[Vote] Cordova 3.4.0 release

[Steven Gill <st...@gmail.com>]

Please review and vote on the Cordova 3.4.0 release.

You can find the sample release at http://people.apache.org/~steven/

Voting will go on for 24 hours.

Cheers,

-Steve

Re: [Vote] Cordova 3.4.0 release

[Joe Bowser <bo...@gmail.com>]

I'm going to have to agree, based on the Apache policy I read earlier
that I didn't know about until today.

On Tue, Feb 18, 2014 at 9:59 PM, purplecabbage <pu...@gmail.com> wrote:
> IMO, If it was not in the release candidate, it should not be pushed into the release.
>
> If we need to turn around and do a 3.4.1 to address an issue, then we can do that.
>
>
>
>> On Feb 18, 2014, at 6:16 PM, Andrew Grieve <ag...@chromium.org> wrote:
>>
>> -1
>>
>> There's one iOS fix that I think we should put it (as is just being
>> discussed on private ML).
>>
>>
>>> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
>>>
>>> -1
>>>
>>> The NOTICE file is incorrect.
>>>
>>> The date still says 2012; it should be updated
>>>
>>> The line
>>>
>>> This product includes software developed by
>>>
>>> should be [2]
>>>
>>> This product includes software developed at
>>>
>>> The distinction is important.
>>>
>>> The source archive NOTICE file contains the wording
>>>
>>> "This product includes software developed by
>>> Ant-Contrib project (http://sourceforge.net/projects/ant-contrib). "
>>>
>>> It seems this relates to ant-contrib-1.0b3.jar which as far as I can
>>> tell is not *included* in the source archive.
>>>
>>> Entries in the NOTICE file must ONLY relate to software that is
>>> actually included.
>>> Nothing may be added to the NOTICE file that is not legally required [1]
>>>
>>> I was unable to check if the contents of the source archive agrees
>>> with the source code control system - please supply the tag(s) from
>>> which the source archive was created.
>>>
>>> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
>>> [2] http://www.apache.org/legal/src-headers.html#notice-text
>>>
>>>
>>>
>>>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
>>>> Please review and vote on the Cordova 3.4.0 release.
>>>>
>>>> You can find the sample release at http://people.apache.org/~steven/
>>>>
>>>> Voting will go on for 24 hours.
>>>>
>>>> Cheers,
>>>>
>>>> -Steve
>>>

Re: [Vote] Cordova 3.4.0 release

[Brian LeRoux <b...@brian.io>]

I *think* Andrew means its helpful to have an extra set of eyes. The ideal
would be for us to re-instate that part of the program BEFORE we cut
release bits. A retroactive check doesn't hurt though really it should
never necessary after an RC.


On Wed, Feb 19, 2014 at 11:44 AM, Joe Bowser <bo...@gmail.com> wrote:

> This is only useful if your goal is to never release anything.
>
> On Wed, Feb 19, 2014 at 11:40 AM, Andrew Grieve <ag...@chromium.org>
> wrote:
> > I think this demonstrates why the vote can be useful. :P
> >
> >
> > On Wed, Feb 19, 2014 at 1:37 PM, Brian LeRoux <b...@brian.io> wrote:
> >
> >> This well illustrates my concern with tying a release to a vote thread.
> >> There is always going to be a reason to -1, there will always be
> important
> >> fixes, and there's always going to be a delays.
> >>
> >> The security issues are definitely worthy of a patch release. I don't
> see
> >> these windows issues as blocker for this release. Indeed this release
> >> ideally happened a month ago.
> >>
> >>
> >> On Wed, Feb 19, 2014 at 10:26 AM, Jesse <pu...@gmail.com>
> wrote:
> >>
> >> > -1, only because of issues recently found, I think we should address
> them
> >> > and re-try 3.4.0
> >> >
> >> > >> Isn't that *why* we have release candidates?
> >> >
> >> > Yes, but we should not be adding features between release candidate
> and
> >> > release.  In this case it is a pretty critical issue, so having
> looked at
> >> > it more, I think we should apply the patch.
> >> >
> >> > >> The right thing would be to make
> >> > >> another 3.4.0 (and another if necessary) and vote on *that* one.
> >> >
> >> > I agree
> >> >
> >> > >> .. Was hoping that the following 2 changes are added for the
> Windows
> >> > Platform.
> >> >
> >> > If we are doing another release, these changes are extremely low
> impact,
> >> > and I would like to include them in 3.4.0
> >> >
> >> >
> >> > @purplecabbage
> >> > risingj.com
> >> >
> >> >
> >> > On Wed, Feb 19, 2014 at 7:39 AM, Parashuram Narasimhan (MS OPEN TECH)
> <
> >> > panarasi@microsoft.com> wrote:
> >> >
> >> > > -1
> >> > >
> >> > > Was hoping that the following 2 changes are added for the Windows
> >> > > Platform. They may need to be in a major release .
> >> > >
> >> > > https://github.com/apache/cordova-windows/pull/15 - version of MS
> >> Build
> >> > > that is causing issues due to different combinations of Windows 8
> and
> >> > > Windows 8.1, VS 2013 and VS 2014.
> >> > > https://github.com/apache/cordova-windows/pull/16 - related to
> >> developer
> >> > > certificates
> >> > >
> >> > > -----Original Message-----
> >> > > From: mmocny@google.com [mailto:mmocny@google.com] On Behalf Of
> Michal
> >> > > Mocny
> >> > > Sent: Wednesday, February 19, 2014 6:44 AM
> >> > > To: dev
> >> > > Subject: Re: [Vote] Cordova 3.4.0 release
> >> > >
> >> > > On Wed, Feb 19, 2014 at 7:16 AM, Ian Clelland <
> iclelland@chromium.org
> >> > > >wrote:
> >> > >
> >> > > > On Wed, Feb 19, 2014 at 12:59 AM, purplecabbage
> >> > > > <purplecabbage@gmail.com
> >> > > > >wrote:
> >> > > >
> >> > > > > IMO, If it was not in the release candidate, it should not be
> >> pushed
> >> > > > > into the release.
> >> > > > >
> >> > > > > If we need to turn around and do a 3.4.1 to address an issue,
> then
> >> > > > > we can do that.
> >> > > > >
> >> > > >
> >> > > > Isn't that *why* we have release candidates?
> >> > > >
> >> > > > Isn't this just a case where 3.4.0-rc1 goes to 3.4.0-rc2 (and gets
> >> > > > voted on
> >> > > > again) before it becomes 3.4.0 final?
> >> > > >
> >> > > > It seems a bit off to have to sacrifice the "3.4.0" name because
> of a
> >> > > > release candidate that was voted down. The right thing would be to
> >> > > > make another 3.4.0 (and another if necessary) and vote on *that*
> one.
> >> > > >
> >> > >
> >> > > Totally agree.
> >> > >
> >> > >
> >> > > >
> >> > > > Ian
> >> > > >
> >> > > >
> >> > > > >
> >> > > > >
> >> > > > > > On Feb 18, 2014, at 6:16 PM, Andrew Grieve <
> agrieve@chromium.org
> >> >
> >> > > > wrote:
> >> > > > > >
> >> > > > > > -1
> >> > > > > >
> >> > > > > > There's one iOS fix that I think we should put it (as is just
> >> > > > > > being discussed on private ML).
> >> > > > > >
> >> > > > > >
> >> > > > > >> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com>
> wrote:
> >> > > > > >>
> >> > > > > >> -1
> >> > > > > >>
> >> > > > > >> The NOTICE file is incorrect.
> >> > > > > >>
> >> > > > > >> The date still says 2012; it should be updated
> >> > > > > >>
> >> > > > > >> The line
> >> > > > > >>
> >> > > > > >> This product includes software developed by
> >> > > > > >>
> >> > > > > >> should be [2]
> >> > > > > >>
> >> > > > > >> This product includes software developed at
> >> > > > > >>
> >> > > > > >> The distinction is important.
> >> > > > > >>
> >> > > > > >> The source archive NOTICE file contains the wording
> >> > > > > >>
> >> > > > > >> "This product includes software developed by Ant-Contrib
> project
> >> > > > > >> (http://sourceforge.net/projects/ant-contrib). "
> >> > > > > >>
> >> > > > > >> It seems this relates to ant-contrib-1.0b3.jar which as far
> as I
> >> > > > > >> can tell is not *included* in the source archive.
> >> > > > > >>
> >> > > > > >> Entries in the NOTICE file must ONLY relate to software that
> is
> >> > > > > >> actually included.
> >> > > > > >> Nothing may be added to the NOTICE file that is not legally
> >> > > > > >> required
> >> > > > [1]
> >> > > > > >>
> >> > > > > >> I was unable to check if the contents of the source archive
> >> > > > > >> agrees with the source code control system - please supply
> the
> >> > > > > >> tag(s) from which the source archive was created.
> >> > > > > >>
> >> > > > > >> [1]
> http://www.apache.org/dev/licensing-howto.html#mod-notice
> >> > > > > >> [2] http://www.apache.org/legal/src-headers.html#notice-text
> >> > > > > >>
> >> > > > > >>
> >> > > > > >>
> >> > > > > >>> On 18 February 2014 23:26, Steven Gill <
> stevengill97@gmail.com
> >> >
> >> > > > wrote:
> >> > > > > >>> Please review and vote on the Cordova 3.4.0 release.
> >> > > > > >>>
> >> > > > > >>> You can find the sample release at
> >> > > > > >>> http://people.apache.org/~steven/
> >> > > > > >>>
> >> > > > > >>> Voting will go on for 24 hours.
> >> > > > > >>>
> >> > > > > >>> Cheers,
> >> > > > > >>>
> >> > > > > >>> -Steve
> >> > > > > >>
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
>

Re: [Vote] Cordova 3.4.0 release

[Joe Bowser <bo...@gmail.com>]

This is only useful if your goal is to never release anything.

On Wed, Feb 19, 2014 at 11:40 AM, Andrew Grieve <ag...@chromium.org> wrote:
> I think this demonstrates why the vote can be useful. :P
>
>
> On Wed, Feb 19, 2014 at 1:37 PM, Brian LeRoux <b...@brian.io> wrote:
>
>> This well illustrates my concern with tying a release to a vote thread.
>> There is always going to be a reason to -1, there will always be important
>> fixes, and there's always going to be a delays.
>>
>> The security issues are definitely worthy of a patch release. I don't see
>> these windows issues as blocker for this release. Indeed this release
>> ideally happened a month ago.
>>
>>
>> On Wed, Feb 19, 2014 at 10:26 AM, Jesse <pu...@gmail.com> wrote:
>>
>> > -1, only because of issues recently found, I think we should address them
>> > and re-try 3.4.0
>> >
>> > >> Isn't that *why* we have release candidates?
>> >
>> > Yes, but we should not be adding features between release candidate and
>> > release.  In this case it is a pretty critical issue, so having looked at
>> > it more, I think we should apply the patch.
>> >
>> > >> The right thing would be to make
>> > >> another 3.4.0 (and another if necessary) and vote on *that* one.
>> >
>> > I agree
>> >
>> > >> .. Was hoping that the following 2 changes are added for the Windows
>> > Platform.
>> >
>> > If we are doing another release, these changes are extremely low impact,
>> > and I would like to include them in 3.4.0
>> >
>> >
>> > @purplecabbage
>> > risingj.com
>> >
>> >
>> > On Wed, Feb 19, 2014 at 7:39 AM, Parashuram Narasimhan (MS OPEN TECH) <
>> > panarasi@microsoft.com> wrote:
>> >
>> > > -1
>> > >
>> > > Was hoping that the following 2 changes are added for the Windows
>> > > Platform. They may need to be in a major release .
>> > >
>> > > https://github.com/apache/cordova-windows/pull/15 - version of MS
>> Build
>> > > that is causing issues due to different combinations of Windows 8 and
>> > > Windows 8.1, VS 2013 and VS 2014.
>> > > https://github.com/apache/cordova-windows/pull/16 - related to
>> developer
>> > > certificates
>> > >
>> > > -----Original Message-----
>> > > From: mmocny@google.com [mailto:mmocny@google.com] On Behalf Of Michal
>> > > Mocny
>> > > Sent: Wednesday, February 19, 2014 6:44 AM
>> > > To: dev
>> > > Subject: Re: [Vote] Cordova 3.4.0 release
>> > >
>> > > On Wed, Feb 19, 2014 at 7:16 AM, Ian Clelland <iclelland@chromium.org
>> > > >wrote:
>> > >
>> > > > On Wed, Feb 19, 2014 at 12:59 AM, purplecabbage
>> > > > <purplecabbage@gmail.com
>> > > > >wrote:
>> > > >
>> > > > > IMO, If it was not in the release candidate, it should not be
>> pushed
>> > > > > into the release.
>> > > > >
>> > > > > If we need to turn around and do a 3.4.1 to address an issue, then
>> > > > > we can do that.
>> > > > >
>> > > >
>> > > > Isn't that *why* we have release candidates?
>> > > >
>> > > > Isn't this just a case where 3.4.0-rc1 goes to 3.4.0-rc2 (and gets
>> > > > voted on
>> > > > again) before it becomes 3.4.0 final?
>> > > >
>> > > > It seems a bit off to have to sacrifice the "3.4.0" name because of a
>> > > > release candidate that was voted down. The right thing would be to
>> > > > make another 3.4.0 (and another if necessary) and vote on *that* one.
>> > > >
>> > >
>> > > Totally agree.
>> > >
>> > >
>> > > >
>> > > > Ian
>> > > >
>> > > >
>> > > > >
>> > > > >
>> > > > > > On Feb 18, 2014, at 6:16 PM, Andrew Grieve <agrieve@chromium.org
>> >
>> > > > wrote:
>> > > > > >
>> > > > > > -1
>> > > > > >
>> > > > > > There's one iOS fix that I think we should put it (as is just
>> > > > > > being discussed on private ML).
>> > > > > >
>> > > > > >
>> > > > > >> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
>> > > > > >>
>> > > > > >> -1
>> > > > > >>
>> > > > > >> The NOTICE file is incorrect.
>> > > > > >>
>> > > > > >> The date still says 2012; it should be updated
>> > > > > >>
>> > > > > >> The line
>> > > > > >>
>> > > > > >> This product includes software developed by
>> > > > > >>
>> > > > > >> should be [2]
>> > > > > >>
>> > > > > >> This product includes software developed at
>> > > > > >>
>> > > > > >> The distinction is important.
>> > > > > >>
>> > > > > >> The source archive NOTICE file contains the wording
>> > > > > >>
>> > > > > >> "This product includes software developed by Ant-Contrib project
>> > > > > >> (http://sourceforge.net/projects/ant-contrib). "
>> > > > > >>
>> > > > > >> It seems this relates to ant-contrib-1.0b3.jar which as far as I
>> > > > > >> can tell is not *included* in the source archive.
>> > > > > >>
>> > > > > >> Entries in the NOTICE file must ONLY relate to software that is
>> > > > > >> actually included.
>> > > > > >> Nothing may be added to the NOTICE file that is not legally
>> > > > > >> required
>> > > > [1]
>> > > > > >>
>> > > > > >> I was unable to check if the contents of the source archive
>> > > > > >> agrees with the source code control system - please supply the
>> > > > > >> tag(s) from which the source archive was created.
>> > > > > >>
>> > > > > >> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
>> > > > > >> [2] http://www.apache.org/legal/src-headers.html#notice-text
>> > > > > >>
>> > > > > >>
>> > > > > >>
>> > > > > >>> On 18 February 2014 23:26, Steven Gill <stevengill97@gmail.com
>> >
>> > > > wrote:
>> > > > > >>> Please review and vote on the Cordova 3.4.0 release.
>> > > > > >>>
>> > > > > >>> You can find the sample release at
>> > > > > >>> http://people.apache.org/~steven/
>> > > > > >>>
>> > > > > >>> Voting will go on for 24 hours.
>> > > > > >>>
>> > > > > >>> Cheers,
>> > > > > >>>
>> > > > > >>> -Steve
>> > > > > >>
>> > > > >
>> > > >
>> > >
>> >
>>

