From 993826784371289c301fa87881fce432dc8ac223 Mon Sep 17 00:00:00 2001 From: Bertrand Delacretaz Date: Fri, 14 Mar 2025 09:40:38 +0100 Subject: [PATCH 1/3] More concise wording for expedited releases --- content/legal/release-policy.md | 36 ++++++++++++--------------------- 1 file changed, 13 insertions(+), 23 deletions(-) diff --git a/content/legal/release-policy.md b/content/legal/release-policy.md index e893abf89f..a0f87b590b 100644 --- a/content/legal/release-policy.md +++ b/content/legal/release-policy.md @@ -44,36 +44,26 @@ requirements of ASF policy on releases as described below, validate all cryptographic signatures, compile as provided, and test the result on their own platform. -Release votes SHOULD remain open for at least 72 hours. See the next -[Expedited Releases](#expedited-releases) section when considering a reduced -voting period. +Unless there are strong reasons to expedite a release, as described below, +release votes SHOULD remain open for at least 72 hours, to give PMC members +enough time to participate. #### Expedited Releases {#expedited-releases} -As stated above, the normal policy for releases is to allow 72 hours for -release reviews and votes, however the review/voting period for a release -can be reduced in exceptional circumstances. +The review and voting period for a release can be reduced in +exceptional circumstances. -ASF projects are made up of distributed teams, in multiple time zones and volunteers -with lives and jobs and the rationale behind 72 hours is to try and give all -members of a project the opportunity to take part in the decision to release. +A typical example is a release that fixes publicly known or +critical exploitable security issues. -The most obvious example of an exceptional circumstance would be for a fix for a -publicly known or critical, easily exploitable security issue. Everyone will probably have a different definition -of what an exceptional circumstance is, but ultimately it is down to individual -PMCs to decide for their project. +PMCs SHOULD give as much notice as possible to their project members +when doing an expedited release. -Projects SHOULD give as much notice as possible for an expedited release in -order to give project members a chance to make time to participate in the -decision. - -Emails calling for a Release Vote that run for less than 72 hours MUST include +Emails calling for a Release Vote that runs for less than 72 hours MUST include an explanation of why the release is being expedited. -This policy already states that deviations from normal policy MUST be reported to -the Board, but it is worth emphasising this here specifically for release votes -with a reduced voting time. Unless there are pressing reasons to inform the Board -earlier, reporting can be done in the project's next scheduled board report. - +Expedited releases are deviations from normal policy, and as such MUST be reported +to the Board, in the project's next scheduled Board report, unless the PMC wants +to report earlier. ### Publication {#publication} From e9ed763f316458beab5705c7750245e3c3497209 Mon Sep 17 00:00:00 2001 From: Bertrand Delacretaz Date: Mon, 17 Mar 2025 08:11:06 +0100 Subject: [PATCH 2/3] Clarify that it's the PMC's decision --- content/legal/release-policy.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/legal/release-policy.md b/content/legal/release-policy.md index a0f87b590b..88505c27a0 100644 --- a/content/legal/release-policy.md +++ b/content/legal/release-policy.md @@ -53,7 +53,8 @@ The review and voting period for a release can be reduced in exceptional circumstances. A typical example is a release that fixes publicly known or -critical exploitable security issues. +critical exploitable security issues, but the PMC can decide +what constitutes an exceptional circumstance. PMCs SHOULD give as much notice as possible to their project members when doing an expedited release. From 03f33d981c6a00065ec249b8f01eb3a4987e34f7 Mon Sep 17 00:00:00 2001 From: Bertrand Delacretaz Date: Wed, 19 Mar 2025 09:34:50 +0100 Subject: [PATCH 3/3] Re-add the 'volunteers in multiple time zones' bit as requested --- content/legal/release-policy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/legal/release-policy.md b/content/legal/release-policy.md index 88505c27a0..20f0b0c93d 100644 --- a/content/legal/release-policy.md +++ b/content/legal/release-policy.md @@ -46,6 +46,7 @@ own platform. Unless there are strong reasons to expedite a release, as described below, release votes SHOULD remain open for at least 72 hours, to give PMC members +(volunteers spread around multiple time zones, with lives and jobs) enough time to participate. #### Expedited Releases {#expedited-releases}