From 5d2df9dbeb6ce89d69c698bd2e1434ae9f0096d1 Mon Sep 17 00:00:00 2001 From: Niall Pemberton Date: Fri, 7 Mar 2025 03:52:49 +0000 Subject: [PATCH 1/5] Add a section on "Expedited Releases" to the Release Policy --- content/legal/release-policy.md | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/content/legal/release-policy.md b/content/legal/release-policy.md index 832d21d17..1afd242a2 100644 --- a/content/legal/release-policy.md +++ b/content/legal/release-policy.md @@ -44,7 +44,37 @@ requirements of ASF policy on releases as described below, validate all cryptographic signatures, compile as provided, and test the result on their own platform. -Release votes SHOULD remain open for at least 72 hours. +Release votes SHOULD remain open for at least 72 hours. See +[RFC 2119](https://www.rfc-editor.org/rfc/rfc2119) for a good definition of +SHOULD and the next [Expedited Releases](#expedited-releases) section when +considering a reduced voting period. + +#### Expedited Releases {#expedited-releases} +As stated above, the normal policy for releases is to allow 72 hours for +release reviews and votes, however the review/voting period for a release +can be reduced in exceptional circumstances. + +ASF projects are made up of distributed teams, in multiple time zones and volunteers +with lives and jobs and the rationale behind 72 Hours is to try and give all +members of a project the opportunity to take part in the decision to release. + +The most obvious example of an exceptional circustamce would be for a fix for a +publicly known security issue. Everyone will probably have a different definition +of what an exceptional circumstance is, but ultimately it is down to individual +PMCs to decide for their project. + +Projects SHOULD give as much notice as possible for an expedited release in +order to give project members a chance to make time to participate in the +decision. + +Emails calling for a Release Vote that run for less than 72 hours SHOULD include +an explanation of why the release is being expedited. + +This policy already states that deviations from normal policy MUST be reported to +the Board, but it is worth emphasising this here specifically for release votes +with a reduced voting time. Unless there are pressing reasons to inform the Board +earlier, reporting can be done in the project's next scheduled board report. + ### Publication {#publication} From bfad2314bcc057fdb77902ef8ff4ef158e5405bb Mon Sep 17 00:00:00 2001 From: Niall Pemberton Date: Fri, 7 Mar 2025 13:45:18 +0000 Subject: [PATCH 2/5] Feedback on "Expedited Releases" change from raboof Co-authored-by: Arnout Engelen --- content/legal/release-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/legal/release-policy.md b/content/legal/release-policy.md index 1afd242a2..3f4834728 100644 --- a/content/legal/release-policy.md +++ b/content/legal/release-policy.md @@ -58,7 +58,7 @@ ASF projects are made up of distributed teams, in multiple time zones and volunt with lives and jobs and the rationale behind 72 Hours is to try and give all members of a project the opportunity to take part in the decision to release. -The most obvious example of an exceptional circustamce would be for a fix for a +The most obvious example of an exceptional circumstance would be for a fix for a publicly known security issue. Everyone will probably have a different definition of what an exceptional circumstance is, but ultimately it is down to individual PMCs to decide for their project. From 632e13ec05b1e2c20897585555033fae269d1d07 Mon Sep 17 00:00:00 2001 From: Niall Pemberton Date: Fri, 7 Mar 2025 13:45:50 +0000 Subject: [PATCH 3/5] Feedback on "Expedited Releases" change from potiuk Co-authored-by: Jarek Potiuk --- content/legal/release-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/legal/release-policy.md b/content/legal/release-policy.md index 3f4834728..cfc02f09b 100644 --- a/content/legal/release-policy.md +++ b/content/legal/release-policy.md @@ -59,7 +59,7 @@ with lives and jobs and the rationale behind 72 Hours is to try and give all members of a project the opportunity to take part in the decision to release. The most obvious example of an exceptional circumstance would be for a fix for a -publicly known security issue. Everyone will probably have a different definition +publicly known or critical, easily exploitable security issue. Everyone will probably have a different definition of what an exceptional circumstance is, but ultimately it is down to individual PMCs to decide for their project. From b764cd06a0faa3163815594d8216760574213138 Mon Sep 17 00:00:00 2001 From: Niall Pemberton Date: Fri, 7 Mar 2025 13:50:30 +0000 Subject: [PATCH 4/5] Feedback on "Expedited Releases" change from sebbASF --- content/legal/release-policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/legal/release-policy.md b/content/legal/release-policy.md index cfc02f09b..9ccd7b3b2 100644 --- a/content/legal/release-policy.md +++ b/content/legal/release-policy.md @@ -46,7 +46,7 @@ own platform. Release votes SHOULD remain open for at least 72 hours. See [RFC 2119](https://www.rfc-editor.org/rfc/rfc2119) for a good definition of -SHOULD and the next [Expedited Releases](#expedited-releases) section when +SHOULD, and the next [Expedited Releases](#expedited-releases) section when considering a reduced voting period. #### Expedited Releases {#expedited-releases} @@ -67,7 +67,7 @@ Projects SHOULD give as much notice as possible for an expedited release in order to give project members a chance to make time to participate in the decision. -Emails calling for a Release Vote that run for less than 72 hours SHOULD include +Emails calling for a Release Vote that run for less than 72 hours MUST include an explanation of why the release is being expedited. This policy already states that deviations from normal policy MUST be reported to From c1129c256b79cf3e10228d7f95862a4a18c91941 Mon Sep 17 00:00:00 2001 From: Niall Pemberton Date: Fri, 7 Mar 2025 13:51:30 +0000 Subject: [PATCH 5/5] Feedback on "Expedited Releases" change from markt-asf --- content/legal/release-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/legal/release-policy.md b/content/legal/release-policy.md index 9ccd7b3b2..f71fc0ba3 100644 --- a/content/legal/release-policy.md +++ b/content/legal/release-policy.md @@ -55,7 +55,7 @@ release reviews and votes, however the review/voting period for a release can be reduced in exceptional circumstances. ASF projects are made up of distributed teams, in multiple time zones and volunteers -with lives and jobs and the rationale behind 72 Hours is to try and give all +with lives and jobs and the rationale behind 72 hours is to try and give all members of a project the opportunity to take part in the decision to release. The most obvious example of an exceptional circumstance would be for a fix for a