[
https://issues.apache.org/jira/browse/GEODE-10554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang reassigned GEODE-10554:
------------------------------------
Assignee: Jinwoo Hwang
> Research and Ensure Compliance with Apache Download Announcement Guidelines
> ---------------------------------------------------------------------------
>
> Key: GEODE-10554
> URL: https://issues.apache.org/jira/browse/GEODE-10554
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
>
> h1.
> h2. Summary
> Research and verify Apache Geode project announcements comply with updated
> Apache Legal download link guidelines for the Announce mailing list
> ----
>
> h2. Description
> The Apache Marketing and Publicity team has communicated updated guidelines
> from the Legal team concerning where to direct users to download project
> software in announcement emails. Apache Geode needs to research current
> practices and ensure all future announcements comply with these guidelines to:
> # Maintain continuity for users
> # Prepare for future automation from the Tooling team
> # Avoid moderation delays or rejections on the Announce mailing list
> h3. Background
> Marketing and Publicity moderates announcement emails for the [Announce]
> mailing list. The Legal team recently approved clarification to the language
> concerning download links in announcements. Some announcements from projects
> and podlings occasionally do not meet these guidelines.
> h3. Official Guidelines
> * Legal's page: [Apache Legal Download
> Guidelines|https://www.apache.org/legal/release-policy.html]
> * Infra's definition: [Apache Infrastructure Download
> Guidelines|https://infra.apache.org/release-download-pages.html]
> h3. Contact Points
> * Marketing and Publicity team
> ----
> h2. Objective
> Ensure all Apache Geode release announcements and download instructions
> comply with Apache Legal and Infrastructure guidelines.
> ----
> h2. Scope of Work
> h3. 1. Research Current Compliance Status
> * Review Apache Legal's updated download guidelines
> * Review Apache Infra's download page requirements
> * Examine recent Apache Geode release announcements (past 12 months)
> * Identify any non-compliant language or links
> * Document current practices vs. required practices
> h3. 2. Analyze Download Pages and Links
> * Review current Apache Geode download page structure
> * Verify download.cgi usage and implementation
> * Check mirror selection mechanism compliance
> * Verify backup download locations
> * Ensure KEYS, signatures, and checksums are properly linked
> h3. 3. Update Documentation and Templates
> * Update release announcement email templates
> * Update download page documentation
> * Update release manager guide
> * Create checklist for announcement compliance
> * Document proper download link structure
> h3. 4. Establish Compliance Process
> * Define pre-announcement review process
> * Create validation checklist for release managers
> * Identify who reviews announcements before sending
> * Establish contact protocol with Marketing and Publicity team
> ----
> h2. Research Questions
> h3. Legal and Policy Requirements
> # What specific language is required for download links?
> # Are direct links to mirrors allowed in announcements?
> # Must all downloads go through download.cgi?
> # What are the requirements for backup download locations?
> # How should KEYS, signatures, and checksums be referenced?
> h3. Technical Implementation
> # Is our current download page structure compliant?
> # Do we properly implement mirror selection?
> # Are verification instructions compliant?
> # Do we meet infrastructure automation requirements?
> # What changes are needed for future tooling compatibility?
> h3. Process and Templates
> # What do compliant announcement templates look like?
> # What language should be avoided in announcements?
> # How do other Apache projects structure their announcements?
> # What is the review process before sending to announce@?
> # Who is responsible for compliance verification?
> ----
> h2. Acceptance Criteria
> h3. 1. Research Completed
> * Legal guidelines reviewed and documented
> * Infra guidelines reviewed and documented
> * Current practices assessed against guidelines
> * Gap analysis completed
> * Compliance report created
> h3. 2. Issues Identified
> * List of non-compliant practices documented
> * Specific language or links that need correction identified
> * Risk assessment completed
> * Priority ranking for remediation established
> h3. 3. Remediation Plan Created
> * Action items defined for compliance
> * Download page updates specified (if needed)
> * Template updates specified
> * Process improvements documented
> * Timeline for implementation established
> h3. 4. Documentation Updated
> * Release announcement templates updated
> * Download page instructions verified/updated
> * Release manager guide updated
> * Compliance checklist created
> * Review process documented
> h3. 5. Stakeholder Communication
> * Findings shared with PMC
> * Compliance status reported to Marketing and Publicity
> * Release managers notified of new requirements
> * Contact established with Craig Russell (if needed for clarification)
> ----
> h2. Key Guidelines to Verify
> h3. Download Links
> * Use of {{download.cgi}} for primary downloads
> * Mirror selection mechanism properly implemented
> * Backup download locations specified
> * Archive links for older releases
> h3. Verification Files
> * KEYS file accessibility
> * Signature (.asc) files availability
> * Checksum (SHA512) files availability
> * Verification instructions clarity
> h3. Announcement Language
> * Proper phrasing for download instructions
> * Correct links to download pages
> * Appropriate mirror language
> * Verification guidance included
> h3. Infrastructure Requirements
> * Compliance with future automation needs
> * Proper directory structure in dist/release
> * Metadata files in correct format
> * Tooling team compatibility
> ----
> h2. Action Items
> h3. Immediate (Week 1)
> # Review Legal's page: [https://www.apache.org/legal/release-policy.html]
> # Review Infra's page: [https://infra.apache.org/release-download-pages.html]
> # Examine last 3 Apache Geode release announcements
> # Compare current practices to requirements
> h3. Short-term (Week 2-3)
> # Document findings and gap analysis
> # Contact Craig Russell if clarification needed
> # Review other Apache projects' announcements as examples
> # Draft compliance checklist
> h3. Medium-term (Week 4-6)
> # Update release announcement templates
> # Update download page documentation
> # Update release manager guide
> # Create pre-announcement review process
> h3. Long-term (Ongoing)
> # Apply new process to next release
> # Monitor for future guideline updates
> # Share learnings with community
> # Maintain compliance in all announcements
> ----
> h2. Reference Examples
> h3. Projects to Review
> * Apache Kafka (large project with frequent releases)
> * Apache Cassandra (similar infrastructure project)
> * Apache Tomcat (mature project with established processes)
> * Apache Maven (extensive download infrastructure)
> h3. Documents to Check
> * Recent [ANNOUNCE] emails from above projects
> * Their download page structures
> * Their release announcement templates
> * Their release management documentation
> ----
> h2. Risk Assessment
> h3. Risks of Non-Compliance
> * Announcement emails delayed or rejected by moderators
> * User confusion about correct download locations
> * Non-compliance with Apache Legal requirements
> * Incompatibility with future tooling automation
> * Reputational risk for Apache Geode project
> h3. Mitigation
> * Immediate research and remediation
> * Clear documentation and templates
> * Pre-announcement review process
> * Regular compliance verification
> * PMC oversight of announcements
> ----
> h2. Related Links
> h3. Apache Guidelines
> * [Apache Legal Release
> Policy|https://www.apache.org/legal/release-policy.html]
> * [Apache Infra Download
> Pages|https://infra.apache.org/release-download-pages.html]
> * [Apache Release Distribution
> Policy|https://infra.apache.org/release-distribution.html]
> h3. Apache Geode Resources
> * [Apache Geode Download Page|https://geode.apache.org/releases/]
> * Apache Geode Release Manager Guide
> * Apache Geode Announcement Templates
> ----
> h2.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
