On Sat, Dec 25, 2010 at 3:08 PM, Selvaratnam Uthaiyashankar < [email protected]> wrote:
> On Sat, Dec 25, 2010 at 2:56 PM, Senaka Fernando <[email protected]> > wrote: > > Hi again, > > > > So, let's work on these changes and get the release out soon, so that > other > > downstream releases (Synapse etc), can get going. > > +1. I'll update the pom.xml and host the maven repo again. > +1. FYI, I got these two links from legal@, which were two articles done by Donald Woods, for Apache BVAL. These extend the write-up by Henk. [1] http://incubator.apache.org/bval/cwiki/release-setup.html [2] http://incubator.apache.org/bval/cwiki/release-process.html Thanks, Senaka. > > Regards, > Shankar > > > > > > Wish you all a Merry Christmas! > > > > Thanks, > > Senaka. > > > > On Sat, Dec 25, 2010 at 2:48 PM, Senaka Fernando <[email protected]> > wrote: > >> > >> Hi all, > >> > >> Andreas is correct. I discussed the issue on legal@, and the > conclusions > >> were to stage a Maven Repository. Also, we might need to work with > infra@ to > >> get the permissions etc sorted out, and we will have to use the Maven > >> release plugin to sign the Maven artifacts. > >> > >> Now, Rampart and Sandesha2, should be having a nearly similar structure, > >> and we should be able to follow the same approach here. > >> > >> Thanks, > >> Senaka. > >> > >> On Sat, Dec 25, 2010 at 2:14 AM, Andreas Veithen > >> <[email protected]> wrote: > >>> > >>> On Fri, Dec 24, 2010 at 16:07, Senaka Fernando <[email protected]> > wrote: > >>> > Hi Andreas, > >>> > > >>> > On Fri, Dec 24, 2010 at 2:04 PM, Andreas Veithen > >>> > <[email protected]> > >>> > wrote: > >>> >> > >>> >> On Fri, Dec 24, 2010 at 07:33, Senaka Fernando <[email protected]> > >>> >> wrote: > >>> >> > Hi Andreas, > >>> >> > > >>> >> > Many thanks for reminding. > >>> >> > > >>> >> > On Fri, Dec 24, 2010 at 4:54 AM, Andreas Veithen > >>> >> > <[email protected]> > >>> >> > wrote: > >>> >> >> > >>> >> >> Unfortunately, the release candidate doesn't yet meet the (new) > ASF > >>> >> >> requirements for a valid release :-(. See [1]: > >>> >> >> > >>> >> >> "Every artifact distributed by the Apache Software Foundation > >>> >> >> should > >>> >> >> and every new one must be accompanied by one file containing an > >>> >> >> OpenPGP compatible ASCII armored detached signature and another > >>> >> >> file > >>> >> >> containing an MD5 checksum." > >>> >> >> > >>> >> >> Although the document doesn't mention Maven artifacts explicitly, > >>> >> >> the > >>> >> >> common interpretation [2] of this requirement is that every > >>> >> >> individual > >>> >> >> Maven artifact must be signed. > >>> >> > > >>> >> > I will get this clarified, to how this should be done. Signing > Maven > >>> >> > artifacts should not be done manually, it should be done > >>> >> > automatically > >>> >> > through Maven itself. And, I don't see many apache projects doing > >>> >> > the > >>> >> > same > >>> >> > as of now. > >>> >> >> > >>> >> >> Also, I think that the key used to sign the distributions doesn't > >>> >> >> meet > >>> >> >> the new requirements in terms of key type and length. > >>> >> > > >>> >> > Yes, that's a concern, the required key-lengths were revised, and > >>> >> > mentioned > >>> >> > at the very top of [1]. There were some instructions to how you > >>> >> > could > >>> >> > upgrade, if you already have a weak key. > >>> >> >> > >>> >> >> These requirements are part of the reasons why I migrated Axiom, > >>> >> >> Axis2 > >>> >> >> and Sandesha2 to the (new) standard ASF release process based on > >>> >> >> maven-release-plugin and Nexus. It automates