Just to be clear… This proposal creates more work for the release manager prior to starting the vote but in hopes of reducing the work for the reviewers. It’s a bit more than a “mvn release:prepare ; man release:perform”. Some of the extra work can obviously be scripted, but it is still a bit more to do.
That said, script provided to the reviewer could accomplish the same things using the current staging location/setup. Anyway, I’m -0 to the idea. Getting folks to actually be a release manager is hard enough, why make it even more work. Since I haven’t been a release manager for an ActiveMQ release in a while, I certainly wouldn’t hold up the idea though. Dan > On Sep 12, 2017, at 9:49 AM, Robbie Gemmell <[email protected]> wrote: > > Hi folks, > > I mentioned on the recent Artemis 2.3.0 vote that I had some suggested > changes for the release process improvements, not just for Artemis but > for other components too, and would send a mail later. > > The short version is there are three main things I'd like to suggest > as improvements, both for folks testing+voting, and end users > downloading the release later: > - Using the dist dev repo for publishing bits for folks to test and vote on. > - Providing checksum files in the dist repo which verify more easily > with the related tools. > - Use SHA512 rather than SHA1 for checksums in the dist repo. > > # Dist dev repo for votes > > Currently the ActiveMQ votes for the Java components tend to link to > the artifacts in the nexus staging repo. I think using the dist dev > repo (https://dist.apache.org/repos/dist/dev/activemq/) to publish the > bits under vote would be an improvement. Its easy for folks to grab > all the files at once, helps ensure that what people test is actually > what will end up in the dist release repo later, and it simplifies the > eventual release step to a single svn remote copy command. > > # Provide more easily verifiable checksum files in dist release repo > > Currently, the checksum files provides in the dist release repo are > just the ones from nexus. These lack filename information and so you > cant verify them as easily with tools. Files which contain the > filename detail can be verified quickly and even grouped in a single > shot with the checksum tools, e.g "md5sum -c *.md5". For the MD5 and > SHA1 cases they could be prepared either by manipulating the existing > files taken from nexus to add the names, or simply generating the > checksums again with the tools and manually verifying them the same > way everyone currently needs to. > > # Provide SHA512 checksum files in the dist repo > > The release distribution policy has suggested using SHA512 for some > time now, I think it would be good to make the switch for the files > provided in the dist repo. > http://www.apache.org/dev/release-distribution.html#sigs-and-sums > > Robbie -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
