On 09/12/2017 10:07 AM, Justin Bertram wrote:
Perhaps this [1], Tim?
Justin
[1] https://github.com/apache/activemq-artemis/blob/master/RELEASING.md
Ah, didn't think to look there, I'd maybe put it in the hacking guide,
but at least I know where it is now. Thanks!
On Tue, Sep 12, 2017 at 8:57 AM, Timothy Bish <[email protected]> wrote:
On 09/12/2017 09:49 AM, Robbie Gemmell wrote:
Hi folks,
I mentioned on the recent Artemis 2.3.0 vote that I had some suggested
changes for the release process improvements, not just for Artemis but
for other components too, and would send a mail later.
The short version is there are three main things I'd like to suggest
as improvements, both for folks testing+voting, and end users
downloading the release later:
- Using the dist dev repo for publishing bits for folks to test and vote
on.
- Providing checksum files in the dist repo which verify more easily
with the related tools.
- Use SHA512 rather than SHA1 for checksums in the dist repo.
# Dist dev repo for votes
Currently the ActiveMQ votes for the Java components tend to link to
the artifacts in the nexus staging repo. I think using the dist dev
repo (https://dist.apache.org/repos/dist/dev/activemq/) to publish the
bits under vote would be an improvement. Its easy for folks to grab
all the files at once, helps ensure that what people test is actually
what will end up in the dist release repo later, and it simplifies the
eventual release step to a single svn remote copy command.
# Provide more easily verifiable checksum files in dist release repo
Currently, the checksum files provides in the dist release repo are
just the ones from nexus. These lack filename information and so you
cant verify them as easily with tools. Files which contain the
filename detail can be verified quickly and even grouped in a single
shot with the checksum tools, e.g "md5sum -c *.md5". For the MD5 and
SHA1 cases they could be prepared either by manipulating the existing
files taken from nexus to add the names, or simply generating the
checksums again with the tools and manually verifying them the same
way everyone currently needs to.
# Provide SHA512 checksum files in the dist repo
The release distribution policy has suggested using SHA512 for some
time now, I think it would be good to make the switch for the files
provided in the dist repo.
http://www.apache.org/dev/release-distribution.html#sigs-and-sums
Robbie
+1
I'd go ahead and suggest you start updating the release guide to reflect
this process, the 5.x release guide is here:
http://activemq.apache.org/release-guide.html
I haven't found if Artemis has anything similar, doesn't seem to be in the
hacking guide.
--
Tim Bish
twitter: @tabish121
blog: http://timbish.blogspot.com/
--
Tim Bish
twitter: @tabish121
blog: http://timbish.blogspot.com/
