(restoring original copy list)
-------- Forwarded Message -------- Subject: Re: deploying to repository.apache.org: gpg signatures on .sha512 checksums required? Date: Thu, 18 Oct 2018 09:50:22 -0400 From: Marshall Schor <[email protected]> To: [email protected] Only missing signatures, for me. See https://repository.apache.org - Staging Repositories, and look at the bottom, you should see orgapacheuima-1199 with a little "3" in a red box indicating 3 error messages, and if you select it, then Activity tab, and expand "close" you can see the 3 error messages. -Marshall On 10/18/2018 9:22 AM, Brian Fox wrote: > I have a patch to the plugin that I need to get some time to test. I'm the > bottle neck unfortunately. Is the rule blocking only because of the missing > signature or is it balking at the hashes too? > > On Thu, Oct 18, 2018 at 9:05 AM Marshall Schor <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > > Following more requests to update our builds to generate .sha512 > checksums, we > changed our "parent-pom" to do this, but now find we can't upload > artifacts to > repository.apache.org <http://repository.apache.org> unless we also change > our builds to do gpg-signatures for > the .sha512 checksums (which seems overreaching). > > I found INFRA-14923 looking to fix this; it has been open for over a > year, but > there seems to be some recent activity. > > In order to do releases, should we change our build (for now) to add gpg > signatures to the .sha512 checksums, or will INFRA-14923 be fixed shortly? > > -Marshall Schor >
