The issues I was noting were with the staged dist repo contents rather than the maven repo. There is a helper script for prepping the dist area contents inc verifying the gpg sig at https://dist.apache.org/repos/dist/dev/activemq/activemq/
On Fri, 27 Nov 2020 at 17:43, Matt Pavlovich <mattr...@gmail.com> wrote: > > Robbie- > > Here is a release validation script: > > https://github.com/apache/activemq/pull/587 > <https://github.com/apache/activemq/pull/587> > > You can pass an arg to change the Maven repo. > > Currently it validates: > > 1. Download tar.gz and zip files > 2. Validates SHA1 and MD5 > 3. Extracts the zip and tar.gz > 4. Cleans up after itself > > Next step would be to add the gpg signature validation > > Thanks, > Matt Pavlovich > > > On Nov 27, 2020, at 9:56 AM, Robbie Gemmell <robbie.gemm...@gmail.com> > > wrote: > > > > The issues I noted (.md5 present, -bin files missing) dont appear to > > be fixed for 5.15.14 yet? Still showing via the dist area HTTP view > > and svn directly for me at least. > > > > On Fri, 27 Nov 2020 at 15:21, Jean-Baptiste Onofre <j...@nanthrax.net> > > wrote: > >> > >> It’s already fixed for the 5.15.14 release and I will push the fix on the > >> script. > >> > >> Regards > >> JB > >> > >>> Le 27 nov. 2020 à 16:10, Robbie Gemmell <robbie.gemm...@gmail.com> a > >>> écrit : > >>> > >>> I would fix the dist problems before starting another release > >>> personally, so that any new voters can properly inspect things. > >>> > >>> Aside, I since saw that you only added the .md5 this morning along > >>> with the .sha512 contents. I'm not sure how so many people managed to > >>> vote for it without verifying the checksum, except perhaps everyone > >>> just assumed someone else would do it. That's one reason it's good to > >>> say what testing you actually did when voting, to help spot such gaps. > >>> > >>> Robbie > >>> > >>> On Fri, 27 Nov 2020 at 12:39, Jean-Baptiste Onofre <j...@nanthrax.net> > >>> wrote: > >>>> > >>>> Yeah I know ;) Not a problem. We can wait ! I will move forward on > >>>> 5.16.1 in the meantime. > >>>> > >>>> Thanks ! > >>>> Regards > >>>> JB > >>>> > >>>>> Le 27 nov. 2020 à 12:48, Robbie Gemmell <robbie.gemm...@gmail.com> a > >>>>> écrit : > >>>>> > >>>>> Many of the people you are looking to remind are likely not around to > >>>>> see it, being on vacation either for or just around the US > >>>>> Thanksgiving. It's probably the second worst point of the year to have > >>>>> a release vote open unfortunately. > >>>>> > >>>>> I'd note that the binary archives are missing from the dist staging > >>>>> area, and there is an MD5 checksum present for the source release > >>>>> which should be removed given they aren't meant to be distributed. > >>>>> > >>>>> On Fri, 27 Nov 2020 at 04:58, Jean-Baptiste Onofre <j...@nanthrax.net> > >>>>> wrote: > >>>>>> > >>>>>> Gently reminder about this vote. > >>>>>> > >>>>>> Thanks ! > >>>>>> Regards > >>>>>> JB > >>>>>> > >>>>>>> Le 24 nov. 2020 à 08:00, Jean-Baptiste Onofre <j...@nanthrax.net> a > >>>>>>> écrit : > >>>>>>> > >>>>>>> Hi everyone, > >>>>>>> > >>>>>>> I submit Apache ActiveMQ 5.15.14 to your vote. > >>>>>>> This release includes CVE related updates and bug fixes. > >>>>>>> > >>>>>>> Please take a look on the Release Notes for details: > >>>>>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12348294 > >>>>>>> > >>>>>>> <https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12348294> > >>>>>>> > >>>>>>> The Maven staging repository is: > >>>>>>> https://repository.apache.org/content/repositories/orgapacheactivemq-1220/ > >>>>>>> > >>>>>>> <https://repository.apache.org/content/repositories/orgapacheactivemq-1220/> > >>>>>>> > >>>>>>> The dist staging repository is: > >>>>>>> https://dist.apache.org/repos/dist/dev/activemq/activemq/5.15.14/ > >>>>>>> <https://dist.apache.org/repos/dist/dev/activemq/activemq/5.15.14/> > >>>>>>> > >>>>>>> Git tag: > >>>>>>> activemq-5.15.14 > >>>>>>> > >>>>>>> Please vote to approve this release: > >>>>>>> > >>>>>>> [ ] +1 Approve the release > >>>>>>> [ ] -1 Don't approve the release (please provide specific comments) > >>>>>>> > >>>>>>> This vote will be open for at least 72 hours. > >>>>>>> > >>>>>>> Thanks ! > >>>>>>> Regards > >>>>>>> JB > >>>>>> > >>>> > >> >