Hi. Le lun. 12 juil. 2021 à 19:42, Rob Tompkins <chtom...@gmail.com> a écrit : > > +1 > > Note. The number of jars for the number of classes available seems a bit > extreme. It also makes it quite difficult to validate the release given that > to properly validate the release (note, proper validation involves validating > all of the signatures of all of the files generated both in nexus and in > subversion) one has to traverse 324 files across 14 different urls. It took > me upwards of 1.5 hours to validate this properly.
As I've pointed out several times, it doesn't seem that this particular step needs to be done "manually": A script could be generated that automatically performs the following actions: * downloads all the files * downloads the checksums files * runs the appropriate checksum validator * creates a report of all checks, to be validated by the reviewer. That this is not done yet should not preclude sane modularization (i.e. subject matter based). [Going the other route was tried and it failed: By ever growing Commons Math, it became unmanageable, in several ways (not going to restate the details once more, it's all in the ML archive): Not a single release in more than 6 years despite a very long list of issues, is proof enough IMHO.] Also let's not forget that the official release is made of source code. Most of the 324 files which you mention are convenience binaries compiled and uploaded through a tools chain which we generally trust. > > All the best, and good work, Thanks, Gilles > > [...] --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
