Jinwoo Hwang created GEODE-10554:
------------------------------------
Summary: Research and Ensure Compliance with Apache Download
Announcement Guidelines
Key: GEODE-10554
URL: https://issues.apache.org/jira/browse/GEODE-10554
Project: Geode
Issue Type: Improvement
Reporter: Jinwoo Hwang
h1.
h2. Summary
Research and verify Apache Geode project announcements comply with updated
Apache Legal download link guidelines for the Announce mailing list
----
h2. Description
The Apache Marketing and Publicity team has communicated updated guidelines
from the Legal team concerning where to direct users to download project
software in announcement emails. Apache Geode needs to research current
practices and ensure all future announcements comply with these guidelines to:
# Maintain continuity for users
# Prepare for future automation from the Tooling team
# Avoid moderation delays or rejections on the Announce mailing list
h3. Background
Marketing and Publicity moderates announcement emails for the [Announce]
mailing list. The Legal team recently approved clarification to the language
concerning download links in announcements. Some announcements from projects
and podlings occasionally do not meet these guidelines.
h3. Official Guidelines
* Legal's page: [Apache Legal Download
Guidelines|https://www.apache.org/legal/release-policy.html]
* Infra's definition: [Apache Infrastructure Download
Guidelines|https://infra.apache.org/release-download-pages.html]
h3. Contact Points
* Marketing and Publicity team
----
h2. Objective
Ensure all Apache Geode release announcements and download instructions comply
with Apache Legal and Infrastructure guidelines.
----
h2. Scope of Work
h3. 1. Research Current Compliance Status
* Review Apache Legal's updated download guidelines
* Review Apache Infra's download page requirements
* Examine recent Apache Geode release announcements (past 12 months)
* Identify any non-compliant language or links
* Document current practices vs. required practices
h3. 2. Analyze Download Pages and Links
* Review current Apache Geode download page structure
* Verify download.cgi usage and implementation
* Check mirror selection mechanism compliance
* Verify backup download locations
* Ensure KEYS, signatures, and checksums are properly linked
h3. 3. Update Documentation and Templates
* Update release announcement email templates
* Update download page documentation
* Update release manager guide
* Create checklist for announcement compliance
* Document proper download link structure
h3. 4. Establish Compliance Process
* Define pre-announcement review process
* Create validation checklist for release managers
* Identify who reviews announcements before sending
* Establish contact protocol with Marketing and Publicity team
----
h2. Research Questions
h3. Legal and Policy Requirements
# What specific language is required for download links?
# Are direct links to mirrors allowed in announcements?
# Must all downloads go through download.cgi?
# What are the requirements for backup download locations?
# How should KEYS, signatures, and checksums be referenced?
h3. Technical Implementation
# Is our current download page structure compliant?
# Do we properly implement mirror selection?
# Are verification instructions compliant?
# Do we meet infrastructure automation requirements?
# What changes are needed for future tooling compatibility?
h3. Process and Templates
# What do compliant announcement templates look like?
# What language should be avoided in announcements?
# How do other Apache projects structure their announcements?
# What is the review process before sending to announce@?
# Who is responsible for compliance verification?
----
h2. Acceptance Criteria
h3. 1. Research Completed
* Legal guidelines reviewed and documented
* Infra guidelines reviewed and documented
* Current practices assessed against guidelines
* Gap analysis completed
* Compliance report created
h3. 2. Issues Identified
* List of non-compliant practices documented
* Specific language or links that need correction identified
* Risk assessment completed
* Priority ranking for remediation established
h3. 3. Remediation Plan Created
* Action items defined for compliance
* Download page updates specified (if needed)
* Template updates specified
* Process improvements documented
* Timeline for implementation established
h3. 4. Documentation Updated
* Release announcement templates updated
* Download page instructions verified/updated
* Release manager guide updated
* Compliance checklist created
* Review process documented
h3. 5. Stakeholder Communication
* Findings shared with PMC
* Compliance status reported to Marketing and Publicity
* Release managers notified of new requirements
* Contact established with Craig Russell (if needed for clarification)
----
h2. Key Guidelines to Verify
h3. Download Links
* Use of {{download.cgi}} for primary downloads
* Mirror selection mechanism properly implemented
* Backup download locations specified
* Archive links for older releases
h3. Verification Files
* KEYS file accessibility
* Signature (.asc) files availability
* Checksum (SHA512) files availability
* Verification instructions clarity
h3. Announcement Language
* Proper phrasing for download instructions
* Correct links to download pages
* Appropriate mirror language
* Verification guidance included
h3. Infrastructure Requirements
* Compliance with future automation needs
* Proper directory structure in dist/release
* Metadata files in correct format
* Tooling team compatibility
----
h2. Action Items
h3. Immediate (Week 1)
# Review Legal's page: [https://www.apache.org/legal/release-policy.html]
# Review Infra's page: [https://infra.apache.org/release-download-pages.html]
# Examine last 3 Apache Geode release announcements
# Compare current practices to requirements
h3. Short-term (Week 2-3)
# Document findings and gap analysis
# Contact Craig Russell if clarification needed
# Review other Apache projects' announcements as examples
# Draft compliance checklist
h3. Medium-term (Week 4-6)
# Update release announcement templates
# Update download page documentation
# Update release manager guide
# Create pre-announcement review process
h3. Long-term (Ongoing)
# Apply new process to next release
# Monitor for future guideline updates
# Share learnings with community
# Maintain compliance in all announcements
----
h2. Reference Examples
h3. Projects to Review
* Apache Kafka (large project with frequent releases)
* Apache Cassandra (similar infrastructure project)
* Apache Tomcat (mature project with established processes)
* Apache Maven (extensive download infrastructure)
h3. Documents to Check
* Recent [ANNOUNCE] emails from above projects
* Their download page structures
* Their release announcement templates
* Their release management documentation
----
h2. Risk Assessment
h3. Risks of Non-Compliance
* Announcement emails delayed or rejected by moderators
* User confusion about correct download locations
* Non-compliance with Apache Legal requirements
* Incompatibility with future tooling automation
* Reputational risk for Apache Geode project
h3. Mitigation
* Immediate research and remediation
* Clear documentation and templates
* Pre-announcement review process
* Regular compliance verification
* PMC oversight of announcements
----
h2. Related Links
h3. Apache Guidelines
* [Apache Legal Release
Policy|https://www.apache.org/legal/release-policy.html]
* [Apache Infra Download
Pages|https://infra.apache.org/release-download-pages.html]
* [Apache Release Distribution
Policy|https://infra.apache.org/release-distribution.html]
h3. Apache Geode Resources
* [Apache Geode Download Page|https://geode.apache.org/releases/]
* Apache Geode Release Manager Guide
* Apache Geode Announcement Templates
----
h2.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
