---+ Apache Tashi release policy This document is based on the draft incubator release management document available at http://incubator.apache.org/guides/releasemanagement.html ---++ Apache RAT testing You could use Apache RAT to examine for any problems like required files which are missing, or which ones don't include an Apache header. To run RAT, obtain the binary release of Apache RAT, untar it and run java -jar apache-rat-0.8/apache-rat-0.8.jar ---++ Uploading artifacts ---+++ Distribution The destination for an artifact is www.apache.org/dist/incubator/tashi . This location is accessible at /www/www.apache.org/dist/incubator/tashi on people.apache.org. ---+++ Mirroring Releases must be mirrored. Checksums, KEYS, signatures are mirrored too. Per the release signing guide, the mirrored copies of these files are non-authoritative. In-site links must point to the originals on www.apache.org. ---+++ Archiving All releases must be archived for future reference. Archives are stored under http://archive.apache.org/dist/incubator/tashi. This archiving happens automatially for all artifacts in www.apache.org/dist/incubator/tashi. Old releases should be removed from www.apache.org/dist/incubator/tashi. The release will then only remain on the archive server. ---+++ Permissions All files should be owned by the "incubator" group. Permissions should be :incubator 664, or :incubator 775 respectively for directories. ---+++ Checksums and signatures The KEYS file should contain the public keys for code signers. The private key needs to be kept safe. Code-signing keys should be linked to the Apache web of trust. ---+++ Modifications Uploaded artifacts must never be modified. Excluded from this policy are README's, NOTES, KEYS and the like. ---++ Distribution checklist * Destination: www.apache.org/dist/incubator/tashi * umask 022 * group owner is "incubator" * Checksums and signatures match to artifact * Old release archived * Links to KEYS, signatures and checksums point to www.apache.org * Package into .tar.gz ---++ Dealing with defects Uploaded artifacts must never be modified (repeat). A new numbered release should be generated. (Assume this will require a vote) Serious defects may call for a release withdrawal by archiving, announcement on the mailing lists and adding a notice to the download page. ---++ Release checklist * Packages: * Artifacts unpack correctly? * Documentation is readable? * For distributed libraries: * Licenses are included, along with NOTICEs? * Licenses comply with incubator policy? * LICENSE and NOTICE contain required sections? * Crypto code satisfies export regulations? * Copyright notices: * Source files include license boilerplate? * Source files with licenses not in LICENSE? * Check policy on header file compliance? * Incubator requirements: * DISCLAIMER included? * Check legal STATUS document? * Source package: * Build instructions exist and work? * License headers applied correctly? * Version control cruft cleaned? * Keys: * KEYS file contains proper signing keys? * Signing key is available on public keyservers? * Version control: * Release was built from specific tag? * Tag named "APACHE_TASHI_"? * Miscellaneous: * Deprecations, incompatibilities documented in RELEASE_NOTES? ---++ Naming The release should be named apache-tashi--incubating. should be a six-digit year-and-month, optionally followed by a period and number in case of bug fixes applied to the base version. ---++ Guidelines In case of need for additional guidance, the following mailing lists are helpful: * legal-discuss: for licensing issues * infrastructure-issues: for issues pertaining to release infrastructure ---++ Announcements Announce releases via apache.org address. Announcements should be plain text signed. ---++ Release procedure Releases must be approved by Incubator PMC. A release should first be proposed to the PPMC. The proposal should include:- * Link to release candidate artifact (in apache home directory) * Link to tag from which the release was built Should the PPMC vote pass, call for a vote on incubator.apache.org. Additionally to the above provide a link to the PPMC voting thread. Remove release candidate artifacts on conclusion of voting. ---++ Invocation Oh god...