On Sun, Feb 23, 2025 at 9:25 PM PJ Fanning <fannin...@apache.org> wrote:
> Apache Pekko is the only project that I am aware of that produces RC > jars (jars with RC in the version numbering) and then creates a 2nd > set of jars after the release vote passes. Most projects create jars > that have the prospective release number and just release them when > the vote passes. This takes up extra release manager effort, extra > review effort and leads to a longer release cycle. > I agree it would be good to make the release process more lightweight. > The only benefit as far as I can see of having the 2 stage jar build > is that people reviewing the jars might forget to clear the caches on > their machines. I think an additional advantage is that, this way, we don't stage RM-signed 'release' jars that have not actually been voted on yet. > I still don't think this is worth the extra release complication at this > point. > > Does anyone have any opinions on this? I would like to try out the > change to the process in the upcoming pekko-projection release. > I think it would be reasonable to align with other ASF projects on this (i.e. already stage the 'release' jars during the voting phase). We should take this feedback to the Apache Trusted Release Platform team ( https://github.com/apache/tooling-docs/blob/main/README.md#apache-trusted-release-platform-atr) to make sure it's on their radar. I can take care of that. If they find an attractive solution then we can migrate to that when it materializes. Kind regards, -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant
