On Tue, Apr 8, 2008 at 6:57 PM, Jeromy Evans < [EMAIL PROTECTED]> wrote:
> Martin Cooper wrote: > > > > > > If the binaries Jeromy created are bit-for-bit identical to the ones > > > you > > > built, then I don't have a problem. If they're not, then what he has > > > built > > > is not the same as what was voted on. > > > > > > > > > > > > > And more to the point, actually, it's not what people tested before they > > voted. > > > > -- > > Martin Cooper > > > > > > > > > > Understood. Can I sign and distribute Don's binaries[1] or *must* they be > signed by the person that built them? I've lost track of why Don can't sign them himself, but I would consider it OK for you to do that if you use the following process: 1) Have Don e-mail you the binaries or otherwise get them to you in a way that they could not be intercepted. (I don't consider you picking them up from the URL below to be acceptable because there is a chance, however slim, that those binaries could have been compromised. And yes, I realise that e-mail can in fact be intercepted as well, but if you guys coordinate time-wise, I think that is an acceptable risk.) 2) You sign them, and mail the .asc files back to Don. 3) Don verifies that the .asc files you sent him validate successfully against the binaries that he has. At this point, you (Jeromy) have the appropriate signatures for what Don originally built, as well as the binaries, and can take it from there. -- Martin Cooper > > I generally wouldn't do it, but consider struts-annotations-1.3 as > low-risk because of its small scope and that these binaries built on 17Feb08 > passed a vote on 18Feb08. > > I'm trying to push ahead as struts-annotations-1.3 is blocking a release > of struts-2.1.1. > > [1] > http://people.apache.org/builds/struts/struts-annotations/1.0.3/m2-staging-repository/org/apache/struts/struts-annotations/1.0.3/ > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
