Can the RM contribute towards the three +1s ? (Re: Subversion 1.4.2 tarballs up for testing/signing)

From: Max Bowsher <maxb1_at_ukf.net>
Date: 2006-11-03 15:37:52 CET

Max Bowsher wrote:
> 1.4.2 tarballs, ready for testing.
> The magic revision is r22196.
>
> http://www.red-bean.com/~maxb/142/

And, on IRC, once my 6-way had completed, I asserted +1 unix sig towards
the total. People, to my surprise, objected that the RM was not entitled
to contribute toward the 3 +1s.

Further discussion made it clear that we don't share a single consensus
about what level of testing is required to cast a +1.

Some people felt that the RM couldn't +1 because part of +1ing was
verifying that the code in the tarball faithfully matches the repository
- i.e. checking that the tarball was not subverted to contain malicious
code during the rolling process.

IMO, there's little point in doing that unless every verifier rolls
their own copy of the tarballs and compares, since there are numerous
areas which are not covered by a diff against the repository:
* autoconf-generated stuff
* SWIG-generated stuff
* the bundled dependencies tarball

In any case, the one thing that is abundantly clear is that we need some
written documentation on exactly how we bless tarballs... this part of
our policy is rather absent:
http://subversion.tigris.org/release-process.html#blessing-release

Max.

application/pgp-signature attachment: OpenPGP digital signature

Received on Fri Nov 3 15:38:29 2006

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]