Ok … so I removed all the distribution and the „tests“-modules from the staging
repo.
Chris
Am 07.12.17, 10:00 schrieb "Christofer Dutz" <christofer.d...@c-ware.de>:
Hi Dale,
I added the zip and then noticed that the tag.gz did have some “next” and
“current” pom copies inside. So, I had a look at my original and they didn’t
have them, so I updated the tar.gz and its hashes.
Also, I did rename the sha512 back to sha as SHA is the algorithm … you
usually encounter SHA, SHA1 or SHA2, but never SHA512 in the wild.
Regarding the hashes in Nexus: We shouldn’t change this, as these are the
hashes Maven works with. If we change this, it could be that the artifacts are
no longer accessible. The build isn’t generating them anyway but Nexus
generates them automatically. So I guess even if we wanted to change things, we
couldn’t.
Chris
Am 06.12.17, 23:55 schrieb "Dale LaBossiere" <dml.apa...@gmail.com>:
Agreed on all points regarding the zip.
Since you offered, I updated the scripts to require it and the sha512
noted below :-)
The verification includes verifying the tar.gz and zip contents are the
same.
On another topic, [1] says the suffix MUST be sha512 for a SHA 512 sum
(which in fact is what the file contains)
apache-edgent-1.2.0-incubating-source-release.tar.gz.sha1
So that needs be changed in the staging area in addition to staging the
zip and its sums/sig.
Thanks!
— Dale
[1] http://www.apache.org/dev/release-distribution#sigs-and-sums
> On Dec 6, 2017, at 2:35 PM, Christofer Dutz
<christofer.d...@c-ware.de> wrote:
> ...
> I just had a look at what the script was looking for. If releasing
tar and zip i think we would have to do the checking for both types. I can add
the other zip easily. But in that Case i would suggest adding that to the
script and add one check to make sure the content is identical. Would be good
If we could be sure we need to detail-check only one.
> ...
> From: Dale LaBossiere <dml.apa...@gmail.com>
> ...
> -Papache-release also generates a zip. I had expected we’d be
releasing that too but it isn’t staged.
> At this time I’m fine if we just continue 1.2.0 with only the tar.gz
but if you also want to stage the zip that's fine too.
>
> I just need to know which way we’re going because I need to adjust
the “downloads” website page accordingly.
