Author: schor
Date: Mon Oct 15 16:02:55 2018
New Revision: 1843922
URL: http://svn.apache.org/viewvc?rev=1843922&view=rev
Log:
update maven-design to indicate better how artifact signing is done, and
special signing for source-release.
Modified:
uima/site/trunk/uima-website/docs/maven-design.html
uima/site/trunk/uima-website/xdocs/maven-design.xml
Modified: uima/site/trunk/uima-website/docs/maven-design.html
URL:
http://svn.apache.org/viewvc/uima/site/trunk/uima-website/docs/maven-design.html?rev=1843922&r1=1843921&r2=1843922&view=diff
==============================================================================
--- uima/site/trunk/uima-website/docs/maven-design.html (original)
+++ uima/site/trunk/uima-website/docs/maven-design.html Mon Oct 15 16:02:55 2018
@@ -489,9 +489,8 @@ our svn tree, in a top level directory n
should be "buildable" by doing "mvn install", etc. in the unzipped
directory.
</p>
<p><code>source-release.zip</code> files for multi-project aggregates (such as
the main
- UIMA SDK) are built only at the top (root) level; the pom for that
level typically specifies
- to skip the deploy to maven-central, so the convenience packages and
the source-release.zip are not deployed
- there, but instead are distributed via Apache's mirror system.
+ UIMA SDK) are built only at the top (root) level and are not
"attached" so it is
+ not uploaded to maven for distribution, but instead is distributed via
Apache's mirror system.
</p>
<p>
The release process happens when the commands <code>mvn
release:prepare</code> followed by
@@ -502,8 +501,14 @@ our svn tree, in a top level directory n
You can debug this process without doing a release, by adding the
parameter
<code>-Papache-release</code> to the non-release Maven build commands.
</p>
- <p>All artifacts have gpg
signatures, as well as .sha512 checksums. These are typically created during
the build
- process for the main artifact, all attached artifacts, and the pom.</p>
+ <p>For apache-releases
(triggered with the apache-release profile), all artifacts
+ get signed with gpg signatures, as well as with .sha512 checksums.
+ These are created during the build for the top level project, when
+ the apache-release profile is specified, or when the mvn release plugin
is run.
+ Most of the signatures happen because of the gpg plugin and the
+ checsum-maven-plugin, but the source-release.zip artifact has its own
+ special antrun task since it's not attached.
+ </p>
<h2>LICENSE and NOTICE
files</h2>
<p>
Things that are distributed from Apache need LICENSE and NOTICE files. We
have several kinds
Modified: uima/site/trunk/uima-website/xdocs/maven-design.xml
URL:
http://svn.apache.org/viewvc/uima/site/trunk/uima-website/xdocs/maven-design.xml?rev=1843922&r1=1843921&r2=1843922&view=diff
==============================================================================
--- uima/site/trunk/uima-website/xdocs/maven-design.xml (original)
+++ uima/site/trunk/uima-website/xdocs/maven-design.xml Mon Oct 15 16:02:55 2018
@@ -215,9 +215,8 @@ our svn tree, in a top level directory n
should be "buildable" by doing "mvn install", etc. in the unzipped
directory.
</p>
<p><code>source-release.zip</code> files for multi-project aggregates
(such as the main
- UIMA SDK) are built only at the top (root) level; the pom for that
level typically specifies
- to skip the deploy to maven-central, so the convenience packages and
the source-release.zip are not deployed
- there, but instead are distributed via Apache's mirror system.
+ UIMA SDK) are built only at the top (root) level and are not
"attached" so it is
+ not uploaded to maven for distribution, but instead is distributed via
Apache's mirror system.
</p>
<p>
@@ -230,8 +229,14 @@ our svn tree, in a top level directory n
<code>-Papache-release</code> to the non-release Maven build commands.
</p>
- <p>All artifacts have gpg signatures, as well as .sha512 checksums. These
are typically created during the build
- process for the main artifact, all attached artifacts, and the pom.</p>
+ <p>For apache-releases (triggered with the apache-release profile), all
artifacts
+ get signed with gpg signatures, as well as with .sha512 checksums.
+ These are created during the build for the top level project, when
+ the apache-release profile is specified, or when the mvn release plugin
is run.
+ Most of the signatures happen because of the gpg plugin and the
+ checsum-maven-plugin, but the source-release.zip artifact has its own
+ special antrun task since it's not attached.
+ </p>
<h2>LICENSE and NOTICE files</h2>
<p>
