In the past our release criteria was "get three Incubator PMC members to vote +1"
What is the standard now? Here are some questions to consider. Generally speaking, those adding new features to Roller have the responsibility to test and fix the features they're adding before we make a release. Once we've reached consensus that such testing is done, a release should be made and we start creating release candidates do we simply require three +1 votes from Roller committers to make the final release? Are you allowed to vote +1 if you have not downloaded, installed and at least done a quick sanity test (e.g. posting entries, trying a new feature or two) on the release files? I'm pretty sure the answer is no. When a new RC is released does that invalidate existing votes on the release? Not sure about this one. I guess it depends on the extent of the changes. When I'm doing a release I want at least one person other than me to sanity test the build. How do other Apache projects handle this? - Dave On 4/3/07, Anil Gangolli <[EMAIL PROTECTED]> wrote:
I downloaded the packages and verified all of the sigs. I installed from the tar.gz binary (only) from scratch without problem. I'm +1 on release if you're comfortable that the XSS issues prompting the new RC were resolved by the fixes. --a. ----- Original Message ----- From: "Dave" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, April 02, 2007 8:16 PM Subject: Re: VOTE: Release Apache Roller 3.1 RC7 fix release > Has anybody taken a look at RC7 yet? If not, please do! We need to > get this release out. Please download it and at least do some quick > sanity tests like posting and entry and making a comment. > > - Dave > > > > On 3/23/07, Dave <[EMAIL PROTECTED]> wrote: >> I incorporated the XSS fixes below into Roller 3.1, so now we have RC7 >> >> - WEB-INF/lib/roller-web.jar >> Now strips HTML from all incoming comment fields >> >> - WEB-INF/velocity/weblog.vm >> Now HTML-escapes all comment-form fields before display >> >> - WEB-INF/jsps/authoring/CommentManagement.jsp >> Now HTML-escapes all comment-form fields before display >> >> - WEB-INF/jsps/tiles/head.jsp >> Eliminated the "look" request parameter, which was for debugging only >> >> - roller-ui/widgets/date.jsp >> Now HTML-escapes value field of date widget >> >> >> RC change list is here: >> http://cwiki.apache.org/confluence/display/ROLLER/Testing+Roller+3.1 >> >> Release files are here: >> http://people.apache.org/~snoopdave/apache-roller-3.1/ >> >> Please download, do some sanity testing and vote. >> >> - Dave >> >
