On 2015-06-01 12:04:34 +0200 (+0200), Thierry Carrez wrote: > Thierry Carrez wrote: [...] > > 2. it would be difficult to get proper release notes > > > > If we don't have point releases anymore, we don't have release notes > > anymore. Release notes contain various types of information: the list of > > security fixes, the occasional upgrade warning, and the list of bugfixes. > > We'd probably have to find a way to provide the same information in the > tarball itself, so that if you picked any of them you could still get a > list of the fixes in there. [...]
PBR has the ability to generate a ChangeLog as part of the sdist tarball generation. If the ChangeLog itself isn't suitable, we could do something akin to what Doug described about scraping commit messages for particular specially-formatted header lines and then maybe have a separate release notes sdist hook in PBR. Or we could just expect projects to update a release notes file in that repo on any stable branch change which implies some action on the part of the downstream consumers. As to the separate concern raised by a couple of respondents for a lack of signatures on stable branch tarballs (be they per-commit or arbitrarily tagged by their respective project teams), I've been itching to implement some mechanical generation of detached signatures to publish along with artifacts uploaded to tarballs.openstack.org and PyPI anyway. We could presumably leverage that. It wouldn't be a human signature, just a signature made by a trusted host in the infrastructure build chain whose key was signed by some of the infrastructure root admins, but would at least attest to the integrity of the file once uploaded to the point of publication. -- Jeremy Stanley
signature.asc
Description: Digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev