On Thu, Aug 4, 2016 at 3:52 PM, Marcus <marcus.m...@wtnet.de> wrote: > Am 08/05/2016 12:26 AM, schrieb Kay Schenk: > >> On 08/04/2016 02:21 PM, Marcus wrote: >> >>> Am 08/03/2016 05:31 AM, schrieb Dennis E. Hamilton: >>> >>>> Testing of an Apache OpenOffice 4.1.2-patch1 procedure is requested. >>>> >>>> The files to be used in testing are at >>>> <https://dist.apache.org/repos/dist/dev/openoffice/4.1.2- >>>> patch1/binaries/Windows>. >>>> >>>> >>>> >> hmmm...well no zips for Mac, Linux32, or Linux 64 -- yet. >> >> Should we get started on these? >> > > it depends what we want that they should contain. The ZIP file for Windows > contains a LICENSE and NOTICE file as well as an ASC file for the DLL. As > it is only a patch IMHO we don't need to provide another LICENSE and NOTICE > file which is already available in the OpenOffice installation. Also the > ASC is not necessary as we provide it already (together with MD5 and > SHA256) for the whole ZIP file. >
I'm Ok with the extra "asc" on the library especially if the supplier of the library is not the same person who supplies the entire zip. I'm not convinced we need LICENSE and NOTICE either. In any case, we need to come to a conclusion about what will be included and by whom. These zips all need to be signed, so only AOO developers who have already supplied keys on: http://www.apache.org/dist/openoffice/KEYS can sign these. Of course, it's not TOO late to generate a release key and add names to the list. :) > That means that only the README and library file remains. > > When the README for Windows keep its length then I don't want to copy this > on the dowload webpage. ;-) > > So, when we put the README for all platforms in their ZIP files then we > can just put a pointer to it on the download webpage and thats it. > > To cut a long story short: > I would say yes for a ZIP file for every platform. > > * apache-openoffice-4.1.2-patch1-apply-Win_x86.zip.asc >>>> >>> >>> I don't know if this is OK or still bad: >>> >>> gpg --verify apache-openoffice-4.1.2-patch1-apply-Win_x86.zip.asc >>> apache-openoffice-4.1.2-patch1-apply-Win_x86.zip >>> gpg: Signature made Tue 02 Aug 2016 06:24:08 AM CEST using RSA key ID >>> D456628A >>> gpg: Good signature from "keybase.io/orcmid (confirmed identifier) >>> <orc...@keybase.io>" >>> gpg: aka "orcmid (Dennis E. Hamilton)<orc...@msn.com>" >>> gpg: aka "orcmid Apache (code signing)<orc...@apache.org >>> >" >>> gpg: aka "Dennis E. Hamilton (orcmid) >>> <dennis.hamil...@acm.org>" >>> gpg: WARNING: This key is not certified with a trusted signature! >>> gpg: There is no indication that the signature belongs to the >>> owner. >>> >> >> I get this on sig checks also. There's probably a step we're missing to >> specify "trust" locally. >> >> See: >> http://www.apache.org/dev/release-signing.html >> > > OK, thanks. > > > Marcus > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > > -- ---------------------------------------------------------------------- MzK "Time spent with cats is never wasted." -- Sigmund Freud