Re: [Vote] Cordova 3.4.0 release

[Andrew Grieve <ag...@chromium.org>]

I think this demonstrates why the vote can be useful. :P


On Wed, Feb 19, 2014 at 1:37 PM, Brian LeRoux <b...@brian.io> wrote:

> This well illustrates my concern with tying a release to a vote thread.
> There is always going to be a reason to -1, there will always be important
> fixes, and there's always going to be a delays.
>
> The security issues are definitely worthy of a patch release. I don't see
> these windows issues as blocker for this release. Indeed this release
> ideally happened a month ago.
>
>
> On Wed, Feb 19, 2014 at 10:26 AM, Jesse <pu...@gmail.com> wrote:
>
> > -1, only because of issues recently found, I think we should address them
> > and re-try 3.4.0
> >
> > >> Isn't that *why* we have release candidates?
> >
> > Yes, but we should not be adding features between release candidate and
> > release.  In this case it is a pretty critical issue, so having looked at
> > it more, I think we should apply the patch.
> >
> > >> The right thing would be to make
> > >> another 3.4.0 (and another if necessary) and vote on *that* one.
> >
> > I agree
> >
> > >> .. Was hoping that the following 2 changes are added for the Windows
> > Platform.
> >
> > If we are doing another release, these changes are extremely low impact,
> > and I would like to include them in 3.4.0
> >
> >
> > @purplecabbage
> > risingj.com
> >
> >
> > On Wed, Feb 19, 2014 at 7:39 AM, Parashuram Narasimhan (MS OPEN TECH) <
> > panarasi@microsoft.com> wrote:
> >
> > > -1
> > >
> > > Was hoping that the following 2 changes are added for the Windows
> > > Platform. They may need to be in a major release .
> > >
> > > https://github.com/apache/cordova-windows/pull/15 - version of MS
> Build
> > > that is causing issues due to different combinations of Windows 8 and
> > > Windows 8.1, VS 2013 and VS 2014.
> > > https://github.com/apache/cordova-windows/pull/16 - related to
> developer
> > > certificates
> > >
> > > -----Original Message-----
> > > From: mmocny@google.com [mailto:mmocny@google.com] On Behalf Of Michal
> > > Mocny
> > > Sent: Wednesday, February 19, 2014 6:44 AM
> > > To: dev
> > > Subject: Re: [Vote] Cordova 3.4.0 release
> > >
> > > On Wed, Feb 19, 2014 at 7:16 AM, Ian Clelland <iclelland@chromium.org
> > > >wrote:
> > >
> > > > On Wed, Feb 19, 2014 at 12:59 AM, purplecabbage
> > > > <purplecabbage@gmail.com
> > > > >wrote:
> > > >
> > > > > IMO, If it was not in the release candidate, it should not be
> pushed
> > > > > into the release.
> > > > >
> > > > > If we need to turn around and do a 3.4.1 to address an issue, then
> > > > > we can do that.
> > > > >
> > > >
> > > > Isn't that *why* we have release candidates?
> > > >
> > > > Isn't this just a case where 3.4.0-rc1 goes to 3.4.0-rc2 (and gets
> > > > voted on
> > > > again) before it becomes 3.4.0 final?
> > > >
> > > > It seems a bit off to have to sacrifice the "3.4.0" name because of a
> > > > release candidate that was voted down. The right thing would be to
> > > > make another 3.4.0 (and another if necessary) and vote on *that* one.
> > > >
> > >
> > > Totally agree.
> > >
> > >
> > > >
> > > > Ian
> > > >
> > > >
> > > > >
> > > > >
> > > > > > On Feb 18, 2014, at 6:16 PM, Andrew Grieve <agrieve@chromium.org
> >
> > > > wrote:
> > > > > >
> > > > > > -1
> > > > > >
> > > > > > There's one iOS fix that I think we should put it (as is just
> > > > > > being discussed on private ML).
> > > > > >
> > > > > >
> > > > > >> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
> > > > > >>
> > > > > >> -1
> > > > > >>
> > > > > >> The NOTICE file is incorrect.
> > > > > >>
> > > > > >> The date still says 2012; it should be updated
> > > > > >>
> > > > > >> The line
> > > > > >>
> > > > > >> This product includes software developed by
> > > > > >>
> > > > > >> should be [2]
> > > > > >>
> > > > > >> This product includes software developed at
> > > > > >>
> > > > > >> The distinction is important.
> > > > > >>
> > > > > >> The source archive NOTICE file contains the wording
> > > > > >>
> > > > > >> "This product includes software developed by Ant-Contrib project
> > > > > >> (http://sourceforge.net/projects/ant-contrib). "
> > > > > >>
> > > > > >> It seems this relates to ant-contrib-1.0b3.jar which as far as I
> > > > > >> can tell is not *included* in the source archive.
> > > > > >>
> > > > > >> Entries in the NOTICE file must ONLY relate to software that is
> > > > > >> actually included.
> > > > > >> Nothing may be added to the NOTICE file that is not legally
> > > > > >> required
> > > > [1]
> > > > > >>
> > > > > >> I was unable to check if the contents of the source archive
> > > > > >> agrees with the source code control system - please supply the
> > > > > >> tag(s) from which the source archive was created.
> > > > > >>
> > > > > >> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
> > > > > >> [2] http://www.apache.org/legal/src-headers.html#notice-text
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >>> On 18 February 2014 23:26, Steven Gill <stevengill97@gmail.com
> >
> > > > wrote:
> > > > > >>> Please review and vote on the Cordova 3.4.0 release.
> > > > > >>>
> > > > > >>> You can find the sample release at
> > > > > >>> http://people.apache.org/~steven/
> > > > > >>>
> > > > > >>> Voting will go on for 24 hours.
> > > > > >>>
> > > > > >>> Cheers,
> > > > > >>>
> > > > > >>> -Steve
> > > > > >>
> > > > >
> > > >
> > >
> >
>

Re: [Vote] Cordova 3.4.0 release

[Jesse <pu...@gmail.com>]

I am a +1 now as well.

@purplecabbage
risingj.com


On Wed, Feb 19, 2014 at 5:15 PM, Andrew Grieve <ag...@chromium.org> wrote:

> We've now worked through the issue I was worried about, and have determined
> that the fix is in plugins only. So...
>
> +1 on this release!
>
>
> On Wed, Feb 19, 2014 at 5:05 PM, Roy T. Fielding <fi...@gbiv.com>
> wrote:
>
> > On Feb 19, 2014, at 12:43 PM, Ross Gardler wrote:
> >
> > > A note on best practice. Prior to calling a release (i.e. when an RM is
> > > stepping up to create a release) there should be a "[DISCUSS] release
> > x.y.z"
> >
> > Some projects do that.  Others use an issue tracker (like Jira or a
> > simple STATUS file).  It is also reasonable to schedule one regularly.
> > Just understand that schedule != do.
> >
> > > This provides a place for people to air concerns without affecting the
> > VOTE
> > > thread. Ideally the VOTE thread is just a series of +1s and, in
> > exceptional
> > > circumstances, some -1's See my other thread for clarity on what -1's
> > mean.
> >
> > Missed it, but I can explain.  -1s are no more important than +1s.
> > They express an opinion.  Nothing more than that.
> >
> > > On 19 February 2014 10:37, Brian LeRoux <b...@brian.io> wrote:
> > >
> > >> This well illustrates my concern with tying a release to a vote
> thread.
> > >> There is always going to be a reason to -1, there will always be
> > important
> > >> fixes, and there's always going to be a delays.
> >
> > A -1 on a release is not a veto.  It just means that person would prefer
> > not to release this package.  Why?  They will probably explain, though
> > it isn't necessary for them to do so (unlike a veto on a patch/commit).
> >
> > >> The security issues are definitely worthy of a patch release. I don't
> > see
> > >> these windows issues as blocker for this release. Indeed this release
> > >> ideally happened a month ago.
> >
> > This is why release votes are a majority decision with minimum 3 +1s.
> > Each person on the PMC has an independent right to make that call.
> > Formal votes have a tendency to invite opinions that might otherwise be
> > left unheard.
> >
> > My usual criteria starts with "is it better than the last release?"
> > (note that there are a lot of things that could make it not better)
> > and ends with "does an imperfect release now prevent shipping a better
> > one next week?".  There are no perfect releases.
> >
> > Nevertheless, this is a group decision in which each PMC member has an
> > equal vote.  Non-PMC member opinions are also important and might
> > influence the RM or PMC.  However, majority rules, and the release can
> > go forward as soon as the PMC majority says it can.
> >
> > Earlier, Joe Bowser said:
> >
> > > This is only useful if your goal is to never release anything.
> >
> > Our goal is to be inclusive to community input on decision making.
> > We respect the opinions of the community even when we disagree
> > with them.  Feel free to explain why your personal opinion differs.
> > Do not dissuade others from expressing their own opinion.
> >
> > Do not assume that you speak for Apache Cordova.
> > Only the result of voting speaks for the project as a whole.
> >
> >
> > Cheers,
> >
> > Roy T. Fielding                     <http://roy.gbiv.com/>
> > Senior Principal Scientist, Adobe   <http://www.adobe.com/>
> >
> >
>

Re: [Vote] Cordova 3.4.0 release

[Andrew Grieve <ag...@chromium.org>]

We've now worked through the issue I was worried about, and have determined
that the fix is in plugins only. So...

+1 on this release!


On Wed, Feb 19, 2014 at 5:05 PM, Roy T. Fielding <fi...@gbiv.com> wrote:

> On Feb 19, 2014, at 12:43 PM, Ross Gardler wrote:
>
> > A note on best practice. Prior to calling a release (i.e. when an RM is
> > stepping up to create a release) there should be a "[DISCUSS] release
> x.y.z"
>
> Some projects do that.  Others use an issue tracker (like Jira or a
> simple STATUS file).  It is also reasonable to schedule one regularly.
> Just understand that schedule != do.
>
> > This provides a place for people to air concerns without affecting the
> VOTE
> > thread. Ideally the VOTE thread is just a series of +1s and, in
> exceptional
> > circumstances, some -1's See my other thread for clarity on what -1's
> mean.
>
> Missed it, but I can explain.  -1s are no more important than +1s.
> They express an opinion.  Nothing more than that.
>
> > On 19 February 2014 10:37, Brian LeRoux <b...@brian.io> wrote:
> >
> >> This well illustrates my concern with tying a release to a vote thread.
> >> There is always going to be a reason to -1, there will always be
> important
> >> fixes, and there's always going to be a delays.
>
> A -1 on a release is not a veto.  It just means that person would prefer
> not to release this package.  Why?  They will probably explain, though
> it isn't necessary for them to do so (unlike a veto on a patch/commit).
>
> >> The security issues are definitely worthy of a patch release. I don't
> see
> >> these windows issues as blocker for this release. Indeed this release
> >> ideally happened a month ago.
>
> This is why release votes are a majority decision with minimum 3 +1s.
> Each person on the PMC has an independent right to make that call.
> Formal votes have a tendency to invite opinions that might otherwise be
> left unheard.
>
> My usual criteria starts with "is it better than the last release?"
> (note that there are a lot of things that could make it not better)
> and ends with "does an imperfect release now prevent shipping a better
> one next week?".  There are no perfect releases.
>
> Nevertheless, this is a group decision in which each PMC member has an
> equal vote.  Non-PMC member opinions are also important and might
> influence the RM or PMC.  However, majority rules, and the release can
> go forward as soon as the PMC majority says it can.
>
> Earlier, Joe Bowser said:
>
> > This is only useful if your goal is to never release anything.
>
> Our goal is to be inclusive to community input on decision making.
> We respect the opinions of the community even when we disagree
> with them.  Feel free to explain why your personal opinion differs.
> Do not dissuade others from expressing their own opinion.
>
> Do not assume that you speak for Apache Cordova.
> Only the result of voting speaks for the project as a whole.
>
>
> Cheers,
>
> Roy T. Fielding                     <http://roy.gbiv.com/>
> Senior Principal Scientist, Adobe   <http://www.adobe.com/>
>
>

Re: [Vote] Cordova 3.4.0 release

["Roy T. Fielding" <fi...@gbiv.com>]

On Feb 19, 2014, at 12:43 PM, Ross Gardler wrote:

> A note on best practice. Prior to calling a release (i.e. when an RM is
> stepping up to create a release) there should be a "[DISCUSS] release x.y.z"

Some projects do that.  Others use an issue tracker (like Jira or a
simple STATUS file).  It is also reasonable to schedule one regularly.
Just understand that schedule != do.

> This provides a place for people to air concerns without affecting the VOTE
> thread. Ideally the VOTE thread is just a series of +1s and, in exceptional
> circumstances, some -1's See my other thread for clarity on what -1's mean.

Missed it, but I can explain.  -1s are no more important than +1s.
They express an opinion.  Nothing more than that.

> On 19 February 2014 10:37, Brian LeRoux <b...@brian.io> wrote:
> 
>> This well illustrates my concern with tying a release to a vote thread.
>> There is always going to be a reason to -1, there will always be important
>> fixes, and there's always going to be a delays.

A -1 on a release is not a veto.  It just means that person would prefer
not to release this package.  Why?  They will probably explain, though
it isn't necessary for them to do so (unlike a veto on a patch/commit).

>> The security issues are definitely worthy of a patch release. I don't see
>> these windows issues as blocker for this release. Indeed this release
>> ideally happened a month ago.

This is why release votes are a majority decision with minimum 3 +1s.
Each person on the PMC has an independent right to make that call.
Formal votes have a tendency to invite opinions that might otherwise be
left unheard.

My usual criteria starts with "is it better than the last release?"
(note that there are a lot of things that could make it not better)
and ends with "does an imperfect release now prevent shipping a better
one next week?".  There are no perfect releases.

Nevertheless, this is a group decision in which each PMC member has an
equal vote.  Non-PMC member opinions are also important and might
influence the RM or PMC.  However, majority rules, and the release can
go forward as soon as the PMC majority says it can.

Earlier, Joe Bowser said:

> This is only useful if your goal is to never release anything.

Our goal is to be inclusive to community input on decision making.
We respect the opinions of the community even when we disagree
with them.  Feel free to explain why your personal opinion differs.
Do not dissuade others from expressing their own opinion.

Do not assume that you speak for Apache Cordova.
Only the result of voting speaks for the project as a whole.


Cheers,

Roy T. Fielding                     <http://roy.gbiv.com/>
Senior Principal Scientist, Adobe   <http://www.adobe.com/>

Re: [Vote] Cordova 3.4.0 release

[Ross Gardler <rg...@opendirective.com>]

A note on best practice. Prior to calling a release (i.e. when an RM is
stepping up to create a release) there should be a "[DISCUSS] release x.y.z"

This provides a place for people to air concerns without affecting the VOTE
thread. Ideally the VOTE thread is just a series of +1s and, in exceptional
circumstances, some -1's See my other thread for clarity on what -1's mean.

Ross

Ross Gardler (@rgardler)
Senior Technology Evangelist
Microsoft Open Technologies, Inc.
A subsidiary of Microsoft Corporation





On 19 February 2014 10:37, Brian LeRoux <b...@brian.io> wrote:

> This well illustrates my concern with tying a release to a vote thread.
> There is always going to be a reason to -1, there will always be important
> fixes, and there's always going to be a delays.
>
> The security issues are definitely worthy of a patch release. I don't see
> these windows issues as blocker for this release. Indeed this release
> ideally happened a month ago.
>
>
> On Wed, Feb 19, 2014 at 10:26 AM, Jesse <pu...@gmail.com> wrote:
>
> > -1, only because of issues recently found, I think we should address them
> > and re-try 3.4.0
> >
> > >> Isn't that *why* we have release candidates?
> >
> > Yes, but we should not be adding features between release candidate and
> > release.  In this case it is a pretty critical issue, so having looked at
> > it more, I think we should apply the patch.
> >
> > >> The right thing would be to make
> > >> another 3.4.0 (and another if necessary) and vote on *that* one.
> >
> > I agree
> >
> > >> .. Was hoping that the following 2 changes are added for the Windows
> > Platform.
> >
> > If we are doing another release, these changes are extremely low impact,
> > and I would like to include them in 3.4.0
> >
> >
> > @purplecabbage
> > risingj.com
> >
> >
> > On Wed, Feb 19, 2014 at 7:39 AM, Parashuram Narasimhan (MS OPEN TECH) <
> > panarasi@microsoft.com> wrote:
> >
> > > -1
> > >
> > > Was hoping that the following 2 changes are added for the Windows
> > > Platform. They may need to be in a major release .
> > >
> > > https://github.com/apache/cordova-windows/pull/15 - version of MS
> Build
> > > that is causing issues due to different combinations of Windows 8 and
> > > Windows 8.1, VS 2013 and VS 2014.
> > > https://github.com/apache/cordova-windows/pull/16 - related to
> developer
> > > certificates
> > >
> > > -----Original Message-----
> > > From: mmocny@google.com [mailto:mmocny@google.com] On Behalf Of Michal
> > > Mocny
> > > Sent: Wednesday, February 19, 2014 6:44 AM
> > > To: dev
> > > Subject: Re: [Vote] Cordova 3.4.0 release
> > >
> > > On Wed, Feb 19, 2014 at 7:16 AM, Ian Clelland <iclelland@chromium.org
> > > >wrote:
> > >
> > > > On Wed, Feb 19, 2014 at 12:59 AM, purplecabbage
> > > > <purplecabbage@gmail.com
> > > > >wrote:
> > > >
> > > > > IMO, If it was not in the release candidate, it should not be
> pushed
> > > > > into the release.
> > > > >
> > > > > If we need to turn around and do a 3.4.1 to address an issue, then
> > > > > we can do that.
> > > > >
> > > >
> > > > Isn't that *why* we have release candidates?
> > > >
> > > > Isn't this just a case where 3.4.0-rc1 goes to 3.4.0-rc2 (and gets
> > > > voted on
> > > > again) before it becomes 3.4.0 final?
> > > >
> > > > It seems a bit off to have to sacrifice the "3.4.0" name because of a
> > > > release candidate that was voted down. The right thing would be to
> > > > make another 3.4.0 (and another if necessary) and vote on *that* one.
> > > >
> > >
> > > Totally agree.
> > >
> > >
> > > >
> > > > Ian
> > > >
> > > >
> > > > >
> > > > >
> > > > > > On Feb 18, 2014, at 6:16 PM, Andrew Grieve <agrieve@chromium.org
> >
> > > > wrote:
> > > > > >
> > > > > > -1
> > > > > >
> > > > > > There's one iOS fix that I think we should put it (as is just
> > > > > > being discussed on private ML).
> > > > > >
> > > > > >
> > > > > >> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
> > > > > >>
> > > > > >> -1
> > > > > >>
> > > > > >> The NOTICE file is incorrect.
> > > > > >>
> > > > > >> The date still says 2012; it should be updated
> > > > > >>
> > > > > >> The line
> > > > > >>
> > > > > >> This product includes software developed by
> > > > > >>
> > > > > >> should be [2]
> > > > > >>
> > > > > >> This product includes software developed at
> > > > > >>
> > > > > >> The distinction is important.
> > > > > >>
> > > > > >> The source archive NOTICE file contains the wording
> > > > > >>
> > > > > >> "This product includes software developed by Ant-Contrib project
> > > > > >> (http://sourceforge.net/projects/ant-contrib). "
> > > > > >>
> > > > > >> It seems this relates to ant-contrib-1.0b3.jar which as far as I
> > > > > >> can tell is not *included* in the source archive.
> > > > > >>
> > > > > >> Entries in the NOTICE file must ONLY relate to software that is
> > > > > >> actually included.
> > > > > >> Nothing may be added to the NOTICE file that is not legally
> > > > > >> required
> > > > [1]
> > > > > >>
> > > > > >> I was unable to check if the contents of the source archive
> > > > > >> agrees with the source code control system - please supply the
> > > > > >> tag(s) from which the source archive was created.
> > > > > >>
> > > > > >> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
> > > > > >> [2] http://www.apache.org/legal/src-headers.html#notice-text
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >>> On 18 February 2014 23:26, Steven Gill <stevengill97@gmail.com
> >
> > > > wrote:
> > > > > >>> Please review and vote on the Cordova 3.4.0 release.
> > > > > >>>
> > > > > >>> You can find the sample release at
> > > > > >>> http://people.apache.org/~steven/
> > > > > >>>
> > > > > >>> Voting will go on for 24 hours.
> > > > > >>>
> > > > > >>> Cheers,
> > > > > >>>
> > > > > >>> -Steve
> > > > > >>
> > > > >
> > > >
> > >
> >
>

RE: [Vote] Cordova 3.4.0 release

["Parashuram Narasimhan (MS OPEN TECH)" <pa...@microsoft.com>]

I spoke to Jesse about the Windows issues. Revoking my -1 as they are non-critical. 

-----Original Message-----
From: brian.leroux@gmail.com [mailto:brian.leroux@gmail.com] On Behalf Of Brian LeRoux
Sent: Wednesday, February 19, 2014 10:37 AM
To: dev@cordova.apache.org
Subject: Re: [Vote] Cordova 3.4.0 release

This well illustrates my concern with tying a release to a vote thread.
There is always going to be a reason to -1, there will always be important fixes, and there's always going to be a delays.

The security issues are definitely worthy of a patch release. I don't see these windows issues as blocker for this release. Indeed this release ideally happened a month ago.


On Wed, Feb 19, 2014 at 10:26 AM, Jesse <pu...@gmail.com> wrote:

> -1, only because of issues recently found, I think we should address 
> them and re-try 3.4.0
>
> >> Isn't that *why* we have release candidates?
>
> Yes, but we should not be adding features between release candidate 
> and release.  In this case it is a pretty critical issue, so having 
> looked at it more, I think we should apply the patch.
>
> >> The right thing would be to make
> >> another 3.4.0 (and another if necessary) and vote on *that* one.
>
> I agree
>
> >> .. Was hoping that the following 2 changes are added for the 
> >> Windows
> Platform.
>
> If we are doing another release, these changes are extremely low 
> impact, and I would like to include them in 3.4.0
>
>
> @purplecabbage
> risingj.com
>
>
> On Wed, Feb 19, 2014 at 7:39 AM, Parashuram Narasimhan (MS OPEN TECH) 
> < panarasi@microsoft.com> wrote:
>
> > -1
> >
> > Was hoping that the following 2 changes are added for the Windows 
> > Platform. They may need to be in a major release .
> >
> > https://github.com/apache/cordova-windows/pull/15 - version of MS 
> > Build that is causing issues due to different combinations of 
> > Windows 8 and Windows 8.1, VS 2013 and VS 2014.
> > https://github.com/apache/cordova-windows/pull/16 - related to 
> > developer certificates
> >
> > -----Original Message-----
> > From: mmocny@google.com [mailto:mmocny@google.com] On Behalf Of 
> > Michal Mocny
> > Sent: Wednesday, February 19, 2014 6:44 AM
> > To: dev
> > Subject: Re: [Vote] Cordova 3.4.0 release
> >
> > On Wed, Feb 19, 2014 at 7:16 AM, Ian Clelland 
> > <iclelland@chromium.org
> > >wrote:
> >
> > > On Wed, Feb 19, 2014 at 12:59 AM, purplecabbage 
> > > <purplecabbage@gmail.com
> > > >wrote:
> > >
> > > > IMO, If it was not in the release candidate, it should not be 
> > > > pushed into the release.
> > > >
> > > > If we need to turn around and do a 3.4.1 to address an issue, 
> > > > then we can do that.
> > > >
> > >
> > > Isn't that *why* we have release candidates?
> > >
> > > Isn't this just a case where 3.4.0-rc1 goes to 3.4.0-rc2 (and gets 
> > > voted on
> > > again) before it becomes 3.4.0 final?
> > >
> > > It seems a bit off to have to sacrifice the "3.4.0" name because 
> > > of a release candidate that was voted down. The right thing would 
> > > be to make another 3.4.0 (and another if necessary) and vote on *that* one.
> > >
> >
> > Totally agree.
> >
> >
> > >
> > > Ian
> > >
> > >
> > > >
> > > >
> > > > > On Feb 18, 2014, at 6:16 PM, Andrew Grieve 
> > > > > <ag...@chromium.org>
> > > wrote:
> > > > >
> > > > > -1
> > > > >
> > > > > There's one iOS fix that I think we should put it (as is just 
> > > > > being discussed on private ML).
> > > > >
> > > > >
> > > > >> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
> > > > >>
> > > > >> -1
> > > > >>
> > > > >> The NOTICE file is incorrect.
> > > > >>
> > > > >> The date still says 2012; it should be updated
> > > > >>
> > > > >> The line
> > > > >>
> > > > >> This product includes software developed by
> > > > >>
> > > > >> should be [2]
> > > > >>
> > > > >> This product includes software developed at
> > > > >>
> > > > >> The distinction is important.
> > > > >>
> > > > >> The source archive NOTICE file contains the wording
> > > > >>
> > > > >> "This product includes software developed by Ant-Contrib 
> > > > >> project (http://sourceforge.net/projects/ant-contrib). "
> > > > >>
> > > > >> It seems this relates to ant-contrib-1.0b3.jar which as far 
> > > > >> as I can tell is not *included* in the source archive.
> > > > >>
> > > > >> Entries in the NOTICE file must ONLY relate to software that 
> > > > >> is actually included.
> > > > >> Nothing may be added to the NOTICE file that is not legally 
> > > > >> required
> > > [1]
> > > > >>
> > > > >> I was unable to check if the contents of the source archive 
> > > > >> agrees with the source code control system - please supply 
> > > > >> the
> > > > >> tag(s) from which the source archive was created.
> > > > >>
> > > > >> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
> > > > >> [2] http://www.apache.org/legal/src-headers.html#notice-text
> > > > >>
> > > > >>
> > > > >>
> > > > >>> On 18 February 2014 23:26, Steven Gill 
> > > > >>> <st...@gmail.com>
> > > wrote:
> > > > >>> Please review and vote on the Cordova 3.4.0 release.
> > > > >>>
> > > > >>> You can find the sample release at 
> > > > >>> http://people.apache.org/~steven/
> > > > >>>
> > > > >>> Voting will go on for 24 hours.
> > > > >>>
> > > > >>> Cheers,
> > > > >>>
> > > > >>> -Steve
> > > > >>
> > > >
> > >
> >
>

Re: [Vote] Cordova 3.4.0 release

[Brian LeRoux <b...@brian.io>]

This well illustrates my concern with tying a release to a vote thread.
There is always going to be a reason to -1, there will always be important
fixes, and there's always going to be a delays.

The security issues are definitely worthy of a patch release. I don't see
these windows issues as blocker for this release. Indeed this release
ideally happened a month ago.


On Wed, Feb 19, 2014 at 10:26 AM, Jesse <pu...@gmail.com> wrote:

> -1, only because of issues recently found, I think we should address them
> and re-try 3.4.0
>
> >> Isn't that *why* we have release candidates?
>
> Yes, but we should not be adding features between release candidate and
> release.  In this case it is a pretty critical issue, so having looked at
> it more, I think we should apply the patch.
>
> >> The right thing would be to make
> >> another 3.4.0 (and another if necessary) and vote on *that* one.
>
> I agree
>
> >> .. Was hoping that the following 2 changes are added for the Windows
> Platform.
>
> If we are doing another release, these changes are extremely low impact,
> and I would like to include them in 3.4.0
>
>
> @purplecabbage
> risingj.com
>
>
> On Wed, Feb 19, 2014 at 7:39 AM, Parashuram Narasimhan (MS OPEN TECH) <
> panarasi@microsoft.com> wrote:
>
> > -1
> >
> > Was hoping that the following 2 changes are added for the Windows
> > Platform. They may need to be in a major release .
> >
> > https://github.com/apache/cordova-windows/pull/15 - version of MS Build
> > that is causing issues due to different combinations of Windows 8 and
> > Windows 8.1, VS 2013 and VS 2014.
> > https://github.com/apache/cordova-windows/pull/16 - related to developer
> > certificates
> >
> > -----Original Message-----
> > From: mmocny@google.com [mailto:mmocny@google.com] On Behalf Of Michal
> > Mocny
> > Sent: Wednesday, February 19, 2014 6:44 AM
> > To: dev
> > Subject: Re: [Vote] Cordova 3.4.0 release
> >
> > On Wed, Feb 19, 2014 at 7:16 AM, Ian Clelland <iclelland@chromium.org
> > >wrote:
> >
> > > On Wed, Feb 19, 2014 at 12:59 AM, purplecabbage
> > > <purplecabbage@gmail.com
> > > >wrote:
> > >
> > > > IMO, If it was not in the release candidate, it should not be pushed
> > > > into the release.
> > > >
> > > > If we need to turn around and do a 3.4.1 to address an issue, then
> > > > we can do that.
> > > >
> > >
> > > Isn't that *why* we have release candidates?
> > >
> > > Isn't this just a case where 3.4.0-rc1 goes to 3.4.0-rc2 (and gets
> > > voted on
> > > again) before it becomes 3.4.0 final?
> > >
> > > It seems a bit off to have to sacrifice the "3.4.0" name because of a
> > > release candidate that was voted down. The right thing would be to
> > > make another 3.4.0 (and another if necessary) and vote on *that* one.
> > >
> >
> > Totally agree.
> >
> >
> > >
> > > Ian
> > >
> > >
> > > >
> > > >
> > > > > On Feb 18, 2014, at 6:16 PM, Andrew Grieve <ag...@chromium.org>
> > > wrote:
> > > > >
> > > > > -1
> > > > >
> > > > > There's one iOS fix that I think we should put it (as is just
> > > > > being discussed on private ML).
> > > > >
> > > > >
> > > > >> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
> > > > >>
> > > > >> -1
> > > > >>
> > > > >> The NOTICE file is incorrect.
> > > > >>
> > > > >> The date still says 2012; it should be updated
> > > > >>
> > > > >> The line
> > > > >>
> > > > >> This product includes software developed by
> > > > >>
> > > > >> should be [2]
> > > > >>
> > > > >> This product includes software developed at
> > > > >>
> > > > >> The distinction is important.
> > > > >>
> > > > >> The source archive NOTICE file contains the wording
> > > > >>
> > > > >> "This product includes software developed by Ant-Contrib project
> > > > >> (http://sourceforge.net/projects/ant-contrib). "
> > > > >>
> > > > >> It seems this relates to ant-contrib-1.0b3.jar which as far as I
> > > > >> can tell is not *included* in the source archive.
> > > > >>
> > > > >> Entries in the NOTICE file must ONLY relate to software that is
> > > > >> actually included.
> > > > >> Nothing may be added to the NOTICE file that is not legally
> > > > >> required
> > > [1]
> > > > >>
> > > > >> I was unable to check if the contents of the source archive
> > > > >> agrees with the source code control system - please supply the
> > > > >> tag(s) from which the source archive was created.
> > > > >>
> > > > >> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
> > > > >> [2] http://www.apache.org/legal/src-headers.html#notice-text
> > > > >>
> > > > >>
> > > > >>
> > > > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
> > > wrote:
> > > > >>> Please review and vote on the Cordova 3.4.0 release.
> > > > >>>
> > > > >>> You can find the sample release at
> > > > >>> http://people.apache.org/~steven/
> > > > >>>
> > > > >>> Voting will go on for 24 hours.
> > > > >>>
> > > > >>> Cheers,
> > > > >>>
> > > > >>> -Steve
> > > > >>
> > > >
> > >
> >
>

Re: [Vote] Cordova 3.4.0 release

[Jesse <pu...@gmail.com>]

-1, only because of issues recently found, I think we should address them
and re-try 3.4.0

>> Isn't that *why* we have release candidates?

Yes, but we should not be adding features between release candidate and
release.  In this case it is a pretty critical issue, so having looked at
it more, I think we should apply the patch.

>> The right thing would be to make
>> another 3.4.0 (and another if necessary) and vote on *that* one.

