You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Mark Phippard <ma...@gmail.com> on 2008/04/11 18:36:25 UTC
Only require 2 signatures for zip file?
I know this has come up before, but let me raise it again. We are
always in need of committers to sign the zip files. Currently both
myself and Paul Burba run the tests on Windows and sign the zip file.
I am not sure if there is anyone else available to sign them for this
release. I checked with DJ and he is not going to be available to
sign the RC2 release. Brane has not signed a release in a long time
and I am assuming this release will be no different. Lieven? I think
you have done some Windows work are you planning to sign the zip file.
Do we really need 3 signatures for the zip file, given that it only
applies to a single OS? We are fortunate that we have *nix committers
across the gamut of Linux, OSX and BSD, but what if all 3 signatures
for *nix came from OSX or Ubuntu users? It seems like if we are
comfortable with only 3 signatures for the *nix tarballs, then 2 ought
to be enough for Windows.
Failing that, who else is willing to setup and test on Windows? We
have a lot of active downstream users of the Windows release. We have
Jeremy and Bert from AnkhSVN and Stefan from TortoiseSVN. How about
if we started accepting and counting their signatures towards a
release? Assuming they are willing to run the tests and provide
signature of course.
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Only require 2 signatures for zip file?
Posted by Ivan Zhakov <ch...@gmail.com>.
On Sat, Apr 12, 2008 at 6:15 PM, Mark Phippard <ma...@gmail.com> wrote:
>
> On Sat, Apr 12, 2008 at 4:13 AM, Ivan Zhakov <ch...@gmail.com> wrote:
> > On Fri, Apr 11, 2008 at 10:48 PM, Mark Phippard <ma...@gmail.com> wrote:
> > > On Fri, Apr 11, 2008 at 2:39 PM, David Glasser <gl...@davidglasser.net> wrote:
> > > > On Fri, Apr 11, 2008 at 11:36 AM, Mark Phippard <ma...@gmail.com> wrote:
> > > > > Failing that, who else is willing to setup and test on Windows? We
> > > > > have a lot of active downstream users of the Windows release. We have
> > > > > Jeremy and Bert from AnkhSVN and Stefan from TortoiseSVN. How about
> > > > > if we started accepting and counting their signatures towards a
> > > > > release? Assuming they are willing to run the tests and provide
> > > > > signature of course.
> > > >
> > > > Whether or not we count it towards the release count, I think I'm
> > > > always interested in seeing that folks like Stefan and the AnkhSVN
> > > > people have verified a release.
> > >
> > > I used to build the Windows release so I could include JavaHL library
> > > in Subclipse, and so I would also run the tests and sign the release.
> > > But since I was not a full committer, my signature did not count
> > > towards the release. I always thought it should have (since we had
> > > these same signature problems back then).
> > >
> > > Given that the rest of you are not likely to give up emacs for Windows
> > > we need to be looking for solutions. By the way, I forgot Ivan Zhakov
> > > in my original post. I do not think he has signed releases in the
> > > past, at least not regularly. If we could get him to commit to do so,
> > > this would at least be less of a problem since we would then have
> > > three committers that we can count on signing the release, and four
> > > when DJ is able to devote the time again.
> > >
> > I'm always building and testing release candidates VisualSVN, but you
> > guys signes release earlier than me :) So I can sign Windows releases
> > if this becomes a problem.
> > I just need to find my gpg signature and learn how to use it :)
>
> Ivan,
>
> If you are doing the testing, I think the easiest thing would be to
> just have you start providing the signature. I just created a new gpg
> signature recently so that I could sign them. I do not think there is
> any need to find your old one, unless you think you can.
>
Ok, I'll prepare new gpg signature on the weekend.
--
Ivan Zhakov
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Only require 2 signatures for zip file?
Posted by Mark Phippard <ma...@gmail.com>.
On Sat, Apr 12, 2008 at 4:13 AM, Ivan Zhakov <ch...@gmail.com> wrote:
> On Fri, Apr 11, 2008 at 10:48 PM, Mark Phippard <ma...@gmail.com> wrote:
> > On Fri, Apr 11, 2008 at 2:39 PM, David Glasser <gl...@davidglasser.net> wrote:
> > > On Fri, Apr 11, 2008 at 11:36 AM, Mark Phippard <ma...@gmail.com> wrote:
> > > > Failing that, who else is willing to setup and test on Windows? We
> > > > have a lot of active downstream users of the Windows release. We have
> > > > Jeremy and Bert from AnkhSVN and Stefan from TortoiseSVN. How about
> > > > if we started accepting and counting their signatures towards a
> > > > release? Assuming they are willing to run the tests and provide
> > > > signature of course.
