Uwe Schindler commented on LUCENE-5143:

Jan: +1 to your analysis of all the key files and merging them together, that's 
really needed. We should also document this on the release wiki. I did not go 
through all keys, I trust your script that you haven't forgotten one. Maybe we 
should do some test:

- delete your locally cached GPG keys folder (maybe as a "pristine" test user).
- download one (small) file from all prior releases (one file of each) and the 
asc file. Maybe Maven central is good for this, too.
- import the new keys file into the "pristine" user's GPG.
- check all file signatures

> rm or formalize dealing with "general" KEYS files in our dist dir
> -----------------------------------------------------------------
>                 Key: LUCENE-5143
>                 URL: https://issues.apache.org/jira/browse/LUCENE-5143
>             Project: Lucene - Core
>          Issue Type: Task
>            Reporter: Hoss Man
>            Assignee: Jan H√łydahl
>            Priority: Major
>             Fix For: 7.4, master (8.0)
>         Attachments: LUCENE-5143.patch, LUCENE-5143.patch, LUCENE-5143.patch, 
> LUCENE-5143_READMEs.patch, LUCENE-5143_READMEs.patch, 
> LUCENE-5143_READMEs.patch, LUCENE_5143_KEYS.patch
> At some point in the past, we started creating a snapshots of KEYS (taken 
> from the auto-generated data from id.apache.org) in the release dir of each 
> release...
> http://www.apache.org/dist/lucene/solr/4.4.0/KEYS
> http://www.apache.org/dist/lucene/java/4.4.0/KEYS
> http://archive.apache.org/dist/lucene/java/4.3.0/KEYS
> http://archive.apache.org/dist/lucene/solr/4.3.0/KEYS
> etc...
> But we also still have some "general" KEYS files...
> https://www.apache.org/dist/lucene/KEYS
> https://www.apache.org/dist/lucene/java/KEYS
> https://www.apache.org/dist/lucene/solr/KEYS
> ...which (as i discovered when i went to add my key to them today) are stale 
> and don't seem to be getting updated.
> I vaguely remember someone (rmuir?) explaining to me at one point the reason 
> we started creating a fresh copy of KEYS in each release dir, but i no longer 
> remember what they said, and i can't find any mention of a reason in any of 
> the release docs, or in any sort of comment in buildAndPushRelease.py
> we probably do one of the following:
>  * remove these "general" KEYS files
>  * add a disclaimer to the top of these files that they are legacy files for 
> verifying old releases and are no longer used for new releases
>  * ensure these files are up to date stop generating per-release KEYS file 
> copies
>  * update our release process to ensure that the general files get updated on 
> each release as well

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to