Hyrum K. Wright wrote: > On Jan 14, 2010, at 6:33 AM, Mark Phippard wrote: > > >> On Wed, Jan 13, 2010 at 11:19 AM, Hyrum K. Wright >> <hyrum_wri...@mail.utexas.edu> wrote: >> >> >>> Given this feedback, and the fact that it's a patch release with supposed >>> minimal changes between releases, I agree we should >>> step back to Neon 0.28.3. I've rerolled the tarballs and replaced them at >>> the download site with the new deps tarballs. >>> >> I just read this more closely and fear I have led you astray. I only >> used Neon 0.28.3 because that happened to be the version I had sitting >> in an old working copy (I had just deleted all of the old deps zip >> files before starting the tests). However, there have been security >> fixes in Neon since that release, so we should include the latest >> version - 0.28.7 (or 0.29.3). I suspect that is the version we would >> have included with 1.6.6, but maybe not. >> > > Turns out I updated the script, but didn't bother to re-run it. Gah. > > >> Can't we just copy/rename the 1.6.6 deps tarballs? >> > > I don't see a problem with this. We can even borrow the signatures from > those files, yes? > > >> Are we (thankfully in my opinion) going to drop the deps tarballs when >> we start releasing at ASF? >> > > I don't know the party line on this, but I certainly hope it is the case. >
We certainly can't release a deps tarball with Neon in it as an ASF release. GPL misRules. -- Brane
