On Tue, Apr 26, 2016 at 9:11 AM, Branko Čibej <brane_at_apache.org> wrote:
> On 26.04.2016 03:48, Stefan wrote:
>> On 4/21/2016 18:43, Evgeny Kotkov wrote:
>>> The 1.8.16 release artifacts are now available for testing/signing.
>>> Please get the tarballs from
>>> https://dist.apache.org/repos/dist/dev/subversion
>>> and add your signatures there. I plan to try and release on April 28th
>>> so please try and get your votes/signatures in place by April 27th.
>>>
>>> Thanks!
>>>
>> Verified integrity and file content against 1.8.16-tag in the SVN
>> repository.
>
> Did you also build the sources and run the tests? It's sort of expected.
I think it's fine as long as Stefan states explicitly what he has
verified (which he has). It's an additional assurance from someone
that says "I state that the tarball corresponds to the tag and the
branch". It doesn't count for a +1 vote for our "3 votes per platform"
rule, but that's fine (and since Stefan Hett aka luke1410 isn't a full
committer he couldn't give a binding vote anyway -- but any additional
verification is welcome imho).
Our community guide says [1]:
[[[
Signing a tarball means that you assert certain things about it. When
announcing your signature, indicate in the mail what steps you've
taken to verify that the tarball is correct, such as verifying the
contents against the proper tag in the repository.
]]]
[1] http://subversion.apache.org/docs/community-guide/releasing.html#tarball-signing
--
Johan
Received on 2016-04-26 10:10:21 CEST