On Thu, Jan 15, 2015 at 2:34 AM, Branko Čibej <[email protected]> wrote:
> On 15.01.2015 11:02, Sergey Evdokimov wrote: > > To use Apache Code Signing Service we need to appoint one of committer as > > release manager (https://reference.apache.org/pmc/newcodesigning). > > Just to be clear: you don't need the code signing service for source > releases. For that, you only need PGP signatures from the (current) RM > and other (P)PMC members. For example, over at Subversion, every PMC > member who votes for the release artefacts also signs them, so that we > have more than one signature for any release. > > Before worrying too much about publishing convenience binaries, you have > to get the process for source releases sorted out. Right now, the Ignite > code is not even close being suitable for release. Not because of > missing features — we're not concerned with feature sets — but because > they don't conform to legal requirements: > > * Many of the sources do not have the required license headers > * All Java APIs must be in the org.apache.ignite namespace, right now > I see 'gridgain' all over the place > * LICENSE and NOTICE files are missing > > and so on. Fixing the above will be a lot of work so I really don't > recommend worrying about signing convenience binaries at this point. > Brane, we are doing many things in parallel, including binary releases and source code clean up. All the file headers were fixed yesterday. The repackaging into "org.apache.ignite" will happen over the weekend as we need other branches to be fully merged for this to happen. I have created a ticket for LICENSE and NOTICE files (someone will pick it up): https://issues.apache.org/jira/browse/IGNITE-97 > > > > I'm not > > a committer. Whose account use to registration on Apache Code Signing > > Service. > > Guys, how can you have a release manager who's not a committer? How did > Sergey even think to begin working on this in the first place? > Sergey is not a release manager. He is working on automating binary release build. I don't want have to pick a release manager yet, until we have something releasable. > > > P.S. Signing release using that service costs money. Who will decide to > use > > it or not? > > The PMC, of course. During incubation, that's PPMC+IPMC. > > -- Brane > > > On Wed, Jan 14, 2015 at 12:40 PM, Sergey Evdokimov < > [email protected]> > > wrote: > > > >> Hello, > >> > >> I'm working on Ignite release process. > >> > >> All release artifacts must be signed. Does we have a key to sign > GridGain > >> artifacts or I should generate it? If I will generate key how to make > >> public key trusted? > >> > >> I've created TeamCity configuration that build Nightly builds and upload > >> it to https://repository.apache.org/content/repositories/snapshots . > >> (TeamCity configuration: > >> > http://94.72.60.102/viewType.html?buildTypeId=IgniteBuildsAndUploads_IniteNightlyBuild > >> ) > >> > >
