Folks so, what is the conclusion, are we going to re-pack, if so the synapse release has to be restarted with the new Rampart packs :-) for the 5th time.
Ruwan On Sat, Dec 25, 2010 at 6:43 PM, Senaka Fernando <[email protected]> wrote: > > > On Sat, Dec 25, 2010 at 3:08 PM, Selvaratnam Uthaiyashankar < > [email protected]> wrote: > >> On Sat, Dec 25, 2010 at 2:56 PM, Senaka Fernando <[email protected]> >> wrote: >> > Hi again, >> > >> > So, let's work on these changes and get the release out soon, so that >> other >> > downstream releases (Synapse etc), can get going. >> >> +1. I'll update the pom.xml and host the maven repo again. >> > > +1. FYI, I got these two links from legal@, which were two articles done > by Donald Woods, for Apache BVAL. These extend the write-up by Henk. > > [1] http://incubator.apache.org/bval/cwiki/release-setup.html > [2] http://incubator.apache.org/bval/cwiki/release-process.html > > Thanks, > Senaka. > >> >> Regards, >> Shankar >> >> >> > >> > Wish you all a Merry Christmas! >> > >> > Thanks, >> > Senaka. >> > >> > On Sat, Dec 25, 2010 at 2:48 PM, Senaka Fernando <[email protected]> >> wrote: >> >> >> >> Hi all, >> >> >> >> Andreas is correct. I discussed the issue on legal@, and the >> conclusions >> >> were to stage a Maven Repository. Also, we might need to work with >> infra@ to >> >> get the permissions etc sorted out, and we will have to use the Maven >> >> release plugin to sign the Maven artifacts. >> >> >> >> Now, Rampart and Sandesha2, should be having a nearly similar >> structure, >> >> and we should be able to follow the same approach here. >> >> >> >> Thanks, >> >> Senaka. >> >> >> >> On Sat, Dec 25, 2010 at 2:14 AM, Andreas Veithen >> >> <[email protected]> wrote: >> >>> >> >>> On Fri, Dec 24, 2010 at 16:07, Senaka Fernando <[email protected]> >> wrote: >> >>> > Hi Andreas, >> >>> > >> >>> > On Fri, Dec 24, 2010 at 2:04 PM, Andreas Veithen >> >>> > <[email protected]> >> >>> > wrote: >> >>> >> >> >>> >> On Fri, Dec 24, 2010 at 07:33, Senaka Fernando <[email protected]> >> >>> >> wrote: >> >>> >> > Hi Andreas, >> >>> >> > >> >>> >> > Many thanks for reminding. >> >>> >> > >> >>> >> > On Fri, Dec 24, 2010 at 4:54 AM, Andreas Veithen >> >>> >> > <[email protected]> >> >>> >> > wrote: >> >>> >> >> >> >>> >> >> Unfortunately, the release candidate doesn't yet meet the (new) >> ASF >> >>> >> >> requirements for a valid release :-(. See [1]: >> >>> >> >> >> >>> >> >> "Every artifact distributed by the Apache Software Foundation >> >>> >> >> should >> >>> >> >> and every new one must be accompanied by one file containing an >> >>> >> >> OpenPGP compatible ASCII armored detached signature and another >> >>> >> >> file >> >>> >> >> containing an MD5 checksum." >> >>> >> >> >> >>> >> >> Although the document doesn't mention Maven artifacts >> explicitly, >> >>> >> >> the >> >>> >> >> common interpretation [2] of this requirement is that every >> >>> >> >> individual >> >>> >> >> Maven artifact must be signed. >> >>> >> > >> >>> >> > I will get this clarified, to how this should be done. Signing >> Maven >> >>> >> > artifacts should not be done manually, it should be done >> >>> >> > automatically >> >>> >> > through Maven itself. And, I don't see many apache projects doing >> >>> >> > the >> >>> >> > same >> >>> >> > as of now. >> >>> >> >> >> >>> >> >> Also, I think that the key used to sign the distributions >> doesn't >> >>> >> >> meet >> >>> >> >> the new requirements in terms of key type and length. >> >>> >> > >> >>> >> > Yes, that's a concern, the required key-lengths were revised, and >> >>> >> > mentioned >> >>> >> > at the very top of [1]. There were some instructions to how you >> >>> >> > could >> >>> >> > upgrade, if you already have a weak key. >> >>> >> >> >> >>> >> >> These requirements are part of the reasons why I migrated Axiom, >> >>> >> >> Axis2 >> >>> >> >> and Sandesha2 to the (new) standard ASF release process based on >> >>> >> >> maven-release-plugin and Nexus. It automates most of the stuff >> and >> >>> >> >> Nexus does some validation of the artifacts already when staging >> >>> >> >> them. >> >>> >> >> I think we should migrate Rampart as well, at least for the next >> >>> >> >> release. >> >>> >> > >> >>> >> > So, have you got the Maven Release plugin to sign artifacts as >> >>> >> > mentioned, >> >>> >> > plus upload them to ASF's Maven repositories in a single go? >> >>> >> >> >>> >> Yes. Here are the documents that explain how this is executed for >> >>> >> Axiom and Axis2: >> >>> >> >> >>> >> http://ws.apache.org/axiom/devguide/ch02.html#d0e326 >> >>> >> http://axis.apache.org/axis2/java/core/release-process.html >> >>> >> >> >>> >> Sandesha2 pretty much sticks to the standard procedure: >> >>> >> >> >>> >> http://www.apache.org/dev/publishing-maven-artifacts.html >> >>> >> >> >>> >> As mentioned earlier, before this could be applied to Rampart, you >> >>> >> would have to request inclusion of org.apache.rampart in the >> staging >> >>> >> profile for Axis2. >> >>> > >> >>> > Thanks for the information. For the benefit of someone who's reading >> >>> > this >> >>> > mail thread, the documents that Andreas linked also explains how you >> >>> > could >> >>> > publish the artifacts on the staging repo etc. >> >>> > >> >>> > Having said that, I am yet to figure out the legitimacy (hard to >> find >> >>> > the >> >>> > people during the holiday season, :-).. ) of a release without >> having >> >>> > the >> >>> > Maven artifacts signed, for projects that are not under the Maven >> PMC >> >>> > (I >> >>> > found out that they do need something as such). >> >>> > >> >>> > But, as you have mentioned in your first reply to this thread, I'm >> +1 >> >>> > for >> >>> > introducing the same concepts for Rampart. My concern is that, if >> these >> >>> > requirements are not mandatory, we could go ahead with this release, >> >>> > instead >> >>> > of delaying it (some other releases, Synapse is also waiting for >> this >> >>> > AFAIK), and fix these inconsistencies for the next release. >> >>> >> >>> I think these requirements are mandatory for all projects. What is >> >>> sure is that if the Maven artifacts are not signed, you will get a >> >>> friendly reminder about that: >> >>> >> >>> http://markmail.org/search/?q=%22your+MAVEN+repo+artifacts%22 >> >>> >> >>> We can't simply ignore this. >> >>> >> >>> > However, in general, everything under [1] are mandatory, and >> enforced >> >>> > by the >> >>> > ASF. >> >>> > >> >>> > [1] http://www.apache.org/dev/release-signing.html >> >>> > >> >>> > Thanks, >> >>> > Senaka. >> >>> >> >> >>> >> > [1] http://www.apache.org/dev/release-signing.html >> >>> >> > >> >>> >> > Thanks, >> >>> >> > Senaka. >> >>> >> >> >> >>> >> >> Andreas >> >>> >> >> >> >>> >> >> [1] http://www.apache.org/dev/release-signing.html >> >>> >> >> [2] >> >>> >> >> http://people.apache.org/~henkp/repo/faq.html<http://people.apache.org/%7Ehenkp/repo/faq.html> >> >>> >> >> >> >>> >> >> On Thu, Dec 23, 2010 at 05:37, Selvaratnam Uthaiyashankar >> >>> >> >> <[email protected]> wrote: >> >>> >> >> > Devs, >> >>> >> >> > >> >>> >> >> > This is the vote for Apache Rampart 1.5.1 release. >> >>> >> >> > >> >>> >> >> > Please review the signed artifacts: >> >>> >> >> > >> >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/dist/<http://people.apache.org/%7Eshankar/rampart/1.5.1/dist/> >> >>> >> >> > >> >>> >> >> > The m2 repository is available at: >> >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/m2_repo/<http://people.apache.org/%7Eshankar/rampart/1.5.1/m2_repo/> >> >>> >> >> > >> >>> >> >> > The site is temporarily hosted at: >> >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/site/<http://people.apache.org/%7Eshankar/rampart/1.5.1/site/> >> >>> >> >> > >> >>> >> >> > SVN