On 8 September 2013 18:51, Jason van Zyl <ja...@tesla.io> wrote: > > On Sep 8, 2013, at 1:12 PM, sebb <seb...@gmail.com> wrote: > >> I thought you were going to include the SCM coordinates used to create >> the tarballs? >> > > Sorry, not intentional. I forgot. > >> It's particularly important here, because AFAICT the SCM coordinates >> are not present in the POM. >> If true, then it's not possible to verify the files in the source tarballs. >> > > I hash is always in the distribution, it's how we show where it comes from > when you type "mvn -v". It's in the build properties in the core JAR and the > hash in there is: > > c9950d777c7368e51431500c29aecf1e11e3d2c6
Not exactly easy to find! In order to actually find the sources that correspond with the hash, additional information is needed, which also needs to be in the vote e-mail. >> Also, AFAIK, the PMC agreed to include hashes of the tarballs in vote >> e-mails? According to [1], the vote email should have the following contents: ==== Source release checksum(s): [NAME-OF]-source-release.zip sha1: [SHA1SUM] md5: [MD5SUM] ==== [1] http://maven.apache.org/developers/release/maven-project-release-procedure.html#Call_the_vote >> >> On 8 September 2013 14:07, Jason van Zyl <ja...@tesla.io> wrote: >>> Hi, >>> >>> Here is a link to Jira with 6 issues resolved: >>> https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500&version=18968 >>> >>> Staging repo: >>> https://repository.apache.org/content/repositories/maven-016/ >>> >>> The distributable binaries and sources for testing can be found here: >>> https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ >>> >>> Specifically the zip, tarball, and source archives can be found here: >>> https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip >>> https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz >>> https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip >>> https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz >>> >>> Vote open for 72 hours. >>> >>> [ ] +1 >>> [ ] +0 >>> [ ] -1 >>> >>> Thanks, >>> >>> The Maven Team >>> >>> >>> >>> >>> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org >> For additional commands, e-mail: dev-h...@maven.apache.org >> > > Thanks, > > Jason > > ---------------------------------------------------------- > Jason van Zyl > Founder, Apache Maven > http://twitter.com/jvanzyl > --------------------------------------------------------- > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
