On 12/11/06, Richard S. Hall <[EMAIL PROTECTED]> wrote:
Daniel Kulp wrote:
> On Monday 11 December 2006 10:57, Richard S. Hall wrote:
>
>> As a follow up, we resolved every issue raised by Daniel except the
>> signing portion. A new snapshot of the release is available at:
>>
>> http://people.apache.org/~rickhall/felix-0.8.0-incubator.html
>>
>> I was able to fix one minor bug in our maven bundle plugin that was
>> causing LICENSE/NOTICE files to not get copied.
>>
>
> Not quite there yet. The incubator DISCLAIMER file is still missing from the
> jars. That would prevent them going into maven repositories.
>
Is that just a recommendation or a requirement? Our NOTICE files contain
the incubator disclaimer text.
it's a requirement that the text is present but AIUI in the NOTICE is
ok (though perhaps a separate DISCLAIMER is clear)
please let me know whether you plan to cut another candidate or
whether i should review the one above
> For the signing part, you really need gnupg installed. Create a key if you
> don't already have one. (I think it's "gpg --gen-key", but it's been a while
> since I looked into that part) Then you just need to run "gpg -a -s
> filename.tar.gz" to produce the asc files.
>
> You would also need to do:
> gpg --list-keys "username" > KEYS
> gpg -a --export "username" >> KEYS
>
> and get that KEYS file added into the root of your SVN repository. Ideally,
> you would also upload it to one of the public keyservers as well. Longer
> term, you should also attend an apache keysigning party or similar to get
> your keys signed by enough "apache people" so that apache people can trust
> that those keys really are yours.
>
Thanks for this info. We will work on it.
see http://www.apache.org/dev/release-signing.html
signing the releases is a requirement. having a well connected code
signing key is definitely good but not mandatory
- robert
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