Info: >> >>> >> >> > >> >>> >> >> > >> https://svn.apache.org/repos/asf/axis/axis2/java/rampart/tags/v1.5.1 >> >>> >> >> > >> >>> >> >> > It was tested against Axis2 release candidates hosted in: >> >>> >> >> > http://people.apache.org/~veithen/1.5.4/<http://people.apache.org/%7Eveithen/1.5.4/> >> >>> >> >> > >> >>> >> >> > Here's my +1 (binding) to declare the above dist as Apache >> >>> >> >> > Rampart >> >>> >> >> > 1.5.1 >> >>> >> >> > >> >>> >> >> > thanks, >> >>> >> >> > Shankar >> >>> >> >> > >> >>> >> >> > >> >>> >> >> > >> --------------------------------------------------------------------- >> >>> >> >> > To unsubscribe, e-mail: [email protected] >> >>> >> >> > For additional commands, e-mail: >> [email protected] >> >>> >> >> > >> >>> >> >> > >> >>> >> >> >> >>> >> >> >> >>> >> >> >> --------------------------------------------------------------------- >> >>> >> >> To unsubscribe, e-mail: [email protected] >> >>> >> >> For additional commands, e-mail: [email protected] >> >>> >> >> >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > -- >> >>> >> > Senaka Fernando >> >>> >> > Member; Apache Software Foundation; http://apache.org >> >>> >> > >> >>> >> > Associate Technical Lead & Product Manager - WSO2 G-Reg; >> >>> >> > WSO2, Inc.; http://wso2.com >> >>> >> > >> >>> >> > E-mail: senaka AT apache.org >> >>> >> > P: +94 11 223 2481; M: +94 77 322 1818 >> >>> >> > Linked-In: http://www.linkedin.com/in/senakafernando >> >>> >> > Blog: http://senakafdo.blogspot.com >> >>> >> > >> >>> >> > >> >>> >> >> >>> >> >> --------------------------------------------------------------------- >> >>> >> To unsubscribe, e-mail: [email protected] >> >>> >> For additional commands, e-mail: [email protected] >> >>> >> >> >>> >> -- >> >>> >> Senaka Fernando >> >>> >> Member; Apache Software Foundation; http://apache.org >> >>> >> >> >>> >> Associate Technical Lead & Product Manager - WSO2 G-Reg; >> >>> >> WSO2, Inc.; http://wso2.com >> >>> >> >> >>> >> E-mail: senaka AT apache.org >> >>> >> P: +94 11 223 2481; M: +94 77 322 1818 >> >>> >> Linked-In: http://www.linkedin.com/in/senakafernando >> >>> >> Blog: http://senakafdo.blogspot.com >> >>> >> >> >>> >> >> >>> >> >> >>> > >> >>> >> >>> --------------------------------------------------------------------- >> >>> To unsubscribe, e-mail: [email protected] >> >>> For additional commands, e-mail: [email protected] >> >>> >> >> >> >> >> >> >> >> -- >> >> Senaka Fernando >> >> Member; Apache Software Foundation; http://apache.org >> >> >> >> Associate Technical Lead & Product Manager - WSO2 G-Reg; >> >> WSO2, Inc.; http://wso2.com >> >> >> >> E-mail: senaka AT apache.org >> >> P: +94 11 223 2481; >> >> M: +94 77 322 1818 >> >> Linked-In: http://www.linkedin.com/in/senakafernando >> >> Blog: >> >> http://senakafdo.blogspot.com >> >> >> >> -- >> >> Senaka Fernando >> >> Member; Apache Software Foundation; >> >> http://apache.org >> >> >> >> Associate Technical Lead & Product Manager - WSO2 G-Reg; >> >> WSO2, Inc.; http://wso2.com >> >> >> >> E-mail: senaka AT apache.org >> >> P: +94 11 223 2481; M: +94 77 322 1818 >> >> Linked-In: http://www.linkedin.com/in/senakafernando >> >> Blog: http://senakafdo.blogspot.com >> >> >> >> >> >> >> > >> >> >> >> -- >> S.Uthaiyashankar >> Senior Architect & Senior Manager >> WSO2 Inc. >> http://wso2.com/ - "lean . enterprise . middleware" >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > > -- > *Senaka Fernando* > Member; Apache Software Foundation; http://apache.org > * > Associate Technical Lead & Product Manager - WSO2 G-Reg; > WSO2, Inc.; http://wso2.com** <http://apache.org/> > > E-mail: senaka AT apache.org > **P: +94 11 223 2481*; *M: +94 77 322 1818 > Linked-In: http://www.linkedin.com/in/senakafernando > Blog: http://senakafdo.blogspot.com > * > -- