Thanks do much, Mick. 
I will do a quick update and release again soon.

Now vote is closing.

Sheng Wu
Apache SkyWalking

From Wu Sheng 's phone.


------------------ Original ------------------
From: Mick Semb Wever <m...@apache.org>
Date: Fri,Aug 31,2018 9:35 AM
To: dev <dev@skywalking.apache.org>
Subject: Re: [VOTE] Release Apache SkyWalking (incubating) version 5.0.0-RC




> Voting will start now (2018/8/29 date) and will remain open for at least 
> 72 hours, Request all PPMC members to give their vote.
> [ ] +1 Release this package.
> [ ] +0 No opinion.
> [ ] -1 Do not release this package because....


-1  The digests on the maven artefacts don't meet the new ASF release 
requirements.

The distribution artefacts are good, only asc signatures and sha512 digests, as 
seen in
 https://dist.apache.org/repos/dist/dev/incubator/skywalking/5.0.0-RC/

But the artefacts in the maven staging repository don't have sha512 digests, 
and have the now forbidden md5 and sha1 digests.
As seen in
 
https://repository.apache.org/content/repositories/orgapacheskywalking-1017/org/apache/skywalking/agent-grpc-provider/5.0.0-RC/

The relevant ASF documentation is in 
 https://www.apache.org/dev/release-distribution#sigs-and-sums
specifically??

> For every artifact distributed to the public through Apache channels, the PMC
>
>  - MUST supply a valid OpenPGP-compatible ASCII-armored detached signature 
> file
>  - MUST supply at least one checksum file
>  - SHOULD supply a SHA-256 and/or SHA-512 checksum file
>  - SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are 
> deprecated)
>
> For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT 
> supply MD5 or SHA-1. Existing releases do not need to be changed.

Upgrading to apache pom 21 should fix this.
https://lists.apache.org/thread.html/ab0838d16033a54e039cf3dbe3344c7e63b340f0dbc14ad14211ff1d@%3Cannounce.maven.apache.org%3E

regards,
Mick

Reply via email to