Re: [I] Allow multiple release candidates for a release (tooling-trusted-release)

Mon, 16 Jun 2025 08:31:01 -0700 


dave2wave commented on issue #171:
URL: 
https://github.com/apache/tooling-trusted-release/issues/171#issuecomment-2976979159

   1. There is something to be said about having an attestation about the 
released artifacts. While a new addition to the process, we can make it part of 
our process. I think that this can become part of the Release Policy, but that 
would need a clear proposal and discussion on legal-discuss@a.o
   2. PMC's must be able to remove both released and unreleased Releases 
without requiring Admin action. These are normal life cycle events.
   3. If there is some PII or other emergency, we already have the ability to 
administratively delete releases. All such requests go through the VP, Privacy 
and must not be directly actionable by a random user. PMCs should also be able 
to act in their own interest in these situations. FWIW when an inadvertent GPL 
test file is found the answer is NOT to delete the release, it is to remove the 
file and make a new release in due course.
   4. I would be in favor of the following changes.
      - Add an explicit RC field separate from the version. Changing this value 
should create a blank revision. This would happen after a failed vote. At that 
time the Release Manager could decide to simple discard the whole candidate.
      - The vote email has a thread id. Is this suitable for an UUID which we 
carry forward?
      - The RC field or a UUID should part of the path for finding the VOTE 
artifacts and the RC field in the email subject.
   
   If we take the above approach then we can recommend that artifacts be 
created with the appropriate names.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org
For additional commands, e-mail: dev-h...@tooling.apache.org

Reply via email to