Hi Dale,
I added the zip and then noticed that the tag.gz did have some “next” and
“current” pom copies inside. So, I had a look at my original and they didn’t
have them, so I updated the tar.gz and its hashes.
Also, I did rename the sha512 back to sha as SHA is the algorithm … you usually
encounter SHA, SHA1 or SHA2, but never SHA512 in the wild.
Regarding the hashes in Nexus: We shouldn’t change this, as these are the
hashes Maven works with. If we change this, it could be that the artifacts are
no longer accessible. The build isn’t generating them anyway but Nexus
generates them automatically. So I guess even if we wanted to change things, we
couldn’t.
Chris
Am 06.12.17, 23:55 schrieb "Dale LaBossiere" <dml.apa...@gmail.com>:
Agreed on all points regarding the zip.
Since you offered, I updated the scripts to require it and the sha512 noted
below :-)
The verification includes verifying the tar.gz and zip contents are the
same.
On another topic, [1] says the suffix MUST be sha512 for a SHA 512 sum
(which in fact is what the file contains)
apache-edgent-1.2.0-incubating-source-release.tar.gz.sha1
So that needs be changed in the staging area in addition to staging the zip
and its sums/sig.
Thanks!
— Dale
[1] http://www.apache.org/dev/release-distribution#sigs-and-sums
> On Dec 6, 2017, at 2:35 PM, Christofer Dutz <christofer.d...@c-ware.de>
wrote:
> ...
> I just had a look at what the script was looking for. If releasing tar
and zip i think we would have to do the checking for both types. I can add the
other zip easily. But in that Case i would suggest adding that to the script
and add one check to make sure the content is identical. Would be good If we
could be sure we need to detail-check only one.
> ...
> From: Dale LaBossiere <dml.apa...@gmail.com>
> ...
> -Papache-release also generates a zip. I had expected we’d be releasing
that too but it isn’t staged.
> At this time I’m fine if we just continue 1.2.0 with only the tar.gz but
if you also want to stage the zip that's fine too.
>
> I just need to know which way we’re going because I need to adjust the
“downloads” website page accordingly.