I agree

>> .. Was hoping that the following 2 changes are added for the Windows
Platform.

If we are doing another release, these changes are extremely low impact,
and I would like to include them in 3.4.0


@purplecabbage
risingj.com


On Wed, Feb 19, 2014 at 7:39 AM, Parashuram Narasimhan (MS OPEN TECH) <
panarasi@microsoft.com> wrote:

> -1
>
> Was hoping that the following 2 changes are added for the Windows
> Platform. They may need to be in a major release .
>
> https://github.com/apache/cordova-windows/pull/15 - version of MS Build
> that is causing issues due to different combinations of Windows 8 and
> Windows 8.1, VS 2013 and VS 2014.
> https://github.com/apache/cordova-windows/pull/16 - related to developer
> certificates
>
> -----Original Message-----
> From: mmocny@google.com [mailto:mmocny@google.com] On Behalf Of Michal
> Mocny
> Sent: Wednesday, February 19, 2014 6:44 AM
> To: dev
> Subject: Re: [Vote] Cordova 3.4.0 release
>
> On Wed, Feb 19, 2014 at 7:16 AM, Ian Clelland <iclelland@chromium.org
> >wrote:
>
> > On Wed, Feb 19, 2014 at 12:59 AM, purplecabbage
> > <purplecabbage@gmail.com
> > >wrote:
> >
> > > IMO, If it was not in the release candidate, it should not be pushed
> > > into the release.
> > >
> > > If we need to turn around and do a 3.4.1 to address an issue, then
> > > we can do that.
> > >
> >
> > Isn't that *why* we have release candidates?
> >
> > Isn't this just a case where 3.4.0-rc1 goes to 3.4.0-rc2 (and gets
> > voted on
> > again) before it becomes 3.4.0 final?
> >
> > It seems a bit off to have to sacrifice the "3.4.0" name because of a
> > release candidate that was voted down. The right thing would be to
> > make another 3.4.0 (and another if necessary) and vote on *that* one.
> >
>
> Totally agree.
>
>
> >
> > Ian
> >
> >
> > >
> > >
> > > > On Feb 18, 2014, at 6:16 PM, Andrew Grieve <ag...@chromium.org>
> > wrote:
> > > >
> > > > -1
> > > >
> > > > There's one iOS fix that I think we should put it (as is just
> > > > being discussed on private ML).
> > > >
> > > >
> > > >> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
> > > >>
> > > >> -1
> > > >>
> > > >> The NOTICE file is incorrect.
> > > >>
> > > >> The date still says 2012; it should be updated
> > > >>
> > > >> The line
> > > >>
> > > >> This product includes software developed by
> > > >>
> > > >> should be [2]
> > > >>
> > > >> This product includes software developed at
> > > >>
> > > >> The distinction is important.
> > > >>
> > > >> The source archive NOTICE file contains the wording
> > > >>
> > > >> "This product includes software developed by Ant-Contrib project
> > > >> (http://sourceforge.net/projects/ant-contrib). "
> > > >>
> > > >> It seems this relates to ant-contrib-1.0b3.jar which as far as I
> > > >> can tell is not *included* in the source archive.
> > > >>
> > > >> Entries in the NOTICE file must ONLY relate to software that is
> > > >> actually included.
> > > >> Nothing may be added to the NOTICE file that is not legally
> > > >> required
> > [1]
> > > >>
> > > >> I was unable to check if the contents of the source archive
> > > >> agrees with the source code control system - please supply the
> > > >> tag(s) from which the source archive was created.
> > > >>
> > > >> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
> > > >> [2] http://www.apache.org/legal/src-headers.html#notice-text
> > > >>
> > > >>
> > > >>
> > > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
> > wrote:
> > > >>> Please review and vote on the Cordova 3.4.0 release.
> > > >>>
> > > >>> You can find the sample release at
> > > >>> http://people.apache.org/~steven/
> > > >>>
> > > >>> Voting will go on for 24 hours.
> > > >>>
> > > >>> Cheers,
> > > >>>
> > > >>> -Steve
> > > >>
> > >
> >
>

RE: [Vote] Cordova 3.4.0 release

["Parashuram Narasimhan (MS OPEN TECH)" <pa...@microsoft.com>]

-1

Was hoping that the following 2 changes are added for the Windows Platform. They may need to be in a major release .

https://github.com/apache/cordova-windows/pull/15 - version of MS Build that is causing issues due to different combinations of Windows 8 and Windows 8.1, VS 2013 and VS 2014. 
https://github.com/apache/cordova-windows/pull/16 - related to developer certificates

-----Original Message-----
From: mmocny@google.com [mailto:mmocny@google.com] On Behalf Of Michal Mocny
Sent: Wednesday, February 19, 2014 6:44 AM
To: dev
Subject: Re: [Vote] Cordova 3.4.0 release

On Wed, Feb 19, 2014 at 7:16 AM, Ian Clelland <ic...@chromium.org>wrote:

> On Wed, Feb 19, 2014 at 12:59 AM, purplecabbage 
> <purplecabbage@gmail.com
> >wrote:
>
> > IMO, If it was not in the release candidate, it should not be pushed 
> > into the release.
> >
> > If we need to turn around and do a 3.4.1 to address an issue, then 
> > we can do that.
> >
>
> Isn't that *why* we have release candidates?
>
> Isn't this just a case where 3.4.0-rc1 goes to 3.4.0-rc2 (and gets 
> voted on
> again) before it becomes 3.4.0 final?
>
> It seems a bit off to have to sacrifice the "3.4.0" name because of a 
> release candidate that was voted down. The right thing would be to 
> make another 3.4.0 (and another if necessary) and vote on *that* one.
>

Totally agree.


>
> Ian
>
>
> >
> >
> > > On Feb 18, 2014, at 6:16 PM, Andrew Grieve <ag...@chromium.org>
> wrote:
> > >
> > > -1
> > >
> > > There's one iOS fix that I think we should put it (as is just 
> > > being discussed on private ML).
> > >
> > >
> > >> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
> > >>
> > >> -1
> > >>
> > >> The NOTICE file is incorrect.
> > >>
> > >> The date still says 2012; it should be updated
> > >>
> > >> The line
> > >>
> > >> This product includes software developed by
> > >>
> > >> should be [2]
> > >>
> > >> This product includes software developed at
> > >>
> > >> The distinction is important.
> > >>
> > >> The source archive NOTICE file contains the wording
> > >>
> > >> "This product includes software developed by Ant-Contrib project 
> > >> (http://sourceforge.net/projects/ant-contrib). "
> > >>
> > >> It seems this relates to ant-contrib-1.0b3.jar which as far as I 
> > >> can tell is not *included* in the source archive.
> > >>
> > >> Entries in the NOTICE file must ONLY relate to software that is 
> > >> actually included.
> > >> Nothing may be added to the NOTICE file that is not legally 
> > >> required
> [1]
> > >>
> > >> I was unable to check if the contents of the source archive 
> > >> agrees with the source code control system - please supply the 
> > >> tag(s) from which the source archive was created.
> > >>
> > >> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
> > >> [2] http://www.apache.org/legal/src-headers.html#notice-text
> > >>
> > >>
> > >>
> > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
> wrote:
> > >>> Please review and vote on the Cordova 3.4.0 release.
> > >>>
> > >>> You can find the sample release at 
> > >>> http://people.apache.org/~steven/
> > >>>
> > >>> Voting will go on for 24 hours.
> > >>>
> > >>> Cheers,
> > >>>
> > >>> -Steve
> > >>
> >
>

Re: [Vote] Cordova 3.4.0 release

[Michal Mocny <mm...@chromium.org>]

On Wed, Feb 19, 2014 at 7:16 AM, Ian Clelland <ic...@chromium.org>wrote:

> On Wed, Feb 19, 2014 at 12:59 AM, purplecabbage <purplecabbage@gmail.com
> >wrote:
>
> > IMO, If it was not in the release candidate, it should not be pushed into
> > the release.
> >
> > If we need to turn around and do a 3.4.1 to address an issue, then we can
> > do that.
> >
>
> Isn't that *why* we have release candidates?
>
> Isn't this just a case where 3.4.0-rc1 goes to 3.4.0-rc2 (and gets voted on
> again) before it becomes 3.4.0 final?
>
> It seems a bit off to have to sacrifice the "3.4.0" name because of a
> release candidate that was voted down. The right thing would be to make
> another 3.4.0 (and another if necessary) and vote on *that* one.
>

Totally agree.


>
> Ian
>
>
> >
> >
> > > On Feb 18, 2014, at 6:16 PM, Andrew Grieve <ag...@chromium.org>
> wrote:
> > >
> > > -1
> > >
> > > There's one iOS fix that I think we should put it (as is just being
> > > discussed on private ML).
> > >
> > >
> > >> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
> > >>
> > >> -1
> > >>
> > >> The NOTICE file is incorrect.
> > >>
> > >> The date still says 2012; it should be updated
> > >>
> > >> The line
> > >>
> > >> This product includes software developed by
> > >>
> > >> should be [2]
> > >>
> > >> This product includes software developed at
> > >>
> > >> The distinction is important.
> > >>
> > >> The source archive NOTICE file contains the wording
> > >>
> > >> "This product includes software developed by
> > >> Ant-Contrib project (http://sourceforge.net/projects/ant-contrib). "
> > >>
> > >> It seems this relates to ant-contrib-1.0b3.jar which as far as I can
> > >> tell is not *included* in the source archive.
> > >>
> > >> Entries in the NOTICE file must ONLY relate to software that is
> > >> actually included.
> > >> Nothing may be added to the NOTICE file that is not legally required
> [1]
> > >>
> > >> I was unable to check if the contents of the source archive agrees
> > >> with the source code control system - please supply the tag(s) from
> > >> which the source archive was created.
> > >>
> > >> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
> > >> [2] http://www.apache.org/legal/src-headers.html#notice-text
> > >>
> > >>
> > >>
> > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
> wrote:
> > >>> Please review and vote on the Cordova 3.4.0 release.
> > >>>
> > >>> You can find the sample release at http://people.apache.org/~steven/
> > >>>
> > >>> Voting will go on for 24 hours.
> > >>>
> > >>> Cheers,
> > >>>
> > >>> -Steve
> > >>
> >
>

Re: [Vote] Cordova 3.4.0 release

[Ian Clelland <ic...@chromium.org>]

On Wed, Feb 19, 2014 at 12:59 AM, purplecabbage <pu...@gmail.com>wrote:

> IMO, If it was not in the release candidate, it should not be pushed into
> the release.
>
> If we need to turn around and do a 3.4.1 to address an issue, then we can
> do that.
>

Isn't that *why* we have release candidates?

Isn't this just a case where 3.4.0-rc1 goes to 3.4.0-rc2 (and gets voted on
again) before it becomes 3.4.0 final?

It seems a bit off to have to sacrifice the "3.4.0" name because of a
release candidate that was voted down. The right thing would be to make
another 3.4.0 (and another if necessary) and vote on *that* one.

Ian


>
>
> > On Feb 18, 2014, at 6:16 PM, Andrew Grieve <ag...@chromium.org> wrote:
> >
> > -1
> >
> > There's one iOS fix that I think we should put it (as is just being
> > discussed on private ML).
> >
> >
> >> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
> >>
> >> -1
> >>
> >> The NOTICE file is incorrect.
> >>
> >> The date still says 2012; it should be updated
> >>
> >> The line
> >>
> >> This product includes software developed by
> >>
> >> should be [2]
> >>
> >> This product includes software developed at
> >>
> >> The distinction is important.
> >>
> >> The source archive NOTICE file contains the wording
> >>
> >> "This product includes software developed by
> >> Ant-Contrib project (http://sourceforge.net/projects/ant-contrib). "
> >>
> >> It seems this relates to ant-contrib-1.0b3.jar which as far as I can
> >> tell is not *included* in the source archive.
> >>
> >> Entries in the NOTICE file must ONLY relate to software that is
> >> actually included.
> >> Nothing may be added to the NOTICE file that is not legally required [1]
> >>
> >> I was unable to check if the contents of the source archive agrees
> >> with the source code control system - please supply the tag(s) from
> >> which the source archive was created.
> >>
> >> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
> >> [2] http://www.apache.org/legal/src-headers.html#notice-text
> >>
> >>
> >>
> >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
> >>> Please review and vote on the Cordova 3.4.0 release.
> >>>
> >>> You can find the sample release at http://people.apache.org/~steven/
> >>>
> >>> Voting will go on for 24 hours.
> >>>
> >>> Cheers,
> >>>
> >>> -Steve
> >>
>

Re: [Vote] Cordova 3.4.0 release

[purplecabbage <pu...@gmail.com>]

IMO, If it was not in the release candidate, it should not be pushed into the release. 

If we need to turn around and do a 3.4.1 to address an issue, then we can do that. 



> On Feb 18, 2014, at 6:16 PM, Andrew Grieve <ag...@chromium.org> wrote:
> 
> -1
> 
> There's one iOS fix that I think we should put it (as is just being
> discussed on private ML).
> 
> 
>> On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:
>> 
>> -1
>> 
>> The NOTICE file is incorrect.
>> 
>> The date still says 2012; it should be updated
>> 
>> The line
>> 
>> This product includes software developed by
>> 
>> should be [2]
>> 
>> This product includes software developed at
>> 
>> The distinction is important.
>> 
>> The source archive NOTICE file contains the wording
>> 
>> "This product includes software developed by
>> Ant-Contrib project (http://sourceforge.net/projects/ant-contrib). "
>> 
>> It seems this relates to ant-contrib-1.0b3.jar which as far as I can
>> tell is not *included* in the source archive.
>> 
>> Entries in the NOTICE file must ONLY relate to software that is
>> actually included.
>> Nothing may be added to the NOTICE file that is not legally required [1]
>> 
>> I was unable to check if the contents of the source archive agrees
>> with the source code control system - please supply the tag(s) from
>> which the source archive was created.
>> 
>> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
>> [2] http://www.apache.org/legal/src-headers.html#notice-text
>> 
>> 
>> 
>>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
>>> Please review and vote on the Cordova 3.4.0 release.
>>> 
>>> You can find the sample release at http://people.apache.org/~steven/
>>> 
>>> Voting will go on for 24 hours.
>>> 
>>> Cheers,
>>> 
>>> -Steve
>> 

Re: [Vote] Cordova 3.4.0 release

[Andrew Grieve <ag...@chromium.org>]

-1

There's one iOS fix that I think we should put it (as is just being
discussed on private ML).


On Tue, Feb 18, 2014 at 8:57 PM, sebb <se...@gmail.com> wrote:

> -1
>
> The NOTICE file is incorrect.
>
> The date still says 2012; it should be updated
>
> The line
>
> This product includes software developed by
>
> should be [2]
>
> This product includes software developed at
>
> The distinction is important.
>
> The source archive NOTICE file contains the wording
>
> "This product includes software developed by
> Ant-Contrib project (http://sourceforge.net/projects/ant-contrib). "
>
> It seems this relates to ant-contrib-1.0b3.jar which as far as I can
> tell is not *included* in the source archive.
>
> Entries in the NOTICE file must ONLY relate to software that is
> actually included.
> Nothing may be added to the NOTICE file that is not legally required [1]
>
> I was unable to check if the contents of the source archive agrees
> with the source code control system - please supply the tag(s) from
> which the source archive was created.
>
> [1] http://www.apache.org/dev/licensing-howto.html#mod-notice
> [2] http://www.apache.org/legal/src-headers.html#notice-text
>
>
>
> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
> > Please review and vote on the Cordova 3.4.0 release.
> >
> > You can find the sample release at http://people.apache.org/~steven/
> >
> > Voting will go on for 24 hours.
> >
> > Cheers,
> >
> > -Steve
>

Re: [Vote] Cordova 3.4.0 release

[sebb <se...@gmail.com>]

-1

The NOTICE file is incorrect.

The date still says 2012; it should be updated

The line

This product includes software developed by

should be [2]

This product includes software developed at

The distinction is important.

The source archive NOTICE file contains the wording

"This product includes software developed by
Ant-Contrib project (http://sourceforge.net/projects/ant-contrib). "

It seems this relates to ant-contrib-1.0b3.jar which as far as I can
tell is not *included* in the source archive.