> > >
> > > Whether or not we count it towards the release count, I think I'm
> > > always interested in seeing that folks like Stefan and the AnkhSVN
> > > people have verified a release.
> >
> > I used to build the Windows release so I could include JavaHL library
> > in Subclipse, and so I would also run the tests and sign the release.
> > But since I was not a full committer, my signature did not count
> > towards the release. I always thought it should have (since we had
> > these same signature problems back then).
> >
> > Given that the rest of you are not likely to give up emacs for Windows
> > we need to be looking for solutions. By the way, I forgot Ivan Zhakov
> > in my original post. I do not think he has signed releases in the
> > past, at least not regularly. If we could get him to commit to do so,
> > this would at least be less of a problem since we would then have
> > three committers that we can count on signing the release, and four
> > when DJ is able to devote the time again.
> >
> I'm always building and testing release candidates VisualSVN, but you
> guys signes release earlier than me :) So I can sign Windows releases
> if this becomes a problem.
> I just need to find my gpg signature and learn how to use it :)
Ivan,
If you are doing the testing, I think the easiest thing would be to
just have you start providing the signature. I just created a new gpg
signature recently so that I could sign them. I do not think there is
any need to find your old one, unless you think you can.
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Only require 2 signatures for zip file?
Posted by Ivan Zhakov <ch...@gmail.com>.
On Fri, Apr 11, 2008 at 10:48 PM, Mark Phippard <ma...@gmail.com> wrote:
> On Fri, Apr 11, 2008 at 2:39 PM, David Glasser <gl...@davidglasser.net> wrote:
> > On Fri, Apr 11, 2008 at 11:36 AM, Mark Phippard <ma...@gmail.com> wrote:
> > > Failing that, who else is willing to setup and test on Windows? We
> > > have a lot of active downstream users of the Windows release. We have
> > > Jeremy and Bert from AnkhSVN and Stefan from TortoiseSVN. How about
> > > if we started accepting and counting their signatures towards a
> > > release? Assuming they are willing to run the tests and provide
> > > signature of course.
> >
> > Whether or not we count it towards the release count, I think I'm
> > always interested in seeing that folks like Stefan and the AnkhSVN
> > people have verified a release.
>
> I used to build the Windows release so I could include JavaHL library
> in Subclipse, and so I would also run the tests and sign the release.
> But since I was not a full committer, my signature did not count
> towards the release. I always thought it should have (since we had
> these same signature problems back then).
>
> Given that the rest of you are not likely to give up emacs for Windows
> we need to be looking for solutions. By the way, I forgot Ivan Zhakov
> in my original post. I do not think he has signed releases in the
> past, at least not regularly. If we could get him to commit to do so,
> this would at least be less of a problem since we would then have
> three committers that we can count on signing the release, and four
> when DJ is able to devote the time again.
>
I'm always building and testing release candidates VisualSVN, but you
guys signes release earlier than me :) So I can sign Windows releases
if this becomes a problem.
I just need to find my gpg signature and learn how to use it :)
--
Ivan Zhakov
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Release signers
Posted by Karl Fogel <kf...@red-bean.com>.
"Mark Phippard" <ma...@gmail.com> writes:
> * Anyone can already sign our releases, and we include their
> signatures with the release. I used to sign the Windows releases when
> I was not a committer, as an example.
Right.
> * So we are really talking about a process change where we will count
> these signatures as votes towards the actual release? Do we want to
> have any specific policies in place? Such as at least 1 or 2 full
> committer signatures on each file?
I was only talking about the voting significance -- in other words,
proposing that we open up the voting a bit, since testing Subversion has
no necessary connection to writing code.
> * I'd assume all partial committers are automatically included in this
> and do not need to be listed in SIGNERS.
No, I don't assume that. We give people partial commit access to
maintain Perl scripts and whatnot; nothing about the process says they
reliably test Subversion.
> * Will we accept -1's from people in SIGNERS?
Good question. No, a -1 just means there's a problem -- in which case
the right course is to describe the problem, and let the committers
(whose names are really on the line) decide what to do about it.
Another possibility is to loosen our formal release requirements and
just let the release manager decide how much testing (and by whom) is
enough. I'd actually be comfortable with that too. (Not proposing
changing the soak periods, though.)
I dunno. The more I think about it, the less enthused I am. The
SIGNERS file is eventually going to be a headache to maintain;
meanwhile, we've already seen more committers step up to do signing.
Let's just see how that goes and revisit if we must.
