Hi, As part of the release check in https://dist.apache.org/repos/dist/dev/jackrabbit/check-release.sh the provided source archive is compared with the downloaded git tag/svn export. Due a change in the default excludes of plexus-utils (https://github.com/codehaus-plexus/plexus-utils/commit/e8a8433894eae9e8f82cbba4b903508362e9322a) the files.gitattributes and .gitignore are no longer excluded by default. This affects e.g. the maven-assembly-plugin, which uses plexus archiver, which itself uses plexus-utils (updated in https://github.com/codehaus-plexus/plexus-utils/commit/e8a8433894eae9e8f82cbba4b903508362e9322a).
In general all packaging plugins which leverage the AbstractScanner from plexus-utils (like maven-jar-plugin, maven-source-plugin, maven-assembly-plugin) will no longer exclude those files, which makes e.g. the src.zip archive contain those metadata files. Currently that leads to issues like this when validating new releases: "Only in ./target/jackrabbit-filevault-3.6.2/zip/jackrabbit-filevault-3.6.2: .gitattributes Only in ./target/jackrabbit-filevault-3.6.2/zip/jackrabbit-filevault-3.6.2: .gitignoreā€¯ There are the following ways on how the check-release.sh could be adjusted: 1. Ignore the file patterns given in CLEAN_SCM always in the given ZIP (for all components) 2. Adjust CLEAN_ZIP for affected components (non backwards-compatible) 3. Adjust CLEAN_SCM for affected components (non backwards-compatible) WDYT? Thanks, Konrad