Entries in the NOTICE file must ONLY relate to software that is
actually included.
Nothing may be added to the NOTICE file that is not legally required [1]

I was unable to check if the contents of the source archive agrees
with the source code control system - please supply the tag(s) from
which the source archive was created.

[1] http://www.apache.org/dev/licensing-howto.html#mod-notice
[2] http://www.apache.org/legal/src-headers.html#notice-text



On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
> Please review and vote on the Cordova 3.4.0 release.
>
> You can find the sample release at http://people.apache.org/~steven/
>
> Voting will go on for 24 hours.
>
> Cheers,
>
> -Steve

Re: [Vote] Cordova 3.4.0 release

[James Jong <wj...@gmail.com>]

+1
-James Jong

On Feb 18, 2014, at 7:01 PM, Lisa Seacat DeLuca <ld...@us.ibm.com> wrote:

> +1
> 
> Lisa Seacat DeLuca
> Mobile Engineer | t: +415.787.4589 | ldeluca@apache.org | | ldeluca@us.ibm.com | lisaseacat.com | | +1
> 
> 
> 
> 
> 
> From:        Brian LeRoux <b...@brian.io> 
> To:        "dev@cordova.apache.org" <de...@cordova.apache.org> 
> Date:        02/18/2014 06:54 PM 
> Subject:        Re: [Vote] Cordova 3.4.0 release 
> Sent by:        brian.leroux@gmail.com 
> 
> 
> 
> +1
> 
> 
> On Tue, Feb 18, 2014 at 3:45 PM, Joe Bowser <bo...@gmail.com> wrote:
> 
> > +1
> >
> > On Tue, Feb 18, 2014 at 3:26 PM, Steven Gill <st...@gmail.com>
> > wrote:
> > > Please review and vote on the Cordova 3.4.0 release.
> > >
> > > You can find the sample release at http://people.apache.org/~steven/
> > >
> > > Voting will go on for 24 hours.
> > >
> > > Cheers,
> > >
> > > -Steve
> >
> 

Re: [Vote] Cordova 3.4.0 release

[Lisa Seacat DeLuca <ld...@us.ibm.com>]

+1

Lisa Seacat DeLuca
Mobile Engineer | t: +415.787.4589 | ldeluca@apache.org | | 
ldeluca@us.ibm.com | lisaseacat.com | | +1





From:   Brian LeRoux <b...@brian.io>
To:     "dev@cordova.apache.org" <de...@cordova.apache.org>
Date:   02/18/2014 06:54 PM
Subject:        Re: [Vote] Cordova 3.4.0 release
Sent by:        brian.leroux@gmail.com



+1


On Tue, Feb 18, 2014 at 3:45 PM, Joe Bowser <bo...@gmail.com> wrote:

> +1
>
> On Tue, Feb 18, 2014 at 3:26 PM, Steven Gill <st...@gmail.com>
> wrote:
> > Please review and vote on the Cordova 3.4.0 release.
> >
> > You can find the sample release at http://people.apache.org/~steven/
> >
> > Voting will go on for 24 hours.
> >
> > Cheers,
> >
> > -Steve
>

Re: [Vote] Cordova 3.4.0 release

[Brian LeRoux <b...@brian.io>]

+1


On Tue, Feb 18, 2014 at 3:45 PM, Joe Bowser <bo...@gmail.com> wrote:

> +1
>
> On Tue, Feb 18, 2014 at 3:26 PM, Steven Gill <st...@gmail.com>
> wrote:
> > Please review and vote on the Cordova 3.4.0 release.
> >
> > You can find the sample release at http://people.apache.org/~steven/
> >
> > Voting will go on for 24 hours.
> >
> > Cheers,
> >
> > -Steve
>

Re: [Vote] Cordova 3.4.0 release

[Joe Bowser <bo...@gmail.com>]

+1

On Tue, Feb 18, 2014 at 3:26 PM, Steven Gill <st...@gmail.com> wrote:
> Please review and vote on the Cordova 3.4.0 release.
>
> You can find the sample release at http://people.apache.org/~steven/
>
> Voting will go on for 24 hours.
>
> Cheers,
>
> -Steve

Re: [Vote] Cordova 3.4.0 release

[AnalyticsTester <an...@gmail.com>]

+1


> +1
> 
> On 2/18/14 3:26 PM, "Steven Gill" <st...@gmail.com> wrote:
> 
>> Please review and vote on the Cordova 3.4.0 release.
>> 
>> You can find the sample release at http://people.apache.org/~steven/
>> 
>> Voting will go on for 24 hours.
>> 
>> Cheers,
>> 
>> -Steve
> 

Re: [Vote] Cordova 3.4.0 release

[lmnbeyond <lm...@gmail.com>]

+1

Best Regards!


> +1
> 
> On 2/18/14 3:26 PM, "Steven Gill" <st...@gmail.com> wrote:
> 
>> Please review and vote on the Cordova 3.4.0 release.
>> 
>> You can find the sample release at http://people.apache.org/~steven/
>> 
>> Voting will go on for 24 hours.
>> 
>> Cheers,
>> 
>> -Steve
> 

Re: [Vote] Cordova 3.4.0 release

["Naik, Archana" <na...@lab126.com>]

+1

On 2/18/14 3:26 PM, "Steven Gill" <st...@gmail.com> wrote:

>Please review and vote on the Cordova 3.4.0 release.
>
>You can find the sample release at http://people.apache.org/~steven/
>
>Voting will go on for 24 hours.
>
>Cheers,
>
>-Steve

Re: [Vote] Cordova 3.4.0 release

[Steven Gill <st...@gmail.com>]

Vote closed!

The vote has passed successfully with 7 binding votes!

PMC Votes :
Andrew Grieve
Joe Bowser
Brian LeRoux
Jesse MacFadyen
Archana Naik
James Jong
Lisa Seacat DeLuca

Thanks all for voting!

I will be publishing the blog post + release zip + cli shortly!

Cheers,
-Steve



On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:

> On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org> wrote:
> > SCM == ?
>
> Source Code / Software Configuration   Management
>
> > Do you mean the git tags?
> > All of the repositories are tagged with the version number of the
> release.
> > So, "3.4.0" is the tag.
>
> OK, so where are the repos then please?
> Also, if the tag is not immutable, it would help to have the hash.
>
> >
> > On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
> >
> >> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
> >> > Please review and vote on the Cordova 3.4.0 release.
> >> >
> >> > You can find the sample release at http://people.apache.org/~steven/
> >>
> >> At the risk of being flamed, I am concerned that the VOTE mail does
> >> not include a link to the SCM tag.
> >>
> >> Why is this important?
> >>
> >> The ASF releases source files which come with a LICENSE (and NOTICE).
> >> It is vital that the release only contains files that are permitted to
> >> be distributed, and we aren't accidentally including files that should
> >> not be distributed.
> >>
> >> Equally, it is important that the source release is not missing any
> >> required files.
> >>
> >> The only practical way to check all the files is to compare the source
> >> archive against the tag(s) it is supposed to contain.
> >>
> >> In theory, an automated build process will ensure that the archive
> >> only contains files from the tag, and does not omit any require files.
> >> However, in practice, the archives are built from workspaces that
> >> contain other files (e.g. compilation output).
> >> I know of at least two projects which used standard automated
> >> procedures (Maven), yet their source releases contained files that
> >> should not have been released.
> >>
> >> Should there be a complaint, it's important that the PMC can show that
> >> due diligence was done in checking the source archive contents.
> >> This will be easier to prove if the VOTE thread contains details of
> >> the SCM tags from which the archive was built.
> >>
> >> The SCM repo provides traceability of provenance.
> >>
> >> So please can someone provide the SCM tag(s) that were used to create
> >> the source release?
> >>
> >> > Voting will go on for 24 hours.
> >> >
> >> > Cheers,
> >> >
> >> > -Steve
> >>
>

Re: [Vote] Cordova 3.4.0 release

[Michal Mocny <mm...@chromium.org>]

So I was a bit curious to try this myself, so I ran:

> coho --repo cadence repo-clone
> coho --repo cadence foreach "git remote -v"
> coho --repo cadence foreach "git show-ref 3.4.0"

It seems that cordova-cli is included in the cadence release, but hasn't
been tagged passed rc.2 yet?

(also, cordova-firefoxos has had no tags from 3.4.0 at all)

Sebb, I think thats the best way to know whats in the release, is to use
our cordova-coho tool (which help manage all the repos and tag releases
automatically).

-Michal


On Thu, Feb 20, 2014 at 1:16 PM, Joe Bowser <bo...@gmail.com> wrote:

> Seriously, you can't find that yourself? You clearly know nothing
> about this project.
>
> On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
> > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org> wrote:
> >> SCM == ?
> >
> > Source Code / Software Configuration   Management
> >
> >> Do you mean the git tags?
> >> All of the repositories are tagged with the version number of the
> release.
> >> So, "3.4.0" is the tag.
> >
> > OK, so where are the repos then please?
> > Also, if the tag is not immutable, it would help to have the hash.
> >
> >>
> >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
> >>
> >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
> >>> > Please review and vote on the Cordova 3.4.0 release.
> >>> >
> >>> > You can find the sample release at http://people.apache.org/~steven/
> >>>
> >>> At the risk of being flamed, I am concerned that the VOTE mail does
> >>> not include a link to the SCM tag.
> >>>
> >>> Why is this important?
> >>>
> >>> The ASF releases source files which come with a LICENSE (and NOTICE).
> >>> It is vital that the release only contains files that are permitted to
> >>> be distributed, and we aren't accidentally including files that should
> >>> not be distributed.
> >>>
> >>> Equally, it is important that the source release is not missing any
> >>> required files.
> >>>
> >>> The only practical way to check all the files is to compare the source
> >>> archive against the tag(s) it is supposed to contain.
> >>>
> >>> In theory, an automated build process will ensure that the archive
> >>> only contains files from the tag, and does not omit any require files.
> >>> However, in practice, the archives are built from workspaces that
> >>> contain other files (e.g. compilation output).
> >>> I know of at least two projects which used standard automated
> >>> procedures (Maven), yet their source releases contained files that
> >>> should not have been released.
> >>>
> >>> Should there be a complaint, it's important that the PMC can show that
> >>> due diligence was done in checking the source archive contents.
> >>> This will be easier to prove if the VOTE thread contains details of
> >>> the SCM tags from which the archive was built.
> >>>
> >>> The SCM repo provides traceability of provenance.
> >>>
> >>> So please can someone provide the SCM tag(s) that were used to create
> >>> the source release?
> >>>
> >>> > Voting will go on for 24 hours.
> >>> >
> >>> > Cheers,
> >>> >
> >>> > -Steve
> >>>
>

Re: [Vote] Cordova 3.4.0 release

[Michal Mocny <mm...@chromium.org>]

Thanks Steve, the problem was my use of "git show-ref 3.4.0" which is
specifically looking for that tag.  I forgot about the cad+sem versioning
of cli (woops).

I am doing this now :/

coho --repo cadence foreach "git tag" | grep -e "Executing" -e "3.4.0" |
grep -v "rc"
./cordova-android/ =========== Executing: git tag
3.4.0
./cordova-ios/ =============== Executing: git tag
3.4.0
./cordova-blackberry/ ======== Executing: git tag
3.4.0
./cordova-windows/ =========== Executing: git tag
3.4.0
./cordova-wp8/ =============== Executing: git tag
3.4.0
./cordova-firefoxos/ ========= Executing: git tag
3.4.0
./cordova-ubuntu/ ============ Executing: git tag
3.4.0
./cordova-amazon-fireos/ ===== Executing: git tag
3.4.0
./cordova-cli/ =============== Executing: git tag
3.4.0-0.1.0
./cordova-js/ ================ Executing: git tag
3.4.0
./cordova-mobile-spec/ ======= Executing: git tag
3.4.0
./cordova-app-hello-world/ === Executing: git tag
3.4.0
./cordova-docs/ ============== Executing: git tag
3.4.0



On Thu, Feb 20, 2014 at 2:09 PM, Steven Gill <st...@gmail.com> wrote:

> Michal,
>
> The CLI has the tag 3.4.0-0.1.0.  Are you sure you fetched the latest tags?
>
>
> On Thu, Feb 20, 2014 at 11:06 AM, Michal Mocny <mm...@chromium.org>
> wrote:
>
> > (I was wrong about firefoxos, its just cli thats missing the tag)
> >
> >
> > On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b...@brian.io> wrote:
> >
> > > C'mon Joe, its our job to help him. You can take the high road and then
> > > Sebb can start affording us the same courtesy.
> > >
> > >
> > > On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com>
> wrote:
> > >
> > > > Seriously, you can't find that yourself? You clearly know nothing
> > > > about this project.
> > > >
> > > > On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
> > > > > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org>
> > wrote:
> > > > >> SCM == ?
> > > > >
> > > > > Source Code / Software Configuration   Management
> > > > >
> > > > >> Do you mean the git tags?
> > > > >> All of the repositories are tagged with the version number of the
> > > > release.
> > > > >> So, "3.4.0" is the tag.
> > > > >
> > > > > OK, so where are the repos then please?
> > > > > Also, if the tag is not immutable, it would help to have the hash.
> > > > >
> > > > >>
> > > > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
> > > > >>
> > > > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
> > > wrote:
> > > > >>> > Please review and vote on the Cordova 3.4.0 release.
> > > > >>> >
> > > > >>> > You can find the sample release at
> > > http://people.apache.org/~steven/
> > > > >>>
> > > > >>> At the risk of being flamed, I am concerned that the VOTE mail
> does
> > > > >>> not include a link to the SCM tag.
> > > > >>>
> > > > >>> Why is this important?
> > > > >>>
> > > > >>> The ASF releases source files which come with a LICENSE (and
> > NOTICE).
> > > > >>> It is vital that the release only contains files that are
> permitted
> > > to
> > > > >>> be distributed, and we aren't accidentally including files that
> > > should
> > > > >>> not be distributed.
> > > > >>>
> > > > >>> Equally, it is important that the source release is not missing
> any
> > > > >>> required files.
> > > > >>>
> > > > >>> The only practical way to check all the files is to compare the
> > > source
> > > > >>> archive against the tag(s) it is supposed to contain.
> > > > >>>
> > > > >>> In theory, an automated build process will ensure that the
> archive
> > > > >>> only contains files from the tag, and does not omit any require
> > > files.
> > > > >>> However, in practice, the archives are built from workspaces that
> > > > >>> contain other files (e.g. compilation output).
> > > > >>> I know of at least two projects which used standard automated
> > > > >>> procedures (Maven), yet their source releases contained files
> that
> > > > >>> should not have been released.
> > > > >>>
> > > > >>> Should there be a complaint, it's important that the PMC can show
> > > that
> > > > >>> due diligence was done in checking the source archive contents.
> > > > >>> This will be easier to prove if the VOTE thread contains details
> of
> > > > >>> the SCM tags from which the archive was built.
> > > > >>>
> > > > >>> The SCM repo provides traceability of provenance.
> > > > >>>
> > > > >>> So please can someone provide the SCM tag(s) that were used to
> > create
> > > > >>> the source release?
> > > > >>>
> > > > >>> > Voting will go on for 24 hours.
> > > > >>> >
> > > > >>> > Cheers,
> > > > >>> >
> > > > >>> > -Steve
> > > > >>>
> > > >
> > >
> >
>

Re: [Vote] Cordova 3.4.0 release

[Steven Gill <st...@gmail.com>]

Michal,

The CLI has the tag 3.4.0-0.1.0.  Are you sure you fetched the latest tags?


