Hi Julian, Thank you for your quick and profoundly vote. I really appreciate your input from a perspective from other PMCs. Let me address your points below:
> Hi Niklas, > > First, congratulations to starting your first Apache Release : ) > Of course, I took the time to check it. > > My Vote is +0 (non-binding) as I found some issues that are minor / medium. > Probably some of these things are historically handled differently in the > Cordova project and of course I know that this is your first release! > > I did the following: > > * Checkout the sources > * Check Signatures and Hash (see below) > * Checked Files (NOTICE, LICENSE, …) > * Performed “npm install” with positive output > > Findings > > * RELEASENOTES should usually be RELEASE_NOTES (minor) All Cordova repositories use this filename. I guess that's historically like that. > * I did not find any KEYS file for cordova so I downloaded your Key from > the apache side, but projects should normally provide KEYS files and it > should be mentioned in the Release Mails (medium) I think the official KEYS file for releases is this one: http://www.apache.org/dist/cordova/KEYS. I added my key just today. Our release voting doc linked below suggests using the Apache PMC keyring for voting found here: https://github.com/apache/cordova-coho/blob/master/docs/setting-up-gpg.md#importing-pmc-members-pgp-keys I think using PGP to verify releases only plays a role for voting. Users of Cordova (developers who build apps with Cordova) always use NPM to get their version of Cordova artifacts. That's probably why PGP keys are not prominent on the project website. > * Without imported pgp key it does not show that its signed by an apache > email > ``` > gpg: Signatur vom Sa 4 Jan 10:15:13 2020 CET > > gpg: mittels RSA-Schlüssel > B01C0A0BEB1929000C4A95E19D0402820FB84764 > > gpg: Korrekte Signatur von "Niklas Merz <niklasm...@linux.com>" [vollständig] > > gpg: alias "Niklas Merz <niklasm...@gmx.net>" [unbestimmt] > > ``` > When I have it imported it shows your Apache Email as Alias but I’m unsure if > this is fine like that, probably you could check that or somebody with more > experience can comment (medium) I am not a PGP expert, but I have an idea what could have happened on your machine. You had the old version in your keyring (from the keysigning at the FOSS Hackathon). I renewed my subkeys and added the Apache Email just last week after becoming a PMC member. If you get the latest version from apache.org/dist that should be fine. > * Notice File: Copyright is only 2012 (minor) I have no idea if that should be updated. Possibly a more experienced PMC can answer that. > * I did not find any build instructions in the README but had to look > into the repo and the travis file to find out how to build the sources (npm > install). Apache Releases should always contain this information in the > README (medium) In my interpretation you don't need build instructions because you won't and cannot build this release of a plugin on its own. You use this plugin with your main Cordova app via the Cordova CLI and that will built it for you. If you are in your Cordova projects directory `cordova plugin add cordova-plugin-inappbrowser` This will get the latest version from NPM and then you build your project with this plugin for you platform(s) of choice `cordova build platform` Thanks again Julian. I am happy we can collaborate across our Apache projects. Niklas > But nonetheless, good job Niklas and hopefully only the first of many more > releases to come : ) > Julian > > On 2020/01/04 10:32:19, Niklas Merz <n...@apache.org<mailto:n...@apache.org>> > wrote: >> Please review and vote on the release of this plugins release> >> by replying to this email (and keep discussion on the DISCUSS thread)> >> >> The plugin has been published to dist/dev:> >> https://dist.apache.org/repos/dist/dev/cordova/cordova-plugin-inappbrowser-3.2.0/> >> >> The package was published from their corresponding git tags:> >> cordova-plugin-inappbrowser: 3.2.0 (2cd868e99f)> >> >> A quick review of the release notes would be much appreciated as well:> >> https://github.com/apache/cordova-docs/pull/1049> >> >> Upon a successful vote I will upload the archives to dist/, upload them> >> to npm, and post the corresponding blog post.> >> >> Voting guidelines:> >> https://github.com/apache/cordova-coho/blob/master/docs/release-voting.md> >> >> Voting will go on for a minimum of 48 hours.> >> >> I vote +1:> >> * No NPM audit warnings> >> * Ran coho audit-license-headers over the relevant repos> >> * Ran coho check-license to ensure all dependencies and subdependencies> >> have Apache-compatible licenses> >> * Checked continuous build> >> * Did tests with an app that uses InAppBrowser and WKWebViewOnly> >> >> ---------------------------------------------------------------------> >> To unsubscribe, e-mail: >> dev-unsubscr...@cordova.apache.org<mailto:dev-unsubscr...@cordova.apache.org>> >> For additional commands, e-mail: >> dev-h...@cordova.apache.org<mailto:dev-h...@cordova.apache.org>> >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
