dave2wave commented on issue #440: URL: https://github.com/apache/tooling-trusted-releases/issues/440#issuecomment-3679334344
This one really needs to have existing releases in the system in order to properly consider history. We should start by being able to create a full check report in a way like @alitheg is creating for SBOMs. Ideally the check report is combined with the vote check instructions presenting a unified view of ASF Release Policy requirements with Project specific requirements. Issues like excludes issues on RAT where the RM has exercised discretion are noted and a +1 vote should include agreeing to that choice. 1. Check results report is connected to the vote email and vote page as a structured check list. 2. The check list will include which checks a vote should manually check themselves. There should be direct links to how to check. 3. Later we can add a variance report which can add additional judgement calls. Like dependency changes to license, version, and vulnerabilities. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