On Thu, Feb 20, 2014 at 11:06 AM, Michal Mocny <mm...@chromium.org> wrote:

> (I was wrong about firefoxos, its just cli thats missing the tag)
>
>
> On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b...@brian.io> wrote:
>
> > C'mon Joe, its our job to help him. You can take the high road and then
> > Sebb can start affording us the same courtesy.
> >
> >
> > On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com> wrote:
> >
> > > Seriously, you can't find that yourself? You clearly know nothing
> > > about this project.
> > >
> > > On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
> > > > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org>
> wrote:
> > > >> SCM == ?
> > > >
> > > > Source Code / Software Configuration   Management
> > > >
> > > >> Do you mean the git tags?
> > > >> All of the repositories are tagged with the version number of the
> > > release.
> > > >> So, "3.4.0" is the tag.
> > > >
> > > > OK, so where are the repos then please?
> > > > Also, if the tag is not immutable, it would help to have the hash.
> > > >
> > > >>
> > > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
> > > >>
> > > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
> > wrote:
> > > >>> > Please review and vote on the Cordova 3.4.0 release.
> > > >>> >
> > > >>> > You can find the sample release at
> > http://people.apache.org/~steven/
> > > >>>
> > > >>> At the risk of being flamed, I am concerned that the VOTE mail does
> > > >>> not include a link to the SCM tag.
> > > >>>
> > > >>> Why is this important?
> > > >>>
> > > >>> The ASF releases source files which come with a LICENSE (and
> NOTICE).
> > > >>> It is vital that the release only contains files that are permitted
> > to
> > > >>> be distributed, and we aren't accidentally including files that
> > should
> > > >>> not be distributed.
> > > >>>
> > > >>> Equally, it is important that the source release is not missing any
> > > >>> required files.
> > > >>>
> > > >>> The only practical way to check all the files is to compare the
> > source
> > > >>> archive against the tag(s) it is supposed to contain.
> > > >>>
> > > >>> In theory, an automated build process will ensure that the archive
> > > >>> only contains files from the tag, and does not omit any require
> > files.
> > > >>> However, in practice, the archives are built from workspaces that
> > > >>> contain other files (e.g. compilation output).
> > > >>> I know of at least two projects which used standard automated
> > > >>> procedures (Maven), yet their source releases contained files that
> > > >>> should not have been released.
> > > >>>
> > > >>> Should there be a complaint, it's important that the PMC can show
> > that
> > > >>> due diligence was done in checking the source archive contents.
> > > >>> This will be easier to prove if the VOTE thread contains details of
> > > >>> the SCM tags from which the archive was built.
> > > >>>
> > > >>> The SCM repo provides traceability of provenance.
> > > >>>
> > > >>> So please can someone provide the SCM tag(s) that were used to
> create
> > > >>> the source release?
> > > >>>
> > > >>> > Voting will go on for 24 hours.
> > > >>> >
> > > >>> > Cheers,
> > > >>> >
> > > >>> > -Steve
> > > >>>
> > >
> >
>

Re: [Vote] Cordova 3.4.0 release

[Lisa Seacat DeLuca <ld...@us.ibm.com>]

Better yet, let's add it to the wiki for the workflow process.  
http://wiki.apache.org/cordova/CommitterWorkflow

it's *kinda* there now but could use some loving from someone who uses it 
all the time.



Lisa Seacat DeLuca
Emerging Mobile Software Engineer - Apache Cordova Committer - IBM Master 
Inventor
SWG Open Technologies and Strategy

Phone: 1-410-332-2128 | Mobile: 1-415-787-4589
E-mail: ldeluca@us.ibm.com
personal website: lisaseacat.com
Chat: ldeluca@us.ibm.com 
Find me on:   and within IBM on:  


100 East Pratt St 21-2212
Baltimore, MD 21202-1009
United States




From:   Brian LeRoux <b...@brian.io>
To:     "dev@cordova.apache.org" <de...@cordova.apache.org>
Date:   02/20/2014 02:20 PM
Subject:        Re: [Vote] Cordova 3.4.0 release
Sent by:        brian.leroux@gmail.com



we should start a thread about coho. it kind of grew into a tool that I'm
fairly certain only the googlers use and aligning our flows would be a 
good
thing.


On Thu, Feb 20, 2014 at 11:06 AM, Michal Mocny <mm...@chromium.org> 
wrote:

> (I was wrong about firefoxos, its just cli thats missing the tag)
>
>
> On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b...@brian.io> wrote:
>
> > C'mon Joe, its our job to help him. You can take the high road and 
then
> > Sebb can start affording us the same courtesy.
> >
> >
> > On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com> 
wrote:
> >
> > > Seriously, you can't find that yourself? You clearly know nothing
> > > about this project.
> > >
> > > On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
> > > > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org>
> wrote:
> > > >> SCM == ?
> > > >
> > > > Source Code / Software Configuration   Management
> > > >
> > > >> Do you mean the git tags?
> > > >> All of the repositories are tagged with the version number of the
> > > release.
> > > >> So, "3.4.0" is the tag.
> > > >
> > > > OK, so where are the repos then please?
> > > > Also, if the tag is not immutable, it would help to have the hash.
> > > >
> > > >>
> > > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
> > > >>
> > > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
> > wrote:
> > > >>> > Please review and vote on the Cordova 3.4.0 release.
> > > >>> >
> > > >>> > You can find the sample release at
> > http://people.apache.org/~steven/
> > > >>>
> > > >>> At the risk of being flamed, I am concerned that the VOTE mail 
does
> > > >>> not include a link to the SCM tag.
> > > >>>
> > > >>> Why is this important?
> > > >>>
> > > >>> The ASF releases source files which come with a LICENSE (and
> NOTICE).
> > > >>> It is vital that the release only contains files that are 
permitted
> > to
> > > >>> be distributed, and we aren't accidentally including files that
> > should
> > > >>> not be distributed.
> > > >>>
> > > >>> Equally, it is important that the source release is not missing 
any
> > > >>> required files.
> > > >>>
> > > >>> The only practical way to check all the files is to compare the
> > source
> > > >>> archive against the tag(s) it is supposed to contain.
> > > >>>
> > > >>> In theory, an automated build process will ensure that the 
archive
> > > >>> only contains files from the tag, and does not omit any require
> > files.
> > > >>> However, in practice, the archives are built from workspaces 
that
> > > >>> contain other files (e.g. compilation output).
> > > >>> I know of at least two projects which used standard automated
> > > >>> procedures (Maven), yet their source releases contained files 
that
> > > >>> should not have been released.
> > > >>>
> > > >>> Should there be a complaint, it's important that the PMC can 
show
> > that
> > > >>> due diligence was done in checking the source archive contents.
> > > >>> This will be easier to prove if the VOTE thread contains details 
of
> > > >>> the SCM tags from which the archive was built.
> > > >>>
> > > >>> The SCM repo provides traceability of provenance.
> > > >>>
> > > >>> So please can someone provide the SCM tag(s) that were used to
> create
> > > >>> the source release?
> > > >>>
> > > >>> > Voting will go on for 24 hours.
> > > >>> >
> > > >>> > Cheers,
> > > >>> >
> > > >>> > -Steve
> > > >>>
> > >
> >
>

Re: [Vote] Cordova 3.4.0 release

[Michal Mocny <mm...@chromium.org>]

Added a coho command to help with this:

> coho list-release-urls --version 3.4.0 --repo cadence
http://git-wip-us.apache.org/repos/asf?p=cordova-android.git;a=shortlog;h=refs/tags/3.4.0
9768e738823ba90213f7b118147ccaf7d5c85887 refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-ios.git;a=shortlog;h=refs/tags/3.4.0
a026bbcd4592717a5bc46222654729cbae958728 refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-blackberry.git;a=shortlog;h=refs/tags/3.4.0
195ea8d4602fffc6b7866a5848ff48c3d618d309 refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-windows.git;a=shortlog;h=refs/tags/3.4.0
0b2c38d417776920973254f8bbbced7be126c174 refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-wp8.git;a=shortlog;h=refs/tags/3.4.0
c8f7aee9e7a1e07aa9689887cca7271793613121 refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-firefoxos.git;a=shortlog;h=refs/tags/3.4.0
3e760cf65d5e6b6433fe0b134398a8e2838b939a refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-ubuntu.git;a=shortlog;h=refs/tags/3.4.0
91d453876b4afda7d7f51b7a682292a1f17e7c9e refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-amazon-fireos.git;a=shortlog;h=refs/tags/3.4.0
41207ba1ce0b0ea2821edce22d2a3a77123faf55 refs/tags/3.4.0
Tag "3.4.0" does not exist in repo cordova-cli
http://git-wip-us.apache.org/repos/asf?p=cordova-js.git;a=shortlog;h=refs/tags/3.4.0
5d558a9c1adbfc11ea5f095d12bf6d1d6ca697fb refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-mobile-spec.git;a=shortlog;h=refs/tags/3.4.0
32830c4afaf1bdbfc50e2c5bfb2d87b056d902e2 refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-app-hello-world.git;a=shortlog;h=refs/tags/3.4.0
23576375e7ee8580f41353aab8b523427b8cd0b3 refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-docs.git;a=shortlog;h=refs/tags/3.4.0
db7ab1ec80915153329c4b1ceaa0718b1b01c8e2 refs/tags/3.4.0


> coho list-release-urls --version 3.4.0-0.1.0 --repo cordova-cli
http://git-wip-us.apache.org/repos/asf?p=cordova-cli.git;a=shortlog;h=refs/tags/3.4.0-0.1.0
8bc03dc00c7ca87d7fa0446ed364875e551db0c1 refs/tags/3.4.0-0.1.0


You have to specify CLI version manually right now, but if someone wants to
fix that up in coho it would be sweet.


On Thu, Feb 20, 2014 at 3:02 PM, sebb <se...@gmail.com> wrote:

> Thanks, that looks good. I'll have a detailed look later.
>
> Is it possible to modify/delete a git tag?
> If so, then the git hashes ought to be provided, as accidents can happen.
> The mail archives should contain an immutable reference to the exact
> code in the repo that was used to build the release.
>
> On 20 February 2014 19:52, Michal Mocny <mm...@chromium.org> wrote:
> > Sebb, is this sufficient?  Or do we want a list of git hash's?
> >
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-android.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-ios.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-blackberry.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-windows.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-wp8.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-firefoxos.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-ubuntu.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-amazon-fireos.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-js.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-mobile-spec.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-app-hello-world.git;a=shortlog;h=refs/tags/3.4.0
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-docs.git;a=shortlog;h=refs/tags/3.4.0
> >
> >
> http://git-wip-us.apache.org/repos/asf?p=cordova-cli.git;a=shortlog;h=refs/tags/3.4.0-0.1.0
> >
> >
> > On Thu, Feb 20, 2014 at 2:28 PM, Joe Bowser <bo...@gmail.com> wrote:
> >
> >> On Thu, Feb 20, 2014 at 11:16 AM, Brian LeRoux <b...@brian.io> wrote:
> >> > we should start a thread about coho. it kind of grew into a tool that
> I'm
> >> > fairly certain only the googlers use and aligning our flows would be a
> >> good
> >> > thing.
> >>
> >> We're pretty much forced to use it to tag now, whether we like it or
> not.
> >>
> >> >
> >> >
> >> > On Thu, Feb 20, 2014 at 11:06 AM, Michal Mocny <mm...@chromium.org>
> >> wrote:
> >> >
> >> >> (I was wrong about firefoxos, its just cli thats missing the tag)
> >> >>
> >> >>
> >> >> On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b...@brian.io> wrote:
> >> >>
> >> >> > C'mon Joe, its our job to help him. You can take the high road and
> >> then
> >> >> > Sebb can start affording us the same courtesy.
> >> >> >
> >> >> >
> >> >> > On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com>
> >> wrote:
> >> >> >
> >> >> > > Seriously, you can't find that yourself? You clearly know nothing
> >> >> > > about this project.
> >> >> > >
> >> >> > > On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
> >> >> > > > On 20 February 2014 14:47, Andrew Grieve <agrieve@chromium.org
> >
> >> >> wrote:
> >> >> > > >> SCM == ?
> >> >> > > >
> >> >> > > > Source Code / Software Configuration   Management
> >> >> > > >
> >> >> > > >> Do you mean the git tags?
> >> >> > > >> All of the repositories are tagged with the version number of
> the
> >> >> > > release.
> >> >> > > >> So, "3.4.0" is the tag.
> >> >> > > >
> >> >> > > > OK, so where are the repos then please?
> >> >> > > > Also, if the tag is not immutable, it would help to have the
> hash.
> >> >> > > >
> >> >> > > >>
> >> >> > > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com>
> wrote:
> >> >> > > >>
> >> >> > > >>> On 18 February 2014 23:26, Steven Gill <
> stevengill97@gmail.com>
> >> >> > wrote:
> >> >> > > >>> > Please review and vote on the Cordova 3.4.0 release.
> >> >> > > >>> >
> >> >> > > >>> > You can find the sample release at
> >> >> > http://people.apache.org/~steven/
> >> >> > > >>>
> >> >> > > >>> At the risk of being flamed, I am concerned that the VOTE
> mail
> >> does
> >> >> > > >>> not include a link to the SCM tag.
> >> >> > > >>>
> >> >> > > >>> Why is this important?
> >> >> > > >>>
> >> >> > > >>> The ASF releases source files which come with a LICENSE (and
> >> >> NOTICE).
> >> >> > > >>> It is vital that the release only contains files that are
> >> permitted
> >> >> > to
> >> >> > > >>> be distributed, and we aren't accidentally including files
> that
> >> >> > should
> >> >> > > >>> not be distributed.
> >> >> > > >>>
> >> >> > > >>> Equally, it is important that the source release is not
> missing
> >> any
> >> >> > > >>> required files.
> >> >> > > >>>
> >> >> > > >>> The only practical way to check all the files is to compare
> the
> >> >> > source
> >> >> > > >>> archive against the tag(s) it is supposed to contain.
> >> >> > > >>>
> >> >> > > >>> In theory, an automated build process will ensure that the
> >> archive
> >> >> > > >>> only contains files from the tag, and does not omit any
> require
> >> >> > files.
> >> >> > > >>> However, in practice, the archives are built from workspaces
> >> that
> >> >> > > >>> contain other files (e.g. compilation output).
> >> >> > > >>> I know of at least two projects which used standard automated
> >> >> > > >>> procedures (Maven), yet their source releases contained files
> >> that
> >> >> > > >>> should not have been released.
> >> >> > > >>>
> >> >> > > >>> Should there be a complaint, it's important that the PMC can
> >> show
> >> >> > that
> >> >> > > >>> due diligence was done in checking the source archive
> contents.
> >> >> > > >>> This will be easier to prove if the VOTE thread contains
> >> details of
> >> >> > > >>> the SCM tags from which the archive was built.
> >> >> > > >>>
> >> >> > > >>> The SCM repo provides traceability of provenance.
> >> >> > > >>>
> >> >> > > >>> So please can someone provide the SCM tag(s) that were used
> to
> >> >> create
> >> >> > > >>> the source release?
> >> >> > > >>>
> >> >> > > >>> > Voting will go on for 24 hours.
> >> >> > > >>> >
> >> >> > > >>> > Cheers,
> >> >> > > >>> >
> >> >> > > >>> > -Steve
> >> >> > > >>>
> >> >> > >
> >> >> >
> >> >>
> >>
>

Re: [Vote] Cordova 3.4.0 release

[sebb <se...@gmail.com>]

Thanks, that looks good. I'll have a detailed look later.

Is it possible to modify/delete a git tag?
If so, then the git hashes ought to be provided, as accidents can happen.
The mail archives should contain an immutable reference to the exact
code in the repo that was used to build the release.

