I can probably do that tomorrow. Can you point me to instructions? I don't know where to upload the updated binaries or what the Apache process is to do the signing. Is there an easy way to generate an md5 for a file on Mac?
- Josh On Thu, Sep 8, 2016 at 5:24 PM, Alex Harui <[email protected]> wrote: > > > On 9/8/16, 4:12 PM, "Josh Tynjala" <[email protected]> wrote: > > >To avoid this issue in the future, whichever ant target is used to create > >a > >binary release should probably clean everything first. Another potential > >issue is that someone might modify their downloaded files to test > >something > >locally and forget to revert them. In other words, local modifications > >could end up in a binary release without any kind of warning. If the full > >binary release build forced a clean and re-downloaded dependencies, that > >would handle both issues. > > For me, the GCL files are outside the ant folders so a clean wouldn't > help. It is an interesting Apache-ism that they recommend building > artifacts locally. It would be way more safe IMO to just ship something > from the CI server. But that's also a reason that only the source > artifact is an official release. The binary artifacts are harder to > verify and thus aren't official releases, just a convenience. > > > > >Can we update the binary release of 0.7.0? Or do we need to do a 0.7.1? As > >far as I can tell, the source bits are fine because the downloads are part > >of building from source. > > In this case, I think you can add that one file to the binary package, > update the md5 files and sign it and push it back up there. > > -Alex > >
