Karl, Are you sure your SVN checkout is up to date? As I did change archives along with signatures and checksums, and they should be OK
This is the commit email of my change: https://lists.apache.org/thread/7wn1sgd7hbcndtgypvjz4qzx0d2brobx Can someone else verify this? Thanks T On Tue, Oct 3, 2023 at 1:05 PM Karl Heinz Marbaise <khmarba...@gmx.de> wrote: > Hi, > > the permissions in the .tar.gz archive are Ok now. > > Please update the SHA512 because it's the previous one..(I've checked > the .tar.gz) but I assume that the SHA512 for the -bin.zip has changed > also)... > > https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/binaries/ > > Kind regards > Karl Heinz Marbaise > On 02.10.23 11:10, Tamás Cservenák wrote: > > Bah, > > > > This is the same problem as before... but originally it happened on my > > desktop. This time the release was done from my laptop :( > > > > I believe the fix is the same as before: I should rebuild from the tag, > > after I fixed my local repository, as source bundles we vote on are > > unchanged... > > > > T > > > > > > On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy <hbout...@apache.org> > wrote: > > > >> thinking twice, I need to change to -1: this may impact users that > expect > >> to use the group permissions to use Maven binaries > >> > >> sorry > >> I don't know what tests you are doing with permissions on your > >> environment, but these tests leak releases :( > >> > >> Regards, > >> > >> Hervé > >> > >> On 2023/10/02 07:11:02 Herve Boutemy wrote: > >>> +1 > >>> > >>> but Reproducible not fully ok: reference build done with JDK 17 on *nix > >> and umask 022 > >>> apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask (go-r) > on > >> wagon jars: > >>> > >>> $ diffoscope > >> target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip > >> apache-maven/target/apache-maven-3.9.5-bin.zip > >>> --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip > >>> +++ apache-maven/target/apache-maven-3.9.5-bin.zip > >>> │┄ Archive contents identical but files differ, possibly due to > >> different compression levels. Falling back to binary comparison. > >>> ├── zipinfo {} > >>> │ @@ -81,21 +81,21 @@ > >>> │ -rw-r--r-- 2.0 unx 74345 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar > >>> │ -rw-r--r-- 2.0 unx 317619 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar > >>> │ -rw-r--r-- 2.0 unx 37757 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar > >>> │ -rw-r--r-- 2.0 unx 51503 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar > >>> │ -rw-r--r-- 2.0 unx 379348 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar > >>> │ -rw-r--r-- 2.0 unx 4225 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar > >>> │ -rw-r--r-- 2.0 unx 289577 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/maven-compat-3.9.5.jar > >>> │ --rw------- 2.0 unx 55101 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar > >>> │ +-rw-r--r-- 2.0 unx 55101 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar > >>> │ -rw-r--r-- 2.0 unx 205307 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar > >>> │ -rw-r--r-- 2.0 unx 58284 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/commons-cli-1.5.0.jar > >>> │ --rw------- 2.0 unx 9405 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/wagon-http-3.5.3.jar > >>> │ --rw------- 2.0 unx 40832 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar > >>> │ --rw------- 2.0 unx 785639 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/httpclient-4.5.14.jar > >>> │ --rw------- 2.0 unx 11350 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/wagon-file-3.5.3.jar > >>> │ +-rw-r--r-- 2.0 unx 9405 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/wagon-http-3.5.3.jar > >>> │ +-rw-r--r-- 2.0 unx 40832 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar > >>> │ +-rw-r--r-- 2.0 unx 785639 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/httpclient-4.5.14.jar > >>> │ +-rw-r--r-- 2.0 unx 11350 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/wagon-file-3.5.3.jar > >>> │ -rw-r--r-- 2.0 unx 16555 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/jcl-over-slf4j-1.7.36.jar > >>> │ -rw-r--r-- 2.0 unx 40277 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/maven-resolver-connector-basic-1.9.16.jar > >>> │ -rw-r--r-- 2.0 unx 16249 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/maven-resolver-transport-file-1.9.16.jar > >>> │ -rw-r--r-- 2.0 unx 55689 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/maven-resolver-transport-http-1.9.16.jar > >>> │ -rw-r--r-- 2.0 unx 327891 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/httpcore-4.4.16.jar > >>> │ -rw-r--r-- 2.0 unx 360738 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/commons-codec-1.16.0.jar > >>> │ -rw-r--r-- 2.0 unx 32488 b- defN 23-Oct-01 18:38 > >> apache-maven-3.9.5/lib/maven-resolver-transport-wagon-1.9.16.jar > >>> │ --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip > >>> > >>> Regards, > >>> > >>> Hervé > >>> > >>> > >>> On 2023/10/01 19:07:05 Tamás Cservenák wrote: > >>>> Howdy, > >>>> > >>>> Note: This release completes the main goals of Maven 3.9.x lineage, > >> among > >>>> others moving to Java 8 and transition to latest Resolver 1.9.x > >> features > >>>> (new robust transports, local repository locking, provided checksums, > >>>> remote repository filtering and more). Maven Resolver 1.9.x lineage is > >>>> already in "bugfix only" (no new features) maintenance mode, and this > >> makes > >>>> Maven 3.9.x lineage getting into this maintenance mode as well. I do > >>>> foresee some more Maven 3.9.x releases with usual fluff (bug fixes, > >>>> lifecycle plugin updates), but the focus should move to upcoming Maven > >> 4, > >>>> Resolver 2 and mvnd (at least when "core" is considered). > >>>> > >>>> --- > >>>> > >>>> We solved 8 issues: > >>>> > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922&version=12353460 > >>>> > >>>> There are still a couple of issues left in JIRA: > >>>> > >> > https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved > >>>> > >>>> Staging repo: > >>>> https://repository.apache.org/content/repositories/maven-1995 > >>>> > >>>> Dev dist directory (binary bundles updated): > >>>> https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/ > >>>> > >>>> Source release checksums: > >>>> apache-maven-3.9.5-src.zip sha512: > >>>> > >> > f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f > >>>> > >>>> apache-maven-3.9.5-src.tar.gz sha512: > >>>> > >> > fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e > >>>> > >>>> Staged site: > >>>> https://maven.apache.org/ref/3-LATEST/ > >>>> > >>>> Draft for release notes: > >>>> https://github.com/apache/maven-site/pull/458 > >>>> > >>>> Guide to testing staged releases: > >>>> > http://maven.apache.org/guides/development/guide-testing-releases.html > >>>> > >>>> Vote open for 72h > >>>> > >>>> [ ] +1 > >>>> [ ] +0 > >>>> [ ] -1 > >>>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > >>> For additional commands, e-mail: dev-h...@maven.apache.org > >>> > >>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > >> For additional commands, e-mail: dev-h...@maven.apache.org > >> > >> > > > >
