> -----Original Message-----
> From: Dave Fisher [mailto:dave2w...@comcast.net]
> Sent: Monday, December 7, 2015 15:26
> To: dev@openoffice.apache.org
> Subject: Re: [RISK?] Official Apache Release Policy Implications
>
> Hi Dennis,
>
> I think that it would be helpful if you would express an opinion about
> what precisely you think that the project and PMC are doing incorrectly.
[orcmid]
What caught my eye was the need to check and confirm building from the
release candidate source, something I don't see called out in AOO release
votes:
"Before casting +1 binding votes, individuals are REQUIRED
to download all signed source code packages onto their own
hardware, verify that they meet all requirements of ASF policy
on releases as described below, validate all cryptographic
signatures, compile as provided, and test the result on their
own platform."
This is not new. Essentially the same statement appears in the version that
is still on the dev/ portion of the ASF site,
< http://apache.org/dev/release.html#approving-a-release>.
I don't know when this material was produced. When I was on the AOO
Incubator PPMC, there was a variety of different documentation. I have no
record of how earlier release voting was done.
> I know that when I voted on releases when we were in the incubator I
> followed policy and did the needful checks. I like to think that since
> Jim J our current VP of legal also voted +1 as one of our mentors we
> were well served.
>
> Thanks and Regards,
> Dave
>
> Sent from my iPhone
>
> > On Dec 7, 2015, at 2:28 PM, Dennis E. Hamilton <orc...@apache.org>
> wrote:
> >
> > [BCC AOO PMC]
> >
> > From the Chair,
> >
> > There is now a comprehensive policy on releases from Apache projects,
> > <http://www.apache.org/legal/release-policy>.
> >
> > This has been brewing for a couple of months and has now been ratified
> by
> > Apache Legal.
> >
> > The most-cautionary aspect, not the only one, has to do with what a
> binding
> > +1 vote must signify as part of release approval:
> > <http://www.apache.org/legal/release-policy#release-approval>. This
> becomes
> > a critical matter for the AOO PMC. It is also valuable for non-
> binding +1
> > votes to also account for some level of that requirement.
> >
> > The condition on approval is tied to the importance of the release
> source
> > code and its usability, even though compiled packages and their
> authenticity
> > are of immense importance to the Apache OpenOffice community.
> >
> > The policy is freshly-minted. I doubt that complete adherence is
> expected
> > over-night. I do think that serious striving for achievement of the
> level
> > of quality and accountability that is reflected in the policy will
> need to
> > be demonstrated. This striving will doubtless need to be accounted
> for in
> > reports to the board until the AOO release process is fully aligned
> with
> > what is expected under the policy.
> >
> > I invite discussion here on dev@ on how to make our release processes
> > explicit and evident to all potential contributors, with an eye to
> having a
> > systematic approach that aligns with the release policy and also
> reflects
> > the informal Maturity Model for Apache projects.
> >
> >
> > -- Dennis E. Hamilton
> > orc...@apache.org
> > dennis.hamil...@acm.org +1-206-779-9430
> > https://keybase.io/orcmid PGP F96E 89FF D456 628A
> > X.509 certs used and requested for signed e-mail
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> > For additional commands, e-mail: dev-h...@openoffice.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
