You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacopo Cappellato <ja...@hotwaxmedia.com> on 2013/01/17 18:15:06 UTC

[VOTE] [RESULT] Apache OFBiz 11.04.02

Thanks to the voters, this vote has passed with the following results:

[+1] 8
[-1] 0

The minimum (3) number of +1 votes from PMC members has been reached: 6 positive votes from PMC members.

I will proceed with the remaining steps required to release the package.

Jacopo

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Adam Heath <do...@brainfood.com>.
On 01/17/2013 11:15 AM, Jacopo Cappellato wrote:
> Thanks to the voters, this vote has passed with the following results:
> 
> [+1] 8
> [-1] 0
> 
> The minimum (3) number of +1 votes from PMC members has been reached: 6 positive votes from PMC members.
> 
> I will proceed with the remaining steps required to release the package.

Sorry I missed this vote.  I would have voted +1 on both.

However, I do not like the current way of voting.  For one, it's not
secure.  Anyone can send an email as anyone else.  There is no
verification at all, no security.  At the least, we should look into
gpg signature requirements on all votes.

Next, it might be nice to use debian's voting system.  You can read
more about it at (1).  It uses the Condorcet Method(2) for determining
winners.


1: http://www.debian.org/vote
2: http://en.wikipedia.org/wiki/Condorcet_method

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Jacques Le Roux <ja...@les7arts.com>.
Scott Gray wrote:
> On 18/01/2013, at 9:10 AM, Adam Heath wrote:
> 
>> On 01/17/2013 01:18 PM, Jacopo Cappellato wrote:
>>> On Jan 17, 2013, at 8:11 PM, Ean Schuessler wrote:
>>> 
>>>> think Adam's point was that someone could synthesize a vote from you (or, more importantly a vote from a mostly dormant member
>>>> like Adam) and get something to pass. Since, in practice, this kind of thing doesn't ever seem to happen its probably not
>>>> worth worrying about but his point is still cogent.  
>>> 
>>> Ok, thanks for the explanation Ean.
>> 
>> Not just that, but there was no weekend timeframe available for this
>> voting period.  Other people who are more active may only work on
>> ofbiz during the weekend, so you need to allow them time to become
>> aware of such a vote.
> 
> You could always just consider using some mail rules to prioritize voting threads so you see them a bit earlier.  Personally I
> just spend the 5 seconds/day it takes to quickly scan the recent subject lines for anything of interest. 

Exactly my thoughts, just that I don't use prioritisation, anyway those days it's not needed, there is really a low traffic on dev ML
 
> I think the risk of fake votes is very low, the only votes of relevance are those required to cross the threshold of +3 or
> whatever it takes for a vote to be rejected.  There's always 3 PMC members around to give the green light and any negative votes
> would involve a fair amount of follow up discussion should they cause the motion to fail to pass.  Lets save any additional
> bureaucracy for when there's an actual need.   

Agreed, less paper work, happier PMC members

Jacques

> Regards
> Scott

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Scott Gray <sc...@hotwaxmedia.com>.
On 18/01/2013, at 9:10 AM, Adam Heath wrote:

> On 01/17/2013 01:18 PM, Jacopo Cappellato wrote:
>> On Jan 17, 2013, at 8:11 PM, Ean Schuessler wrote:
>> 
>>> think Adam's point was that someone could synthesize a vote from you (or, more importantly a vote from a mostly dormant member like Adam) and get something to pass. Since, in practice, this kind of thing doesn't ever seem to happen its probably not worth worrying about but his point is still cogent. 
>> 
>> Ok, thanks for the explanation Ean.
> 
> Not just that, but there was no weekend timeframe available for this
> voting period.  Other people who are more active may only work on
> ofbiz during the weekend, so you need to allow them time to become
> aware of such a vote.

You could always just consider using some mail rules to prioritize voting threads so you see them a bit earlier.  Personally I just spend the 5 seconds/day it takes to quickly scan the recent subject lines for anything of interest.

I think the risk of fake votes is very low, the only votes of relevance are those required to cross the threshold of +3 or whatever it takes for a vote to be rejected.  There's always 3 PMC members around to give the green light and any negative votes would involve a fair amount of follow up discussion should they cause the motion to fail to pass.  Lets save any additional bureaucracy for when there's an actual need.

Regards
Scott

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Adrian Crum <ad...@sandglass-software.com>.
I agree that more time should be allowed for voting, but in this 
instance there was a need to get the release(s) out as soon as possible.

I also agree that an email can be forged, but in this case the vote 
releases were mentioned on the private list before it appeared on the 
public lists.

So, yeah... we could do more to make the voting process secure, but so 
far it hasn't been a problem.

-Adrian


On 1/17/2013 8:10 PM, Adam Heath wrote:
> On 01/17/2013 01:18 PM, Jacopo Cappellato wrote:
>> On Jan 17, 2013, at 8:11 PM, Ean Schuessler wrote:
>>
>>>   think Adam's point was that someone could synthesize a vote from you (or, more importantly a vote from a mostly dormant member like Adam) and get something to pass. Since, in practice, this kind of thing doesn't ever seem to happen its probably not worth worrying about but his point is still cogent.
>> Ok, thanks for the explanation Ean.
> Not just that, but there was no weekend timeframe available for this
> voting period.  Other people who are more active may only work on
> ofbiz during the weekend, so you need to allow them time to become
> aware of such a vote.

