[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Can the RM contribute towards the three +1s ? (Re: Subversion 1.4.2 tarballs up for testing/signing)

From: Max Bowsher <maxb1_at_ukf.net>
Date: 2006-11-03 15:37:52 CET

Max Bowsher wrote:
> 1.4.2 tarballs, ready for testing.
> The magic revision is r22196.
>
> http://www.red-bean.com/~maxb/142/

And, on IRC, once my 6-way had completed, I asserted +1 unix sig towards
the total. People, to my surprise, objected that the RM was not entitled
to contribute toward the 3 +1s.

Further discussion made it clear that we don't share a single consensus
about what level of testing is required to cast a +1.

Some people felt that the RM couldn't +1 because part of +1ing was
verifying that the code in the tarball faithfully matches the repository
- i.e. checking that the tarball was not subverted to contain malicious
 code during the rolling process.

IMO, there's little point in doing that unless every verifier rolls
their own copy of the tarballs and compares, since there are numerous
areas which are not covered by a diff against the repository:
 * autoconf-generated stuff
 * SWIG-generated stuff
 * the bundled dependencies tarball

In any case, the one thing that is abundantly clear is that we need some
written documentation on exactly how we bless tarballs... this part of
our policy is rather absent:
http://subversion.tigris.org/release-process.html#blessing-release

Max.

Received on Fri Nov 3 15:38:29 2006

This is an archived mail posted to the Subversion Dev mailing list.