and less formal than a vote, but does involve > at least 4 PMC members, which feels like oversight enough personally. > > So, thoughts? Do we do this, or do we let any PMC member just get on with > binary releases, or do we require a full on vote? > > There's also probably a separate question around clarifying requirements > on externally distributed convenience binaries and use of the Apache > NetBeans name too. > > Thanks and best wishes, > > Neil > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > For further information about the NetBeans mailing lists, visit: > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > For further information about the NetBeans mailing lists, visit: > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists > > > >
