2013/3/27 sebb <seb...@gmail.com> > On 27 March 2013 20:33, Simone Tripodi <simonetrip...@apache.org> wrote: > >> > >> No, sorry, it's just not as safe. > >> > >> I'd rather a file be missing from the release than have a release with > >> a spurious file that could contain anything. > > > > The only risk we have ATM is that the RM includes Idea's or Netbean's > > dedicated files - > > IDE files are the most likely to be found, but those can be easily > excluded. > The problem is another file which could come from anywhere. > > > and produced archives are reviewed and voted, so if > > they contain a spurious file that contains whatever potentially > > dangerous - not just technically, but also under a legal PoV - vote is > > cancelled. > > That assumes reviewers compare the tag with the releases - does anyone > apart from me do that? >
I do that :) > > >> Once released, it cannot be unreleased. Whereas a missing file means > > at worst doing a point release. > > > > but that could be applied to other logic as well, the RM can > > potentially forget to include some required file - or not? > > Yes, but reviewers are likely to notice a missing NOTICE or LICENSE file. > And unless the N&L files are renamed or removed from the assembly > descriptor, if one build is OK, future builds will be OK. > > The same is not true of the unexpected file that can appear in a release. > > Besides, as I already wrote, one can do a new point release if a file > is missing. > One cannot remove a file from a release. > > It's just not worth the risk. > > > http://people.apache.org/~simonetripodi/ > > http://simonetripodi.livejournal.com/ > > http://twitter.com/simonetripodi > > http://www.99soft.org/ > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- http://people.apache.org/~britter/ http://www.systemoutprintln.de/ http://twitter.com/BenediktRitter http://github.com/britter
