On Sat, Sep 21, 2024 at 4:26 PM Richard Eckart de Castilho <r...@apache.org> wrote:
> Checked out release tag at 783722121d55530813f21e5e6bc14e9955777e5c: ok > Compared tag against source ZIP: ok > Signatures on distribution spot: match KEYS file - no trust established yet > SHA256 hashes on distribution spot: ok > Signatures on staging repository: match KEYS file - no trust established > yet > SHA1/MD5 hashes on staging spot: ok > Built from sources using Java 21: ok > > How about switching to SHA512 for hashes? > Sure, I can change the release script and try SHA512 for the next release. I will do some tests after this release. > IMHO strong SHA hashes should also be included in the staging repository, > for the > Maven artifacts, not only in the dist spot. > > This warning appears various times during the build apparently when the > tests boot up - any idea where it comes from? > > WARNING: Using incubator modules: jdk.incubator.vector > > +0.5 for a release ;) > > -- Richard > > P.S.: I'd give a +1 but first we should establish key trust. > I'm not sure what I can do about this. Do we have to mutual exchange signed messages? > > > On 19. Sep 2024, at 23:42, Andrea Del Bene <an.delb...@gmail.com> wrote: > > > > [ ] Yes, release Apache Wicket 10.2.0 > > [ ] No, don't release Apache Wicket 10.2.0, because ... > > > > Distributions, changelog, keys and signatures can be found at: > > > > https://dist.apache.org/repos/dist/dev/wicket/10.2.0 > > > > Staging repository: > > > > > https://repository.apache.org/content/repositories/orgapachewicket-1207/ > > > > Staging git repository data: > > > > Repository: g...@github.com:bitstorm/wicket.git > > Branch: build/wicket-10.2.0 > > Release tag: rel/wicket-10.2.0 > > -- Andrea Del Bene. Apache Wicket committer.