-Karl, thinking more carefully now
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Release signers (was: Only require 2 signatures for zip file?)
Posted by Mark Phippard <ma...@gmail.com>.
On Thu, Apr 17, 2008 at 3:35 PM, Karl Fogel <kf...@red-bean.com> wrote:
> [Folks, there is a concrete proposal at the bottom of this mail, I'm
> just top-quoting a lot of context first.]
>
> "Mark Phippard" <ma...@gmail.com> writes:
> > On Sun, Apr 13, 2008 at 1:17 PM, Karl Fogel <kf...@red-bean.com> wrote:
> >> It does seem silly that we pretend these two things are the same
> >> function:
> >>
> >> 1) J. Random tends to make non-damaging code contributions, and works
> >> well with people in the community, so we want his changes going
> >> directly into future releases without them needing prior review
> >> (in other words: J. Random is a full committer).
> >>
> >> 2) J. Random has built and tested on platform X, and we trust his
> >> reports of what he encountered (in other words: J. Random can
> >> sign releases).
> >>
> >> Right now, we pretend that (1) is both necessary and sufficient for
> >> (2). It is surely sufficient, but it is *not* necessary.
> >>
> >> But is there any qualification we should require for (2), beyond that
> >> someone posts plausible-looking test output to the dev@ list? Should we
> >> "know" the person somehow?
> >
> > If we really wanted to do something, I would suggest adding a "release
> > signers" section to our COMMITTERS file. We could then nominate
> > people we trust that are not already committers, such as Stefan King
> > and some of the AnkhSVN developers etc.
> >
> > This might also be a way to bring in some of the people that build
> > stuff off our bindings.
> >
> > Of course it all presumes that these people want to go through the
> > process of testing and signing a release.
>
> Well, it just means that when they do sign, we trust it. Whether they
> actually do sign for a given release is up to them -- though I suspect
> Stefan (for example) will.
>
> It shouldn't be a new section in COMMITTERS, though, since it really has
> nothing to do with committing now. Instead, let's just create a new
> file, SIGNERS, with the understanding that any full committer is
> automatically a signer, and that any full committer can add someone to
> SIGNERS.
>
> I realize that's not a lot of formal process. But I think we don't
> really need even private discussions for this (unlike with commit
> access), because it's just a question of how much the person has shown
> up on the lists, presented test results, and said sensible things. We
> can go with informal for now -- meaning any full committer can add
> someone to SIGNERS, and should feel free to discuss it publicly before
> doing so -- and if we need to add more process, well, then we will. The
> file will state some guidelines to help committers decide whom to add.
>
> Any objections, before I initialize this file with those guidelines and
> Stefan Kung's name?
>
> The goal here is to avoid dropping volunteer energy on the floor. If
> there are reliable people willing to test and sign, we ought to be
> taking advantage of that!
Just to be clear, for myself as well.
* Anyone can already sign our releases, and we include their
signatures with the release. I used to sign the Windows releases when
I was not a committer, as an example.
* So we are really talking about a process change where we will count
these signatures as votes towards the actual release? Do we want to
have any specific policies in place? Such as at least 1 or 2 full
committer signatures on each file?
* I'd assume all partial committers are automatically included in this
and do not need to be listed in SIGNERS.
* Will we accept -1's from people in SIGNERS?
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Release signers (was: Only require 2 signatures for zip file?)
Posted by Karl Fogel <kf...@red-bean.com>.
[Folks, there is a concrete proposal at the bottom of this mail, I'm
just top-quoting a lot of context first.]
"Mark Phippard" <ma...@gmail.com> writes:
> On Sun, Apr 13, 2008 at 1:17 PM, Karl Fogel <kf...@red-bean.com> wrote:
>> It does seem silly that we pretend these two things are the same
>> function:
>>
>> 1) J. Random tends to make non-damaging code contributions, and works
>> well with people in the community, so we want his changes going
>> directly into future releases without them needing prior review
>> (in other words: J. Random is a full committer).
>>
>> 2) J. Random has built and tested on platform X, and we trust his
>> reports of what he encountered (in other words: J. Random can
>> sign releases).
>>
>> Right now, we pretend that (1) is both necessary and sufficient for
>> (2). It is surely sufficient, but it is *not* necessary.
>>
>> But is there any qualification we should require for (2), beyond that
>> someone posts plausible-looking test output to the dev@ list? Should we
>> "know" the person somehow?
>
> If we really wanted to do something, I would suggest adding a "release
> signers" section to our COMMITTERS file. We could then nominate
> people we trust that are not already committers, such as Stefan King
> and some of the AnkhSVN developers etc.