most of the stuff > and > >>> >> >> Nexus does some validation of the artifacts already when staging > >>> >> >> them. > >>> >> >> I think we should migrate Rampart as well, at least for the next > >>> >> >> release. > >>> >> > > >>> >> > So, have you got the Maven Release plugin to sign artifacts as > >>> >> > mentioned, > >>> >> > plus upload them to ASF's Maven repositories in a single go? > >>> >> > >>> >> Yes. Here are the documents that explain how this is executed for > >>> >> Axiom and Axis2: > >>> >> > >>> >> http://ws.apache.org/axiom/devguide/ch02.html#d0e326 > >>> >> http://axis.apache.org/axis2/java/core/release-process.html > >>> >> > >>> >> Sandesha2 pretty much sticks to the standard procedure: > >>> >> > >>> >> http://www.apache.org/dev/publishing-maven-artifacts.html > >>> >> > >>> >> As mentioned earlier, before this could be applied to Rampart, you > >>> >> would have to request inclusion of org.apache.rampart in the staging > >>> >> profile for Axis2. > >>> > > >>> > Thanks for the information. For the benefit of someone who's reading > >>> > this > >>> > mail thread, the documents that Andreas linked also explains how you > >>> > could > >>> > publish the artifacts on the staging repo etc. > >>> > > >>> > Having said that, I am yet to figure out the legitimacy (hard to find > >>> > the > >>> > people during the holiday season, :-).. ) of a release without having > >>> > the > >>> > Maven artifacts signed, for projects that are not under the Maven PMC > >>> > (I > >>> > found out that they do need something as such). > >>> > > >>> > But, as you have mentioned in your first reply to this thread, I'm +1 > >>> > for > >>> > introducing the same concepts for Rampart. My concern is that, if > these > >>> > requirements are not mandatory, we could go ahead with this release, > >>> > instead > >>> > of delaying it (some other releases, Synapse is also waiting for this > >>> > AFAIK), and fix these inconsistencies for the next release. > >>> > >>> I think these requirements are mandatory for all projects. What is > >>> sure is that if the Maven artifacts are not signed, you will get a > >>> friendly reminder about that: > >>> > >>> http://markmail.org/search/?q=%22your+MAVEN+repo+artifacts%22 > >>> > >>> We can't simply ignore this. > >>> > >>> > However, in general, everything under [1] are mandatory, and enforced > >>> > by the > >>> > ASF. > >>> > > >>> > [1] http://www.apache.org/dev/release-signing.html > >>> > > >>> > Thanks, > >>> > Senaka. > >>> >> > >>> >> > [1] http://www.apache.org/dev/release-signing.html > >>> >> > > >>> >> > Thanks, > >>> >> > Senaka. > >>> >> >> > >>> >> >> Andreas > >>> >> >> > >>> >> >> [1] http://www.apache.org/dev/release-signing.html > >>> >> >> [2] > >>> >> >> http://people.apache.org/~henkp/repo/faq.html<http://people.apache.org/%7Ehenkp/repo/faq.html> > >>> >> >> > >>> >> >> On Thu, Dec 23, 2010 at 05:37, Selvaratnam Uthaiyashankar > >>> >> >> <[email protected]> wrote: > >>> >> >> > Devs, > >>> >> >> > > >>> >> >> > This is the vote for Apache Rampart 1.5.1 release. > >>> >> >> > > >>> >> >> > Please review the signed artifacts: > >>> >> >> > > >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/dist/<http://people.apache.org/%7Eshankar/rampart/1.5.1/dist/> > >>> >> >> > > >>> >> >> > The m2 repository is available at: > >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/m2_repo/<http://people.apache.org/%7Eshankar/rampart/1.5.1/m2_repo/> > >>> >> >> > > >>> >> >> > The site is temporarily hosted at: > >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/site/<http://people.apache.org/%7Eshankar/rampart/1.5.1/site/> > >>> >> >> > > >>> >> >> > SVN