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Adam Heath <do...@brainfood.com>.
On 01/17/2013 01:18 PM, Jacopo Cappellato wrote:
> On Jan 17, 2013, at 8:11 PM, Ean Schuessler wrote:
> 
>>  think Adam's point was that someone could synthesize a vote from you (or, more importantly a vote from a mostly dormant member like Adam) and get something to pass. Since, in practice, this kind of thing doesn't ever seem to happen its probably not worth worrying about but his point is still cogent. 
> 
> Ok, thanks for the explanation Ean.

Not just that, but there was no weekend timeframe available for this
voting period.  Other people who are more active may only work on
ofbiz during the weekend, so you need to allow them time to become
aware of such a vote.

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Jacopo Cappellato <ja...@hotwaxmedia.com>.
On Jan 17, 2013, at 8:11 PM, Ean Schuessler wrote:

>  think Adam's point was that someone could synthesize a vote from you (or, more importantly a vote from a mostly dormant member like Adam) and get something to pass. Since, in practice, this kind of thing doesn't ever seem to happen its probably not worth worrying about but his point is still cogent. 

Ok, thanks for the explanation Ean.

Jacopo

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Ean Schuessler <ea...@brainfood.com>.
I think Adam's point was that someone could synthesize a vote from you (or, more importantly a vote from a mostly dormant member like Adam) and get something to pass. Since, in practice, this kind of thing doesn't ever seem to happen its probably not worth worrying about but his point is still cogent. 

----- "Jacopo Cappellato" wrote: 
> On Jan 17, 2013, at 7:39 PM, Adam Heath wrote: 
> > Ie, how many total voters are there? 
> Everyone in the World can vote, we need at least 3 positive votes from PMC members... I would recommend you to read the ASF voting guidelines. 
> Regards, 
> Jacopo 

-- 
Ean Schuessler, CTO 
ean@brainfood.com 
214-720-0700 x 315 
Brainfood, Inc. 
http://www.brainfood.com

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Jacopo Cappellato <ja...@hotwaxmedia.com>.
On Jan 17, 2013, at 7:39 PM, Adam Heath wrote:

> Ie, how many total voters are there?

Everyone in the World can vote, we need at least 3 positive votes from PMC members... I would recommend you to read the ASF voting guidelines.

Regards,

Jacopo

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Adam Heath <do...@brainfood.com>.
On 01/17/2013 12:16 PM, Jacopo Cappellato wrote:
> 
> On Jan 17, 2013, at 6:41 PM, Adam Heath wrote:
> 
>> Oh, and 3.5 days for voting is *NOT* enough time.  Not by a long shot.
> 
> Are these the reasons you have missed mostly all the voting threads in the OFBiz release history? :-)

That's a separate issue.

A vote  should at least include a weekend, as some people in a free
software community may only do work on the software on the weekend.

Also, the vote results listed just the counts of those who voted; it
didn't list counts of those who didn't.  Ie, how many total voters are
there?

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Jacopo Cappellato <ja...@hotwaxmedia.com>.
On Jan 17, 2013, at 6:41 PM, Adam Heath wrote:

> Oh, and 3.5 days for voting is *NOT* enough time.  Not by a long shot.

Are these the reasons you have missed mostly all the voting threads in the OFBiz release history? :-)

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Adam Heath <do...@brainfood.com>.
On 01/17/2013 11:55 AM, Jacques Le Roux wrote:
> From: "Adam Heath" <do...@brainfood.com>
>> On 01/17/2013 11:15 AM, Jacopo Cappellato wrote:
>>> Thanks to the voters, this vote has passed with the following results:
>>>
>>> [+1] 8
>>> [-1] 0
>>>
>>> The minimum (3) number of +1 votes from PMC members has been reached: 6 positive votes from PMC members.
>>>
>>> I will proceed with the remaining steps required to release the package.
>>
>> Oh, and 3.5 days for voting is *NOT* enough time.  Not by a long shot.
> 
> Are those not ASF rules? Which does not mean we can't override...

You could add additional restrictions, couldn't you?  Like requiring
gpg signatures, and comparing them against a keyring.

> 
> Jacques

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Jacques Le Roux <ja...@les7arts.com>.
From: "Adam Heath" <do...@brainfood.com>
> On 01/17/2013 11:15 AM, Jacopo Cappellato wrote:
>> Thanks to the voters, this vote has passed with the following results:
>> 
>> [+1] 8
>> [-1] 0
>> 
>> The minimum (3) number of +1 votes from PMC members has been reached: 6 positive votes from PMC members.
>> 
>> I will proceed with the remaining steps required to release the package.
> 
> Oh, and 3.5 days for voting is *NOT* enough time.  Not by a long shot.

Are those not ASF rules? Which does not mean we can't override...

Jacques

Re: [VOTE] [RESULT] Apache OFBiz 11.04.02

Posted by Adam Heath <do...@brainfood.com>.
On 01/17/2013 11:15 AM, Jacopo Cappellato wrote:
> Thanks to the voters, this vote has passed with the following results:
> 
> [+1] 8
> [-1] 0
> 
> The minimum (3) number of +1 votes from PMC members has been reached: 6 positive votes from PMC members.
> 
> I will proceed with the remaining steps required to release the package.

Oh, and 3.5 days for voting is *NOT* enough time.  Not by a long shot.