>
> This might also be a way to bring in some of the people that build
> stuff off our bindings.
>
> Of course it all presumes that these people want to go through the
> process of testing and signing a release.
Well, it just means that when they do sign, we trust it. Whether they
actually do sign for a given release is up to them -- though I suspect
Stefan (for example) will.
It shouldn't be a new section in COMMITTERS, though, since it really has
nothing to do with committing now. Instead, let's just create a new
file, SIGNERS, with the understanding that any full committer is
automatically a signer, and that any full committer can add someone to
SIGNERS.
I realize that's not a lot of formal process. But I think we don't
really need even private discussions for this (unlike with commit
access), because it's just a question of how much the person has shown
up on the lists, presented test results, and said sensible things. We
can go with informal for now -- meaning any full committer can add
someone to SIGNERS, and should feel free to discuss it publicly before
doing so -- and if we need to add more process, well, then we will. The
file will state some guidelines to help committers decide whom to add.
Any objections, before I initialize this file with those guidelines and
Stefan Kung's name?
The goal here is to avoid dropping volunteer energy on the floor. If
there are reliable people willing to test and sign, we ought to be
taking advantage of that!
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Only require 2 signatures for zip file?
Posted by Mark Phippard <ma...@gmail.com>.
On Sun, Apr 13, 2008 at 1:17 PM, Karl Fogel <kf...@red-bean.com> wrote:
> "Mark Phippard" <ma...@gmail.com> writes:
> > I used to build the Windows release so I could include JavaHL library
> > in Subclipse, and so I would also run the tests and sign the release.
> > But since I was not a full committer, my signature did not count
> > towards the release. I always thought it should have (since we had
> > these same signature problems back then).
> >
> > Given that the rest of you are not likely to give up emacs for Windows
> > we need to be looking for solutions. By the way, I forgot Ivan Zhakov
> > in my original post. I do not think he has signed releases in the
> > past, at least not regularly. If we could get him to commit to do so,
> > this would at least be less of a problem since we would then have
> > three committers that we can count on signing the release, and four
> > when DJ is able to devote the time again.
> >
> > That said, Stefan, Bert and Jeremy have all contributed to our project
> > and they have vested interest in our releases. It seems like we would
> > be doing ourselves a favor if we recruited and counted their
> > signatures.
>
> It does seem silly that we pretend these two things are the same
> function:
>
> 1) J. Random tends to make non-damaging code contributions, and works
> well with people in the community, so we want his changes going
> directly into future releases without them needing prior review
> (in other words: J. Random is a full committer).
>
> 2) J. Random has built and tested on platform X, and we trust his
> reports of what he encountered (in other words: J. Random can
> sign releases).
>
> Right now, we pretend that (1) is both necessary and sufficient for
> (2). It is surely sufficient, but it is *not* necessary.
>
> But is there any qualification we should require for (2), beyond that
> someone posts plausible-looking test output to the dev@ list? Should we
> "know" the person somehow?
If we really wanted to do something, I would suggest adding a "release
signers" section to our COMMITTERS file. We could then nominate
people we trust that are not already committers, such as Stefan King
and some of the AnkhSVN developers etc.
This might also be a way to bring in some of the people that build
stuff off our bindings.
Of course it all presumes that these people want to go through the
process of testing and signing a release.
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Only require 2 signatures for zip file?
Posted by Karl Fogel <kf...@red-bean.com>.
"Mark Phippard" <ma...@gmail.com> writes:
> I used to build the Windows release so I could include JavaHL library
> in Subclipse, and so I would also run the tests and sign the release.
> But since I was not a full committer, my signature did not count
> towards the release. I always thought it should have (since we had
> these same signature problems back then).
>
> Given that the rest of you are not likely to give up emacs for Windows
> we need to be looking for solutions. By the way, I forgot Ivan Zhakov
> in my original post. I do not think he has signed releases in the
> past, at least not regularly. If we could get him to commit to do so,
> this would at least be less of a problem since we would then have
> three committers that we can count on signing the release, and four
> when DJ is able to devote the time again.
>
> That said, Stefan, Bert and Jeremy have all contributed to our project
> and they have vested interest in our releases. It seems like we would
> be doing ourselves a favor if we recruited and counted their
> signatures.
It does seem silly that we pretend these two things are the same
function:
1) J. Random tends to make non-damaging code contributions, and works
well with people in the community, so we want his changes going
directly into future releases without them needing prior review
(in other words: J. Random is a full committer).
2) J. Random has built and tested on platform X, and we trust his
reports of what he encountered (in other words: J. Random can
sign releases).
