Obligatory: sorry, I didn't make the time to look at it today. Thanks,
Drew, for covering my butt! I will do this first thing in the morning,
but I wanted to comment on two things before I forget.
Edward Capriolo wrote:
* The git commit ID is good to see (not just the tag), but linking to
your personal github acct is a little out-of-the-normal to me.
Yes. I plan on pushing that commit to apache git as the tag once the vote
is complete. Normally the maven release WOULD push the tag but we are
voting on the tag so I did not want to push it until it is +1ed.
In the shortest way possible: this isn't how this works :)
You *must* push the commit which is being voted on. The thing being
voted upon must exist in the VCS. It is very normal to avoid pushing a
tag that would imply a release (e.g. gossip-0.1.1-incubating), and it is
common to see an "RC" tag pushed instead (e.g.
gossip-0.1.1-incubating-rc1). Yes, this often requires a little bit of
scripting or manual tag/push logic on your part. It's pretty common to
see a little bash script that encapsulates this logic.
I have pushed the tag as
https://github.com/apache/incubator-gossip/tree/gossip-0.1.1-incubating-rc1when
the vote is complete I will re-tag as
https://github.com/apache/incubator-gossip/tree/gossip-0.1.1-incubating
*The manifest at the start of the KEYS file doesn't list you key although
the it present at the end of the file.
My manifest is after Taylors key (towards the middle of the file)
* For the checksums, I'm guessing you copied the wrong filename.
I assume you meant those are the checksums for
gossip-0.1.1-incubating-source-release.zip as a gpg signature doesn't
require
a checksum to ensure it was not tampered with
The maven process signed every artifact here:
https://repository.apache.org/content/repositories/orgapachegossip-1001/org/apache/gossip/gossip/0.1.1-incubating/
I have verified these locally.
The correct URL to the keys file is here:
https://dist.apache.org/repos/dist/release/incubator/gossip/KEYS
Please re-read what I wrote :). I did not state that the checksums or
signatures were bad/wrong. The URL in your VOTE email to the file which
the checksums and signatures are for was incorrect/nonsensical.
