It's NOT trolling... If you feel trolled, grow some skin. On Thu, Aug 15, 2013 at 1:24 AM, Olivier Lamy <ol...@apache.org> wrote:
> On 15 August 2013 08:53, sebb <seb...@gmail.com> wrote: > > On 14 August 2013 21:21, Dennis Lundberg <denn...@apache.org> wrote: > >> On Wed, Aug 14, 2013 at 10:47 AM, sebb <seb...@gmail.com> wrote: > >> > >>> On 13 August 2013 18:58, Dennis Lundberg <denn...@apache.org> wrote: > >>> > On Tue, Aug 13, 2013 at 12:30 AM, sebb <seb...@gmail.com> wrote: > >>> >> On 12 August 2013 20:10, Jason van Zyl <ja...@tesla.io> wrote: > >>> >>> > >>> >>>>> > >>> >>>>> I have now read the threads that are referring to, and have not > found > >>> >>>>> a single link to any ASF rule stating that we need to include > these > >>> >>>>> things in a VOTE thread. > >>> >>>> > >>> >>>> So how do you propose that reviewers check the provenance of the > files > >>> >>>> in the source release? > >>> >>> > >>> >>> Are you looking for files that are in a distribution that didn't > come > >>> from source control? Everything else as far as provenance goes is > covered. > >>> Errant content is a potential problem, but everything in a distribution > >>> should come from source control which no one has access to until they > have > >>> a signed CLA on file. > >>> >> > >>> >> Yes. That is where the whole saga started. > >>> >> > >>> >> Proving provenance is why the SCM coordinates are needed for the > vote. > >>> >> > >>> >> The SCM details may also be useful to discover files accidentally > >>> >> omitted from the source archive. > >>> > > >>> > You want to compare the contents of the *-source-release.zip with > >>> > something from SCM, to make nothing bad has crept into the source > >>> > bundle. So you need to know where in SCM you can find it. Have I > >>> > understood you correctly? > >>> > >>> It's vital to be able to link the files in the source release > >>> archive(s) to their origin in SCM. > >>> > >>> The provenance of any source files the ASF releases must be clearly > >>> traceable. > >>> > >> > >> This information is clearly traceable and available to anyone who wants > to > >> review a release made by the Maven project. Our process uses the Release > >> Plugin, which will put the POM from the SCM tag in the staging directory > >> along with the source-release.zip. In that POM wou will find the URL to > the > >> original sources in SCM. > >> > > > > As has already been pointed out, SVN tags are not immutable, so the > > tag name alone is not sufficient. > > I think Stephen perfectly sum up the situation. > If you're not happy follow that. > > But please STOP the troll! > > Thanks! > > > > > >> > >>> > >>> >>> Thanks, > >>> >>> > >>> >>> Jason > >>> >>> > >>> >>> ---------------------------------------------------------- > >>> >>> Jason van Zyl > >>> >>> Founder, Apache Maven > >>> >>> http://twitter.com/jvanzyl > >>> >>> --------------------------------------------------------- > >>> >>> > >>> >>> > >>> >>> > >>> >>> > >>> >>> > >>> >>> > >>> >>> > >>> >> > >>> >> > --------------------------------------------------------------------- > >>> >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > >>> >> For additional commands, e-mail: dev-h...@maven.apache.org > >>> >> > >>> > > >>> > > >>> > > >>> > -- > >>> > Dennis Lundberg > >>> > > >>> > --------------------------------------------------------------------- > >>> > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > >>> > For additional commands, e-mail: dev-h...@maven.apache.org > >>> > > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > >>> For additional commands, e-mail: dev-h...@maven.apache.org > >>> > >>> -- > >>> Dennis Lundberg <dev-h...@maven.apache.org> > >>> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > For additional commands, e-mail: dev-h...@maven.apache.org > > > > > > -- > Olivier Lamy > Ecetera: http://ecetera.com.au > http://twitter.com/olamy | http://linkedin.com/in/olamy > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
