Robbie- Here is a release validation script:
https://github.com/apache/activemq/pull/587 <https://github.com/apache/activemq/pull/587> You can pass an arg to change the Maven repo. Currently it validates: 1. Download tar.gz and zip files 2. Validates SHA1 and MD5 3. Extracts the zip and tar.gz 4. Cleans up after itself Next step would be to add the gpg signature validation Thanks, Matt Pavlovich > On Nov 27, 2020, at 9:56 AM, Robbie Gemmell <robbie.gemm...@gmail.com> wrote: > > The issues I noted (.md5 present, -bin files missing) dont appear to > be fixed for 5.15.14 yet? Still showing via the dist area HTTP view > and svn directly for me at least. > > On Fri, 27 Nov 2020 at 15:21, Jean-Baptiste Onofre <j...@nanthrax.net> wrote: >> >> It’s already fixed for the 5.15.14 release and I will push the fix on the >> script. >> >> Regards >> JB >> >>> Le 27 nov. 2020 à 16:10, Robbie Gemmell <robbie.gemm...@gmail.com> a écrit : >>> >>> I would fix the dist problems before starting another release >>> personally, so that any new voters can properly inspect things. >>> >>> Aside, I since saw that you only added the .md5 this morning along >>> with the .sha512 contents. I'm not sure how so many people managed to >>> vote for it without verifying the checksum, except perhaps everyone >>> just assumed someone else would do it. That's one reason it's good to >>> say what testing you actually did when voting, to help spot such gaps. >>> >>> Robbie >>> >>> On Fri, 27 Nov 2020 at 12:39, Jean-Baptiste Onofre <j...@nanthrax.net> >>> wrote: >>>> >>>> Yeah I know ;) Not a problem. We can wait ! I will move forward on 5.16.1 >>>> in the meantime. >>>> >>>> Thanks ! >>>> Regards >>>> JB >>>> >>>>> Le 27 nov. 2020 à 12:48, Robbie Gemmell <robbie.gemm...@gmail.com> a >>>>> écrit : >>>>> >>>>> Many of the people you are looking to remind are likely not around to >>>>> see it, being on vacation either for or just around the US >>>>> Thanksgiving. It's probably the second worst point of the year to have >>>>> a release vote open unfortunately. >>>>> >>>>> I'd note that the binary archives are missing from the dist staging >>>>> area, and there is an MD5 checksum present for the source release >>>>> which should be removed given they aren't meant to be distributed. >>>>> >>>>> On Fri, 27 Nov 2020 at 04:58, Jean-Baptiste Onofre <j...@nanthrax.net> >>>>> wrote: >>>>>> >>>>>> Gently reminder about this vote. >>>>>> >>>>>> Thanks ! >>>>>> Regards >>>>>> JB >>>>>> >>>>>>> Le 24 nov. 2020 à 08:00, Jean-Baptiste Onofre <j...@nanthrax.net> a >>>>>>> écrit : >>>>>>> >>>>>>> Hi everyone, >>>>>>> >>>>>>> I submit Apache ActiveMQ 5.15.14 to your vote. >>>>>>> This release includes CVE related updates and bug fixes. >>>>>>> >>>>>>> Please take a look on the Release Notes for details: >>>>>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12348294 >>>>>>> >>>>>>> <https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12348294> >>>>>>> >>>>>>> The Maven staging repository is: >>>>>>> https://repository.apache.org/content/repositories/orgapacheactivemq-1220/ >>>>>>> >>>>>>> <https://repository.apache.org/content/repositories/orgapacheactivemq-1220/> >>>>>>> >>>>>>> The dist staging repository is: >>>>>>> https://dist.apache.org/repos/dist/dev/activemq/activemq/5.15.14/ >>>>>>> <https://dist.apache.org/repos/dist/dev/activemq/activemq/5.15.14/> >>>>>>> >>>>>>> Git tag: >>>>>>> activemq-5.15.14 >>>>>>> >>>>>>> Please vote to approve this release: >>>>>>> >>>>>>> [ ] +1 Approve the release >>>>>>> [ ] -1 Don't approve the release (please provide specific comments) >>>>>>> >>>>>>> This vote will be open for at least 72 hours. >>>>>>> >>>>>>> Thanks ! >>>>>>> Regards >>>>>>> JB >>>>>> >>>> >>
