[RELEASES] Relaxing the release signature requirements
From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sat, 12 Aug 2017 17:35:07 +0000
There has been some random discussion about relaxing the release
Our hard requirements are:
- One signature [ASF policy]
Our current policy is:
- One RM signature
[The above is facts. The below is opinion.]
Properties we want the new policy to have:
- Fewer than seven people involved
So, how about:
- Allowing the RM to cast a +1.
- Requiring fewer than three +1s per platform.
E.g., we could require just two windows +1s and two unix +1s.
If we do this, I would prefer to see the two unix +1s from different
These two changes together would mean that only four people would be
To be concrete, here's the suggestion again without annotations:
- A tarball is rolled by the RM.
- The RM signs the tarball before uploading to /dist/dev.
- The tarball is tested by at least two windows developers, who
- The tarball is tested by at least two unix developers, who
- There MAY be more than two testers per platform. The testers need
- There SHOULD be at least four different testers.
- Developers MAY sign the tarball without testing it, only if they
- The release timelines (at least 72 hours and preferably more for
WDYT?
|
This is an archived mail posted to the Subversion Dev mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.