Hi, > - How should We handle the signing procedure? Simply omit?
For .deb and .rpm, we need to sign them to install them by apt/yum. We should use a GPG key only for nightly for this propose. We should not use GPG keys in https://dist.apache.org/repos/dist/release/arrow/KEYS for this propose. We can share the GPG key for nightly with PMC members safely by encrypted it with GPG keys in https://dist.apache.org/repos/dist/release/arrow/KEYS. We can use the GPG key for nightly on Travis CI by encrypting the GPG key: https://docs.travis-ci.com/user/encryption-keys/ > - May We host the nightlies under the Apache bintray account? > - Do We want to use JFrog Artifactory over Bintray? > If so should We setup it [2] or does Apache has one already? If we can use both, Bintray is better. Because we already use Bintray for release and RC packages. If we use Bintray, we can test our upload script. We need to remove old nightly packages periodically. I think that keeping the last 7 days is enough. We can do this by just deleting a version for old nightly packages on Bintray: https://bintray.com/docs/api/#url_delete_version I think that we should create a version such as "2019-02-28" for each nightly. Thanks, -- kou In <cahm19a7uqbb2t9pet8r0f8wub6c+ewbuh4aqgywcvstsgvc...@mail.gmail.com> "Nightly binary packages" on Mon, 25 Feb 2019 22:51:29 +0100, Krisztián Szűcs <szucs.kriszt...@gmail.com> wrote: > Hi, > > Currently We have nightly package builds, currently under my > github account, which is not really visible. It would be great to > make them available for developer purposes, and additionally > it'd test the binary scripts too. > The nightly packages are produced the same way like it is > documented in the release management guide, except that they > are not getting uploaded to bintray. > > I can setup a cron job to upload the nightly packages to bintray > under `-nightly` postfixed directories (similarly like `-rc` packages > are stored [1]), however I have a couple of questions: > - How should We handle the signing procedure? Simply omit? > - May We host the nightlies under the Apache bintray account? > - Do We want to use JFrog Artifactory over Bintray? > If so should We setup it [2] or does Apache has one already? > > Regards, Krisztian > > [1] https://bintray.com/beta/#/apache/arrow?tab=packages > [2] https://jfrog.com/open-source/#artifactory