On 20 February 2014 19:52, Michal Mocny <mm...@chromium.org> wrote:
> Sebb, is this sufficient?  Or do we want a list of git hash's?
>
> http://git-wip-us.apache.org/repos/asf?p=cordova-android.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-ios.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-blackberry.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-windows.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-wp8.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-firefoxos.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-ubuntu.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-amazon-fireos.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-js.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-mobile-spec.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-app-hello-world.git;a=shortlog;h=refs/tags/3.4.0
> http://git-wip-us.apache.org/repos/asf?p=cordova-docs.git;a=shortlog;h=refs/tags/3.4.0
>
> http://git-wip-us.apache.org/repos/asf?p=cordova-cli.git;a=shortlog;h=refs/tags/3.4.0-0.1.0
>
>
> On Thu, Feb 20, 2014 at 2:28 PM, Joe Bowser <bo...@gmail.com> wrote:
>
>> On Thu, Feb 20, 2014 at 11:16 AM, Brian LeRoux <b...@brian.io> wrote:
>> > we should start a thread about coho. it kind of grew into a tool that I'm
>> > fairly certain only the googlers use and aligning our flows would be a
>> good
>> > thing.
>>
>> We're pretty much forced to use it to tag now, whether we like it or not.
>>
>> >
>> >
>> > On Thu, Feb 20, 2014 at 11:06 AM, Michal Mocny <mm...@chromium.org>
>> wrote:
>> >
>> >> (I was wrong about firefoxos, its just cli thats missing the tag)
>> >>
>> >>
>> >> On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b...@brian.io> wrote:
>> >>
>> >> > C'mon Joe, its our job to help him. You can take the high road and
>> then
>> >> > Sebb can start affording us the same courtesy.
>> >> >
>> >> >
>> >> > On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com>
>> wrote:
>> >> >
>> >> > > Seriously, you can't find that yourself? You clearly know nothing
>> >> > > about this project.
>> >> > >
>> >> > > On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
>> >> > > > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org>
>> >> wrote:
>> >> > > >> SCM == ?
>> >> > > >
>> >> > > > Source Code / Software Configuration   Management
>> >> > > >
>> >> > > >> Do you mean the git tags?
>> >> > > >> All of the repositories are tagged with the version number of the
>> >> > > release.
>> >> > > >> So, "3.4.0" is the tag.
>> >> > > >
>> >> > > > OK, so where are the repos then please?
>> >> > > > Also, if the tag is not immutable, it would help to have the hash.
>> >> > > >
>> >> > > >>
>> >> > > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
>> >> > > >>
>> >> > > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
>> >> > wrote:
>> >> > > >>> > Please review and vote on the Cordova 3.4.0 release.
>> >> > > >>> >
>> >> > > >>> > You can find the sample release at
>> >> > http://people.apache.org/~steven/
>> >> > > >>>
>> >> > > >>> At the risk of being flamed, I am concerned that the VOTE mail
>> does
>> >> > > >>> not include a link to the SCM tag.
>> >> > > >>>
>> >> > > >>> Why is this important?
>> >> > > >>>
>> >> > > >>> The ASF releases source files which come with a LICENSE (and
>> >> NOTICE).
>> >> > > >>> It is vital that the release only contains files that are
>> permitted
>> >> > to
>> >> > > >>> be distributed, and we aren't accidentally including files that
>> >> > should
>> >> > > >>> not be distributed.
>> >> > > >>>
>> >> > > >>> Equally, it is important that the source release is not missing
>> any
>> >> > > >>> required files.
>> >> > > >>>
>> >> > > >>> The only practical way to check all the files is to compare the
>> >> > source
>> >> > > >>> archive against the tag(s) it is supposed to contain.
>> >> > > >>>
>> >> > > >>> In theory, an automated build process will ensure that the
>> archive
>> >> > > >>> only contains files from the tag, and does not omit any require
>> >> > files.
>> >> > > >>> However, in practice, the archives are built from workspaces
>> that
>> >> > > >>> contain other files (e.g. compilation output).
>> >> > > >>> I know of at least two projects which used standard automated
>> >> > > >>> procedures (Maven), yet their source releases contained files
>> that
>> >> > > >>> should not have been released.
>> >> > > >>>
>> >> > > >>> Should there be a complaint, it's important that the PMC can
>> show
>> >> > that
>> >> > > >>> due diligence was done in checking the source archive contents.
>> >> > > >>> This will be easier to prove if the VOTE thread contains
>> details of
>> >> > > >>> the SCM tags from which the archive was built.
>> >> > > >>>
>> >> > > >>> The SCM repo provides traceability of provenance.
>> >> > > >>>
>> >> > > >>> So please can someone provide the SCM tag(s) that were used to
>> >> create
>> >> > > >>> the source release?
>> >> > > >>>
>> >> > > >>> > Voting will go on for 24 hours.
>> >> > > >>> >
>> >> > > >>> > Cheers,
>> >> > > >>> >
>> >> > > >>> > -Steve
>> >> > > >>>
>> >> > >
>> >> >
>> >>
>>

Re: [Vote] Cordova 3.4.0 release

[Michal Mocny <mm...@chromium.org>]

Sebb, is this sufficient?  Or do we want a list of git hash's?

http://git-wip-us.apache.org/repos/asf?p=cordova-android.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-ios.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-blackberry.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-windows.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-wp8.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-firefoxos.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-ubuntu.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-amazon-fireos.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-js.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-mobile-spec.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-app-hello-world.git;a=shortlog;h=refs/tags/3.4.0
http://git-wip-us.apache.org/repos/asf?p=cordova-docs.git;a=shortlog;h=refs/tags/3.4.0

http://git-wip-us.apache.org/repos/asf?p=cordova-cli.git;a=shortlog;h=refs/tags/3.4.0-0.1.0


On Thu, Feb 20, 2014 at 2:28 PM, Joe Bowser <bo...@gmail.com> wrote:

> On Thu, Feb 20, 2014 at 11:16 AM, Brian LeRoux <b...@brian.io> wrote:
> > we should start a thread about coho. it kind of grew into a tool that I'm
> > fairly certain only the googlers use and aligning our flows would be a
> good
> > thing.
>
> We're pretty much forced to use it to tag now, whether we like it or not.
>
> >
> >
> > On Thu, Feb 20, 2014 at 11:06 AM, Michal Mocny <mm...@chromium.org>
> wrote:
> >
> >> (I was wrong about firefoxos, its just cli thats missing the tag)
> >>
> >>
> >> On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b...@brian.io> wrote:
> >>
> >> > C'mon Joe, its our job to help him. You can take the high road and
> then
> >> > Sebb can start affording us the same courtesy.
> >> >
> >> >
> >> > On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com>
> wrote:
> >> >
> >> > > Seriously, you can't find that yourself? You clearly know nothing
> >> > > about this project.
> >> > >
> >> > > On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
> >> > > > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org>
> >> wrote:
> >> > > >> SCM == ?
> >> > > >
> >> > > > Source Code / Software Configuration   Management
> >> > > >
> >> > > >> Do you mean the git tags?
> >> > > >> All of the repositories are tagged with the version number of the
> >> > > release.
> >> > > >> So, "3.4.0" is the tag.
> >> > > >
> >> > > > OK, so where are the repos then please?
> >> > > > Also, if the tag is not immutable, it would help to have the hash.
> >> > > >
> >> > > >>
> >> > > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
> >> > > >>
> >> > > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
> >> > wrote:
> >> > > >>> > Please review and vote on the Cordova 3.4.0 release.
> >> > > >>> >
> >> > > >>> > You can find the sample release at
> >> > http://people.apache.org/~steven/
> >> > > >>>
> >> > > >>> At the risk of being flamed, I am concerned that the VOTE mail
> does
> >> > > >>> not include a link to the SCM tag.
> >> > > >>>
> >> > > >>> Why is this important?
> >> > > >>>
> >> > > >>> The ASF releases source files which come with a LICENSE (and
> >> NOTICE).
> >> > > >>> It is vital that the release only contains files that are
> permitted
> >> > to
> >> > > >>> be distributed, and we aren't accidentally including files that
> >> > should
> >> > > >>> not be distributed.
> >> > > >>>
> >> > > >>> Equally, it is important that the source release is not missing
> any
> >> > > >>> required files.
> >> > > >>>
> >> > > >>> The only practical way to check all the files is to compare the
> >> > source
> >> > > >>> archive against the tag(s) it is supposed to contain.
> >> > > >>>
> >> > > >>> In theory, an automated build process will ensure that the
> archive
> >> > > >>> only contains files from the tag, and does not omit any require
> >> > files.
> >> > > >>> However, in practice, the archives are built from workspaces
> that
> >> > > >>> contain other files (e.g. compilation output).
> >> > > >>> I know of at least two projects which used standard automated
> >> > > >>> procedures (Maven), yet their source releases contained files
> that
> >> > > >>> should not have been released.
> >> > > >>>
> >> > > >>> Should there be a complaint, it's important that the PMC can
> show
> >> > that
> >> > > >>> due diligence was done in checking the source archive contents.
> >> > > >>> This will be easier to prove if the VOTE thread contains
> details of
> >> > > >>> the SCM tags from which the archive was built.
> >> > > >>>
> >> > > >>> The SCM repo provides traceability of provenance.
> >> > > >>>
> >> > > >>> So please can someone provide the SCM tag(s) that were used to
> >> create
> >> > > >>> the source release?
> >> > > >>>
> >> > > >>> > Voting will go on for 24 hours.
> >> > > >>> >
> >> > > >>> > Cheers,
> >> > > >>> >
> >> > > >>> > -Steve
> >> > > >>>
> >> > >
> >> >
> >>
>

Re: [Vote] Cordova 3.4.0 release

[Joe Bowser <bo...@gmail.com>]

On Thu, Feb 20, 2014 at 11:16 AM, Brian LeRoux <b...@brian.io> wrote:
> we should start a thread about coho. it kind of grew into a tool that I'm
> fairly certain only the googlers use and aligning our flows would be a good
> thing.

We're pretty much forced to use it to tag now, whether we like it or not.

>
>
> On Thu, Feb 20, 2014 at 11:06 AM, Michal Mocny <mm...@chromium.org> wrote:
>
>> (I was wrong about firefoxos, its just cli thats missing the tag)
>>
>>
>> On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b...@brian.io> wrote:
>>
>> > C'mon Joe, its our job to help him. You can take the high road and then
>> > Sebb can start affording us the same courtesy.
>> >
>> >
>> > On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com> wrote:
>> >
>> > > Seriously, you can't find that yourself? You clearly know nothing
>> > > about this project.
>> > >
>> > > On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
>> > > > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org>
>> wrote:
>> > > >> SCM == ?
>> > > >
>> > > > Source Code / Software Configuration   Management
>> > > >
>> > > >> Do you mean the git tags?
>> > > >> All of the repositories are tagged with the version number of the
>> > > release.
>> > > >> So, "3.4.0" is the tag.
>> > > >
>> > > > OK, so where are the repos then please?
>> > > > Also, if the tag is not immutable, it would help to have the hash.
>> > > >
>> > > >>
>> > > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
>> > > >>
>> > > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
>> > wrote:
>> > > >>> > Please review and vote on the Cordova 3.4.0 release.
>> > > >>> >
>> > > >>> > You can find the sample release at
>> > http://people.apache.org/~steven/
>> > > >>>
>> > > >>> At the risk of being flamed, I am concerned that the VOTE mail does
>> > > >>> not include a link to the SCM tag.
>> > > >>>
>> > > >>> Why is this important?
>> > > >>>
>> > > >>> The ASF releases source files which come with a LICENSE (and
>> NOTICE).
>> > > >>> It is vital that the release only contains files that are permitted
>> > to
>> > > >>> be distributed, and we aren't accidentally including files that
>> > should
>> > > >>> not be distributed.
>> > > >>>
>> > > >>> Equally, it is important that the source release is not missing any
>> > > >>> required files.
>> > > >>>
>> > > >>> The only practical way to check all the files is to compare the
>> > source
>> > > >>> archive against the tag(s) it is supposed to contain.
>> > > >>>
>> > > >>> In theory, an automated build process will ensure that the archive
>> > > >>> only contains files from the tag, and does not omit any require
>> > files.
>> > > >>> However, in practice, the archives are built from workspaces that
>> > > >>> contain other files (e.g. compilation output).
>> > > >>> I know of at least two projects which used standard automated
>> > > >>> procedures (Maven), yet their source releases contained files that
>> > > >>> should not have been released.
>> > > >>>
>> > > >>> Should there be a complaint, it's important that the PMC can show
>> > that
>> > > >>> due diligence was done in checking the source archive contents.
>> > > >>> This will be easier to prove if the VOTE thread contains details of
>> > > >>> the SCM tags from which the archive was built.
>> > > >>>
>> > > >>> The SCM repo provides traceability of provenance.
>> > > >>>
>> > > >>> So please can someone provide the SCM tag(s) that were used to
>> create
>> > > >>> the source release?
>> > > >>>
>> > > >>> > Voting will go on for 24 hours.
>> > > >>> >
>> > > >>> > Cheers,
>> > > >>> >
>> > > >>> > -Steve
>> > > >>>
>> > >
>> >
>>

Re: [Vote] Cordova 3.4.0 release

[Brian LeRoux <b...@brian.io>]

we should start a thread about coho. it kind of grew into a tool that I'm
fairly certain only the googlers use and aligning our flows would be a good
thing.


On Thu, Feb 20, 2014 at 11:06 AM, Michal Mocny <mm...@chromium.org> wrote:

> (I was wrong about firefoxos, its just cli thats missing the tag)
>
>
> On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b...@brian.io> wrote:
>
> > C'mon Joe, its our job to help him. You can take the high road and then
> > Sebb can start affording us the same courtesy.
> >
> >
> > On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com> wrote:
> >
> > > Seriously, you can't find that yourself? You clearly know nothing
> > > about this project.
> > >
> > > On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
> > > > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org>
> wrote:
> > > >> SCM == ?
> > > >
> > > > Source Code / Software Configuration   Management
> > > >
> > > >> Do you mean the git tags?
> > > >> All of the repositories are tagged with the version number of the
> > > release.
> > > >> So, "3.4.0" is the tag.
> > > >
> > > > OK, so where are the repos then please?
> > > > Also, if the tag is not immutable, it would help to have the hash.
> > > >
> > > >>
> > > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
> > > >>
> > > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
> > wrote:
> > > >>> > Please review and vote on the Cordova 3.4.0 release.
> > > >>> >
> > > >>> > You can find the sample release at
> > http://people.apache.org/~steven/
> > > >>>
> > > >>> At the risk of being flamed, I am concerned that the VOTE mail does
> > > >>> not include a link to the SCM tag.
> > > >>>
> > > >>> Why is this important?
> > > >>>
> > > >>> The ASF releases source files which come with a LICENSE (and
> NOTICE).
> > > >>> It is vital that the release only contains files that are permitted
> > to
> > > >>> be distributed, and we aren't accidentally including files that
> > should
> > > >>> not be distributed.
> > > >>>
> > > >>> Equally, it is important that the source release is not missing any
> > > >>> required files.
> > > >>>
> > > >>> The only practical way to check all the files is to compare the
> > source
> > > >>> archive against the tag(s) it is supposed to contain.
> > > >>>
> > > >>> In theory, an automated build process will ensure that the archive
> > > >>> only contains files from the tag, and does not omit any require
> > files.
> > > >>> However, in practice, the archives are built from workspaces that
> > > >>> contain other files (e.g. compilation output).
> > > >>> I know of at least two projects which used standard automated
> > > >>> procedures (Maven), yet their source releases contained files that
> > > >>> should not have been released.
> > > >>>
> > > >>> Should there be a complaint, it's important that the PMC can show
> > that
> > > >>> due diligence was done in checking the source archive contents.
> > > >>> This will be easier to prove if the VOTE thread contains details of
> > > >>> the SCM tags from which the archive was built.
> > > >>>
> > > >>> The SCM repo provides traceability of provenance.
> > > >>>
> > > >>> So please can someone provide the SCM tag(s) that were used to
> create
> > > >>> the source release?
> > > >>>
> > > >>> > Voting will go on for 24 hours.
> > > >>> >
> > > >>> > Cheers,
> > > >>> >
> > > >>> > -Steve
> > > >>>
> > >
> >
>

Re: [Vote] Cordova 3.4.0 release

[Michal Mocny <mm...@chromium.org>]

(I was wrong about firefoxos, its just cli thats missing the tag)


On Thu, Feb 20, 2014 at 1:58 PM, Brian LeRoux <b...@brian.io> wrote:

