+1 on that.. still working on getting release instructions updated, but I think that's a superb idea...
On Thu, Dec 8, 2016 at 12:29 PM, Eric Friedrich (efriedri) <[email protected]> wrote: > Any chance we could start running RAT as part of our CICD builds? > > I could probably set something up in our private Jenkins if theres not a > better option. > > —Eric > >> On Dec 8, 2016, at 11:24 AM, Dan Kirkwood <[email protected]> wrote: >> >> FYI -- we decided to -1 this based on more license issues.. The >> .rat-excludes file previously mentioned has been updated and those >> issues resolved. I'll be putting together a RC4 this morning. >> >> -Dan >> >> On Sat, Dec 3, 2016 at 4:16 PM, Leif Hedstrom <[email protected]> wrote: >>> >>>> On Dec 2, 2016, at 5:57 PM, Dan Kirkwood <[email protected]> wrote: >>>> >>>> Thanks again for the feedback, Leif.. There is a .rat_excludes >>>> file at the top level, but it looks like we didn't get it fully >>>> populated. The .json files should certainly be excluded.. >>> >>> Oh, but it was not in the tar-ball, that’s why I couldn’t find it. >>> >>>> >>>> According to the page you referred to earlier, you can use one of >>>> several methods to do create the md5 sum: >>>> http://www.apache.org/dev/release-signing.html#md5 >>>> <http://www.apache.org/dev/release-signing.html#md5> -- as we already >>>> are using gpg for signing, I figured that would be safe.. It >>>> doesn't matter to me which we use, but we should be consistent, so >>>> I'll document what we decide on in the release instructions.. >>> >>> Yeh, I don’t care (much), as long as you are consistent (it should be part >>> of a build script / Makefile target). >>> >>> The ASCII armor validated fine btw :). >>> >>>> >>>> Easy enough to include sha1 as well :-) >>> >>> Cool. >>> >>> Cheers, >>> >>> — leif >>> >
