[
https://issues.apache.org/jira/browse/TINKERPOP-2860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17715176#comment-17715176
]
Yang Xia commented on TINKERPOP-2860:
-------------------------------------
I think I'd agree with Stephen where the trust is placed on the release manager
for the correct deployment of convenience binaries.
[~divijvaidya], just checking if you had any thoughts or process suggestions
regarding this topic, since we are looking into a new release?
> Change release process to add binary verification for Python and .Net client
> ----------------------------------------------------------------------------
>
> Key: TINKERPOP-2860
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2860
> Project: TinkerPop
> Issue Type: Bug
> Components: build-release
> Affects Versions: 3.5.5
> Reporter: Divij Vaidya
> Priority: Blocker
>
> The binaries that we release for python and .Net are not voted-on during the
> release process.
> Hence, there is no way for a user to validate that the binary in PyPi or
> nuGet is actually generated from the code that was voted on by the PMC.
> We need to modify our change process to add a step where we could validate
> the integrity of the binary that will be added to PyPi or nuGet
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