> C'mon Joe, its our job to help him. You can take the high road and then
> Sebb can start affording us the same courtesy.
>
>
> On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com> wrote:
>
> > Seriously, you can't find that yourself? You clearly know nothing
> > about this project.
> >
> > On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
> > > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org> wrote:
> > >> SCM == ?
> > >
> > > Source Code / Software Configuration   Management
> > >
> > >> Do you mean the git tags?
> > >> All of the repositories are tagged with the version number of the
> > release.
> > >> So, "3.4.0" is the tag.
> > >
> > > OK, so where are the repos then please?
> > > Also, if the tag is not immutable, it would help to have the hash.
> > >
> > >>
> > >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
> > >>
> > >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com>
> wrote:
> > >>> > Please review and vote on the Cordova 3.4.0 release.
> > >>> >
> > >>> > You can find the sample release at
> http://people.apache.org/~steven/
> > >>>
> > >>> At the risk of being flamed, I am concerned that the VOTE mail does
> > >>> not include a link to the SCM tag.
> > >>>
> > >>> Why is this important?
> > >>>
> > >>> The ASF releases source files which come with a LICENSE (and NOTICE).
> > >>> It is vital that the release only contains files that are permitted
> to
> > >>> be distributed, and we aren't accidentally including files that
> should
> > >>> not be distributed.
> > >>>
> > >>> Equally, it is important that the source release is not missing any
> > >>> required files.
> > >>>
> > >>> The only practical way to check all the files is to compare the
> source
> > >>> archive against the tag(s) it is supposed to contain.
> > >>>
> > >>> In theory, an automated build process will ensure that the archive
> > >>> only contains files from the tag, and does not omit any require
> files.
> > >>> However, in practice, the archives are built from workspaces that
> > >>> contain other files (e.g. compilation output).
> > >>> I know of at least two projects which used standard automated
> > >>> procedures (Maven), yet their source releases contained files that
> > >>> should not have been released.
> > >>>
> > >>> Should there be a complaint, it's important that the PMC can show
> that
> > >>> due diligence was done in checking the source archive contents.
> > >>> This will be easier to prove if the VOTE thread contains details of
> > >>> the SCM tags from which the archive was built.
> > >>>
> > >>> The SCM repo provides traceability of provenance.
> > >>>
> > >>> So please can someone provide the SCM tag(s) that were used to create
> > >>> the source release?
> > >>>
> > >>> > Voting will go on for 24 hours.
> > >>> >
> > >>> > Cheers,
> > >>> >
> > >>> > -Steve
> > >>>
> >
>

Re: [Vote] Cordova 3.4.0 release

[sebb <se...@gmail.com>]

Part of the point of including the details in the vote is to document
them for the archives.

Again, this is to help with proving that due diligence has been done.
The idea is to be able to easily detect any problems in the release
creation process and fix them before release.
[At least one project I am aware of accidentally included a password
in a relase]


On 20 February 2014 18:58, Brian LeRoux <b...@brian.io> wrote:
> C'mon Joe, its our job to help him. You can take the high road and then
> Sebb can start affording us the same courtesy.
>
>
> On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com> wrote:
>
>> Seriously, you can't find that yourself? You clearly know nothing
>> about this project.
>>
>> On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
>> > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org> wrote:
>> >> SCM == ?
>> >
>> > Source Code / Software Configuration   Management
>> >
>> >> Do you mean the git tags?
>> >> All of the repositories are tagged with the version number of the
>> release.
>> >> So, "3.4.0" is the tag.
>> >
>> > OK, so where are the repos then please?
>> > Also, if the tag is not immutable, it would help to have the hash.
>> >
>> >>
>> >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
>> >>
>> >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
>> >>> > Please review and vote on the Cordova 3.4.0 release.
>> >>> >
>> >>> > You can find the sample release at http://people.apache.org/~steven/
>> >>>
>> >>> At the risk of being flamed, I am concerned that the VOTE mail does
>> >>> not include a link to the SCM tag.
>> >>>
>> >>> Why is this important?
>> >>>
>> >>> The ASF releases source files which come with a LICENSE (and NOTICE).
>> >>> It is vital that the release only contains files that are permitted to
>> >>> be distributed, and we aren't accidentally including files that should
>> >>> not be distributed.
>> >>>
>> >>> Equally, it is important that the source release is not missing any
>> >>> required files.
>> >>>
>> >>> The only practical way to check all the files is to compare the source
>> >>> archive against the tag(s) it is supposed to contain.
>> >>>
>> >>> In theory, an automated build process will ensure that the archive
>> >>> only contains files from the tag, and does not omit any require files.
>> >>> However, in practice, the archives are built from workspaces that
>> >>> contain other files (e.g. compilation output).
>> >>> I know of at least two projects which used standard automated
>> >>> procedures (Maven), yet their source releases contained files that
>> >>> should not have been released.
>> >>>
>> >>> Should there be a complaint, it's important that the PMC can show that
>> >>> due diligence was done in checking the source archive contents.
>> >>> This will be easier to prove if the VOTE thread contains details of
>> >>> the SCM tags from which the archive was built.
>> >>>
>> >>> The SCM repo provides traceability of provenance.
>> >>>
>> >>> So please can someone provide the SCM tag(s) that were used to create
>> >>> the source release?
>> >>>
>> >>> > Voting will go on for 24 hours.
>> >>> >
>> >>> > Cheers,
>> >>> >
>> >>> > -Steve
>> >>>
>>

Re: [Vote] Cordova 3.4.0 release

[Brian LeRoux <b...@brian.io>]

C'mon Joe, its our job to help him. You can take the high road and then
Sebb can start affording us the same courtesy.


On Thu, Feb 20, 2014 at 10:16 AM, Joe Bowser <bo...@gmail.com> wrote:

> Seriously, you can't find that yourself? You clearly know nothing
> about this project.
>
> On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
> > On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org> wrote:
> >> SCM == ?
> >
> > Source Code / Software Configuration   Management
> >
> >> Do you mean the git tags?
> >> All of the repositories are tagged with the version number of the
> release.
> >> So, "3.4.0" is the tag.
> >
> > OK, so where are the repos then please?
> > Also, if the tag is not immutable, it would help to have the hash.
> >
> >>
> >> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
> >>
> >>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
> >>> > Please review and vote on the Cordova 3.4.0 release.
> >>> >
> >>> > You can find the sample release at http://people.apache.org/~steven/
> >>>
> >>> At the risk of being flamed, I am concerned that the VOTE mail does
> >>> not include a link to the SCM tag.
> >>>
> >>> Why is this important?
> >>>
> >>> The ASF releases source files which come with a LICENSE (and NOTICE).
> >>> It is vital that the release only contains files that are permitted to
> >>> be distributed, and we aren't accidentally including files that should
> >>> not be distributed.
> >>>
> >>> Equally, it is important that the source release is not missing any
> >>> required files.
> >>>
> >>> The only practical way to check all the files is to compare the source
> >>> archive against the tag(s) it is supposed to contain.
> >>>
> >>> In theory, an automated build process will ensure that the archive
> >>> only contains files from the tag, and does not omit any require files.
> >>> However, in practice, the archives are built from workspaces that
> >>> contain other files (e.g. compilation output).
> >>> I know of at least two projects which used standard automated
> >>> procedures (Maven), yet their source releases contained files that
> >>> should not have been released.
> >>>
> >>> Should there be a complaint, it's important that the PMC can show that
> >>> due diligence was done in checking the source archive contents.
> >>> This will be easier to prove if the VOTE thread contains details of
> >>> the SCM tags from which the archive was built.
> >>>
> >>> The SCM repo provides traceability of provenance.
> >>>
> >>> So please can someone provide the SCM tag(s) that were used to create
> >>> the source release?
> >>>
> >>> > Voting will go on for 24 hours.
> >>> >
> >>> > Cheers,
> >>> >
> >>> > -Steve
> >>>
>

Re: [Vote] Cordova 3.4.0 release

[Joe Bowser <bo...@gmail.com>]

Seriously, you can't find that yourself? You clearly know nothing
about this project.

On Thu, Feb 20, 2014 at 7:30 AM, sebb <se...@gmail.com> wrote:
> On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org> wrote:
>> SCM == ?
>
> Source Code / Software Configuration   Management
>
>> Do you mean the git tags?
>> All of the repositories are tagged with the version number of the release.
>> So, "3.4.0" is the tag.
>
> OK, so where are the repos then please?
> Also, if the tag is not immutable, it would help to have the hash.
>
>>
>> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
>>
>>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
>>> > Please review and vote on the Cordova 3.4.0 release.
>>> >
>>> > You can find the sample release at http://people.apache.org/~steven/
>>>
>>> At the risk of being flamed, I am concerned that the VOTE mail does
>>> not include a link to the SCM tag.
>>>
>>> Why is this important?
>>>
>>> The ASF releases source files which come with a LICENSE (and NOTICE).
>>> It is vital that the release only contains files that are permitted to
>>> be distributed, and we aren't accidentally including files that should
>>> not be distributed.
>>>
>>> Equally, it is important that the source release is not missing any
>>> required files.
>>>
>>> The only practical way to check all the files is to compare the source
>>> archive against the tag(s) it is supposed to contain.
>>>
>>> In theory, an automated build process will ensure that the archive
>>> only contains files from the tag, and does not omit any require files.
>>> However, in practice, the archives are built from workspaces that
>>> contain other files (e.g. compilation output).
>>> I know of at least two projects which used standard automated
>>> procedures (Maven), yet their source releases contained files that
>>> should not have been released.
>>>
>>> Should there be a complaint, it's important that the PMC can show that
>>> due diligence was done in checking the source archive contents.
>>> This will be easier to prove if the VOTE thread contains details of
>>> the SCM tags from which the archive was built.
>>>
>>> The SCM repo provides traceability of provenance.
>>>
>>> So please can someone provide the SCM tag(s) that were used to create
>>> the source release?
>>>
>>> > Voting will go on for 24 hours.
>>> >
>>> > Cheers,
>>> >
>>> > -Steve
>>>

Re: [Vote] Cordova 3.4.0 release

[sebb <se...@gmail.com>]

On 20 February 2014 14:47, Andrew Grieve <ag...@chromium.org> wrote:
> SCM == ?

Source Code / Software Configuration   Management

> Do you mean the git tags?
> All of the repositories are tagged with the version number of the release.
> So, "3.4.0" is the tag.

OK, so where are the repos then please?
Also, if the tag is not immutable, it would help to have the hash.

>
> On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:
>
>> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
>> > Please review and vote on the Cordova 3.4.0 release.
>> >
>> > You can find the sample release at http://people.apache.org/~steven/
>>
>> At the risk of being flamed, I am concerned that the VOTE mail does
>> not include a link to the SCM tag.
>>
>> Why is this important?
>>
>> The ASF releases source files which come with a LICENSE (and NOTICE).
>> It is vital that the release only contains files that are permitted to
>> be distributed, and we aren't accidentally including files that should
>> not be distributed.
>>
>> Equally, it is important that the source release is not missing any
>> required files.
>>
>> The only practical way to check all the files is to compare the source
>> archive against the tag(s) it is supposed to contain.
>>
>> In theory, an automated build process will ensure that the archive
>> only contains files from the tag, and does not omit any require files.
>> However, in practice, the archives are built from workspaces that
>> contain other files (e.g. compilation output).
>> I know of at least two projects which used standard automated
>> procedures (Maven), yet their source releases contained files that
>> should not have been released.
>>
>> Should there be a complaint, it's important that the PMC can show that
>> due diligence was done in checking the source archive contents.
>> This will be easier to prove if the VOTE thread contains details of
>> the SCM tags from which the archive was built.
>>
>> The SCM repo provides traceability of provenance.
>>
>> So please can someone provide the SCM tag(s) that were used to create
>> the source release?
>>
>> > Voting will go on for 24 hours.
>> >
>> > Cheers,
>> >
>> > -Steve
>>

Re: [Vote] Cordova 3.4.0 release

[Andrew Grieve <ag...@chromium.org>]

SCM == ?

Do you mean the git tags?
All of the repositories are tagged with the version number of the release.
So, "3.4.0" is the tag.


On Thu, Feb 20, 2014 at 9:02 AM, sebb <se...@gmail.com> wrote:

> On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
> > Please review and vote on the Cordova 3.4.0 release.
> >
> > You can find the sample release at http://people.apache.org/~steven/
>
> At the risk of being flamed, I am concerned that the VOTE mail does
> not include a link to the SCM tag.
>
> Why is this important?
>
> The ASF releases source files which come with a LICENSE (and NOTICE).
> It is vital that the release only contains files that are permitted to
> be distributed, and we aren't accidentally including files that should
> not be distributed.
>
> Equally, it is important that the source release is not missing any
> required files.
>
> The only practical way to check all the files is to compare the source
> archive against the tag(s) it is supposed to contain.
>
> In theory, an automated build process will ensure that the archive
> only contains files from the tag, and does not omit any require files.
> However, in practice, the archives are built from workspaces that
> contain other files (e.g. compilation output).
> I know of at least two projects which used standard automated
> procedures (Maven), yet their source releases contained files that
> should not have been released.
>
> Should there be a complaint, it's important that the PMC can show that
> due diligence was done in checking the source archive contents.
> This will be easier to prove if the VOTE thread contains details of
> the SCM tags from which the archive was built.
>
> The SCM repo provides traceability of provenance.
>
> So please can someone provide the SCM tag(s) that were used to create
> the source release?
>
> > Voting will go on for 24 hours.
> >
> > Cheers,
> >
> > -Steve
>

Re: [Vote] Cordova 3.4.0 release

[sebb <se...@gmail.com>]

On 18 February 2014 23:26, Steven Gill <st...@gmail.com> wrote:
> Please review and vote on the Cordova 3.4.0 release.
>
> You can find the sample release at http://people.apache.org/~steven/

At the risk of being flamed, I am concerned that the VOTE mail does
not include a link to the SCM tag.

Why is this important?

The ASF releases source files which come with a LICENSE (and NOTICE).
It is vital that the release only contains files that are permitted to
be distributed, and we aren't accidentally including files that should
not be distributed.

Equally, it is important that the source release is not missing any
required files.

The only practical way to check all the files is to compare the source
archive against the tag(s) it is supposed to contain.

In theory, an automated build process will ensure that the archive
only contains files from the tag, and does not omit any require files.
However, in practice, the archives are built from workspaces that
contain other files (e.g. compilation output).
I know of at least two projects which used standard automated
procedures (Maven), yet their source releases contained files that
should not have been released.

Should there be a complaint, it's important that the PMC can show that
due diligence was done in checking the source archive contents.
This will be easier to prove if the VOTE thread contains details of
the SCM tags from which the archive was built.

The SCM repo provides traceability of provenance.

So please can someone provide the SCM tag(s) that were used to create
the source release?

> Voting will go on for 24 hours.
>
> Cheers,
>
> -Steve

Re: [Vote] Cordova 3.4.0 release

[sebb <se...@gmail.com>]

On 19 February 2014 09:30, Mark Thomas <ma...@apache.org> wrote:
> On 18/02/2014 23:26, Steven Gill wrote:
>> Please review and vote on the Cordova 3.4.0 release.
>>
>> You can find the sample release at http://people.apache.org/~steven/
>>
>> Voting will go on for 24 hours.
>
> You should provide hashes and sigs for the zips as well. You'll need
> them when you upload them to the www.apache.org/dist anyway.

They did provide those for the main zip.

The cordova-3.4.0/ subdirectory is just an exploded version of the
top-level zip file, so does not need hashes/sigs unless it is to be
separately provided (this was not done with earlier releases)

I already downloaded them all and checked this last night; the hash
and sigs are fine for the top-level zip.

[The README.md file from the zip does not appear in the directory
listing, but it is there - it's a feature of the httpd config that it
is elided from the directory listing]

> Mark
>

Re: [Vote] Cordova 3.4.0 release

[Mark Thomas <ma...@apache.org>]

On 18/02/2014 23:26, Steven Gill wrote:
> Please review and vote on the Cordova 3.4.0 release.
> 
> You can find the sample release at http://people.apache.org/~steven/
> 
> Voting will go on for 24 hours.

You should provide hashes and sigs for the zips as well. You'll need
them when you upload them to the www.apache.org/dist anyway.

Mark