On Tue, Apr 8, 2008 at 6:30 PM, Martin Cooper <[EMAIL PROTECTED]> wrote:
> > > On Tue, Apr 8, 2008 at 6:22 PM, Don Brown <[EMAIL PROTECTED]> wrote: > > > *sigh* is this all necessary? I mean, by using the Maven release > > plugin, the binaries are created off the tag. A quick SVN command can > > confirm the tag hasn't been modified, so I don't see any problem with > > Jeromy building new binaries and finishing the release. The vote had > > passed with the caveat that the binaries are signed, so if Jeromy > > built the same binaries, a new vote would be an exercise in useless > > bureaucracy, IMO. > > > If the binaries Jeromy created are bit-for-bit identical to the ones you > built, then I don't have a problem. If they're not, then what he has built > is not the same as what was voted on. > And more to the point, actually, it's not what people tested before they voted. -- Martin Cooper > > -- > Martin Cooper > > > > > > > Don > > > > On Wed, Apr 9, 2008 at 10:30 AM, Jeromy Evans > > <[EMAIL PROTECTED]> wrote: > > > Wendy Smoak wrote: > > > > > > > On Tue, Apr 8, 2008 at 8:54 AM, Jeromy Evans > > > > <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > I've signed struts-annotations-1.0.3 using [EMAIL PROTECTED] and > > copied > > > to > > > > > [1]. > > > > > > > > > > > > > > > > > > Where/how did you sign them? Were the files re-built? Generally > > you > > > > only sign what you build yourself, while it's under your control on > > a > > > > machine you trust. > > > > > > > > > > > > > > > Thanks for looking at these Wendy. It's difficult to step-in part > > way > > > through the process. > > > > > > I checked the source out from the struts-annotations-1.03 TAG. > > > I packaged and signed them myself but DID NOT deploy to > > > m2-staging-repository as that task was complete already > > > From step 7 of Ref[1], I signed the build artifacts and copied them > > to > > > Ref[2] as per step 8. > > > > > > [1] > > > > > http://cwiki.apache.org/confluence/display/WW/Creating+and+Signing+a+Distribution > > > [2] http://people.apache.org/builds/struts/struts-annotations/1.0.3/ > > > > > > > > > > > > > I'm also not sure how the vote passed, if they were never signed > > > originally. > > > > > > > > > > > > > > > I see that you mentioned that during the vote. > > > > > > > > > > > > > > > > > > Can some please take a moment to check these? If they're okay I > > > presume > > > > > the artefacts then just need to be copied to the right location > > for > > > rsync to > > > > > ibiblio. Any other formalities for struts-annotations? > > > > > > > > > > [1] > > http://people.apache.org/builds/struts/struts-annotations/1.0.3/ > > > > > > > > > > > > > > > > > > Is this the same as what's in > > > > > > > > > http://people.apache.org/builds/struts/struts-annotations/1.0.3/m2-staging-repository/org/apache/struts/struts-annotations/1.0.3/ > > > > ? > > > > > > > > > > > > > > I think that is a problem isn't it? The files in the > > m2-staging-repository > > > [3] were built and deployed by Don, not the files I built and signed > > [2] > > > As the maven artefacts for ibiblio come from m2-staging-repository > > they'd > > > be Don's binaries, not mine. I presume that means the process has to > > be > > > started from scratch unless Don completes as only he can/should sign > > the > > > binaries he created and voters tested? > > > > > > [3] > > > > > http://people.apache.org/builds/struts/struts-annotations/1.0.3/m2-staging-repository/org/apache/struts/struts-annotations/1.0.3/ > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > >
