Hi Ari, this all makes sense. See my comments on the details below.
On Aug 19, 2010, at 8:00 AM, Aristedes Maniatis wrote:
> As a PMC I suggest that our rules should be:
I suggest to call this "guidelines", not "rules". Please let's preserve the commonsense approach we've been using all along. Just look at the release to see if you can spot anything wrong. This discussion hopefully provided better understanding of the specific things that need to be checked, but *how* everybody checks that is up to each person. In fact diversity in evaluation techniques should in theory provide better coverage of possible holes than algorithmic rules.
> 3. All committers are encouraged to vote on releases. Committer votes will be considered by the PMC (particularly -1 votes will be discussed) when making the final decision, but are not binding.
+1
> 4. Each PMC member will do the following before voting on a release:
>
> a. download the artifacts
> b. satisfy themselves that the source matches the appropriate svn tag (I don't know how to do that though: how do I check that Andrus didn't accidentally build the distribution without a clean svn checkout or that his git-svn tool didn't do something wacky?)
Technically this is doable (with a "diff -u" command against a local checkout). If somebody's willing to do it at least occasionally, please do it. Alternatively you may look at some recent commits and see that they are present in the source distro, or use some other simple sanity check approach.
> d. satisfy themselves that the binary distribution is sane and passes basic usability tests. For example, that the Cayenne modeler runs and the main jar passes some basic tests.
In line with what I said above, a user may take any extra steps (s)he deems appropriate. E.g. stick cayenne-server.jar in a production app :-)
Andrus
This archive was generated by hypermail 2.0.0 : Thu Aug 26 2010 - 08:12:37 UTC