Info: > >>> >> >> > > >>> >> >> > > https://svn.apache.org/repos/asf/axis/axis2/java/rampart/tags/v1.5.1 > >>> >> >> > > >>> >> >> > It was tested against Axis2 release candidates hosted in: > >>> >> >> > http://people.apache.org/~veithen/1.5.4/<http://people.apache.org/%7Eveithen/1.5.4/> > >>> >> >> > > >>> >> >> > Here's my +1 (binding) to declare the above dist as Apache > >>> >> >> > Rampart > >>> >> >> > 1.5.1 > >>> >> >> > > >>> >> >> > thanks, > >>> >> >> > Shankar > >>> >> >> > > >>> >> >> > > >>> >> >> > > --------------------------------------------------------------------- > >>> >> >> > To unsubscribe, e-mail: [email protected] > >>> >> >> > For additional commands, e-mail: [email protected] > >>> >> >> > > >>> >> >> > > >>> >> >> > >>> >> >> > >>> >> >> > --------------------------------------------------------------------- > >>> >> >> To unsubscribe, e-mail: [email protected] > >>> >> >> For additional commands, e-mail: [email protected] > >>> >> >> > >>> >> > > >>> >> > > >>> >> > > >>> >> > -- > >>> >> > Senaka Fernando > >>> >> > Member; Apache Software Foundation; http://apache.org > >>> >> > > >>> >> > Associate Technical Lead & Product Manager - WSO2 G-Reg; > >>> >> > WSO2, Inc.; http://wso2.com > >>> >> > > >>> >> > E-mail: senaka AT apache.org > >>> >> > P: +94 11 223 2481; M: +94 77 322 1818 > >>> >> > Linked-In: http://www.linkedin.com/in/senakafernando > >>> >> > Blog: http://senakafdo.blogspot.com > >>> >> > > >>> >> > > >>> >> > >>> >> > --------------------------------------------------------------------- > >>> >> To unsubscribe, e-mail: [email protected] > >>> >> For additional commands, e-mail: [email protected] > >>> >> > >>> >> -- > >>> >> Senaka Fernando > >>> >> Member; Apache Software Foundation; http://apache.org > >>> >> > >>> >> Associate Technical Lead & Product Manager - WSO2 G-Reg; > >>> >> WSO2, Inc.; http://wso2.com > >>> >> > >>> >> E-mail: senaka AT apache.org > >>> >> P: +94 11 223 2481; M: +94 77 322 1818 > >>> >> Linked-In: http://www.linkedin.com/in/senakafernando > >>> >> Blog: http://senakafdo.blogspot.com > >>> >> > >>> >> > >>> >> > >>> > > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [email protected] > >>> For additional commands, e-mail: [email protected] > >>> > >> > >> > >> > >> -- > >> Senaka Fernando > >> Member; Apache Software Foundation; http://apache.org > >> > >> Associate Technical Lead & Product Manager - WSO2 G-Reg; > >> WSO2, Inc.; http://wso2.com > >> > >> E-mail: senaka AT apache.org > >> P: +94 11 223 2481; > >> M: +94 77 322 1818 > >> Linked-In: http://www.linkedin.com/in/senakafernando > >> Blog: > >> http://senakafdo.blogspot.com > >> > >> -- > >> Senaka Fernando > >> Member; Apache Software Foundation; > >> http://apache.org > >> > >> Associate Technical Lead & Product Manager - WSO2 G-Reg; > >> WSO2, Inc.; http://wso2.com > >> > >> E-mail: senaka AT apache.org > >> P: +94 11 223 2481; M: +94 77 322 1818 > >> Linked-In: http://www.linkedin.com/in/senakafernando > >> Blog: http://senakafdo.blogspot.com > >> > >> > >> > > > > > > -- > S.Uthaiyashankar > Senior Architect & Senior Manager > WSO2 Inc. > http://wso2.com/ - "lean . enterprise . middleware" > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- *Senaka Fernando* Member; Apache Software Foundation; http://apache.org * Associate Technical Lead & Product Manager - WSO2 G-Reg; WSO2, Inc.; http://wso2.com** <http://apache.org/> E-mail: senaka AT apache.org **P: +94 11 223 2481*; *M: +94 77 322 1818 Linked-In: http://www.linkedin.com/in/senakafernando Blog: http://senakafdo.blogspot.com *