Right now, we pretend that (1) is both necessary and sufficient for
(2). It is surely sufficient, but it is *not* necessary.
But is there any qualification we should require for (2), beyond that
someone posts plausible-looking test output to the dev@ list? Should we
"know" the person somehow?
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Only require 2 signatures for zip file?
Posted by Mark Phippard <ma...@gmail.com>.
On Fri, Apr 11, 2008 at 2:39 PM, David Glasser <gl...@davidglasser.net> wrote:
> On Fri, Apr 11, 2008 at 11:36 AM, Mark Phippard <ma...@gmail.com> wrote:
> > Failing that, who else is willing to setup and test on Windows? We
> > have a lot of active downstream users of the Windows release. We have
> > Jeremy and Bert from AnkhSVN and Stefan from TortoiseSVN. How about
> > if we started accepting and counting their signatures towards a
> > release? Assuming they are willing to run the tests and provide
> > signature of course.
>
> Whether or not we count it towards the release count, I think I'm
> always interested in seeing that folks like Stefan and the AnkhSVN
> people have verified a release.
I used to build the Windows release so I could include JavaHL library
in Subclipse, and so I would also run the tests and sign the release.
But since I was not a full committer, my signature did not count
towards the release. I always thought it should have (since we had
these same signature problems back then).
Given that the rest of you are not likely to give up emacs for Windows
we need to be looking for solutions. By the way, I forgot Ivan Zhakov
in my original post. I do not think he has signed releases in the
past, at least not regularly. If we could get him to commit to do so,
this would at least be less of a problem since we would then have
three committers that we can count on signing the release, and four
when DJ is able to devote the time again.
That said, Stefan, Bert and Jeremy have all contributed to our project
and they have vested interest in our releases. It seems like we would
be doing ourselves a favor if we recruited and counted their
signatures.
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Only require 2 signatures for zip file?
Posted by David Glasser <gl...@davidglasser.net>.
On Fri, Apr 11, 2008 at 11:36 AM, Mark Phippard <ma...@gmail.com> wrote:
> Failing that, who else is willing to setup and test on Windows? We
> have a lot of active downstream users of the Windows release. We have
> Jeremy and Bert from AnkhSVN and Stefan from TortoiseSVN. How about
> if we started accepting and counting their signatures towards a
> release? Assuming they are willing to run the tests and provide
> signature of course.
Whether or not we count it towards the release count, I think I'm
always interested in seeing that folks like Stefan and the AnkhSVN
people have verified a release.
--dave
--
David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Only require 2 signatures for zip file?
Posted by "Hyrum K. Wright" <hy...@mail.utexas.edu>.
Lieven Govaerts wrote:
> Mark Phippard wrote:
>> I know this has come up before, but let me raise it again. We are
>> always in need of committers to sign the zip files. Currently both
>> myself and Paul Burba run the tests on Windows and sign the zip file.
>> I am not sure if there is anyone else available to sign them for this
>> release. I checked with DJ and he is not going to be available to
>> sign the RC2 release. Brane has not signed a release in a long time
>> and I am assuming this release will be no different. Lieven? I think
>> you have done some Windows work are you planning to sign the zip file.
>
> I normally provide signatures for Windows only, knowing that there is an
> abundance of *nix voters. Setting up the build on Windows and running it
> does take me a lot of time though, so I typically wait a few days so
> that I'm sure that this RC/release will actually make it.
>
> Is that going to happen with RC2? If you're waiting on that one vote,
> let me know and I'll fire up the Windows vm.
Nope. RC3 is pending shortly. (And thanks for testing on Windows!)
-Hyrum
Re: Only require 2 signatures for zip file?
Posted by Lieven Govaerts <sv...@mobsol.be>.
Mark Phippard wrote:
> I know this has come up before, but let me raise it again. We are
> always in need of committers to sign the zip files. Currently both
> myself and Paul Burba run the tests on Windows and sign the zip file.
> I am not sure if there is anyone else available to sign them for this
> release. I checked with DJ and he is not going to be available to
> sign the RC2 release. Brane has not signed a release in a long time
> and I am assuming this release will be no different. Lieven? I think
> you have done some Windows work are you planning to sign the zip file.
I normally provide signatures for Windows only, knowing that there is an
abundance of *nix voters. Setting up the build on Windows and running it
does take me a lot of time though, so I typically wait a few days so
that I'm sure that this RC/release will actually make it.
Is that going to happen with RC2? If you're waiting on that one vote,
let me know and I'll fire up the Windows vm.
Lieven
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org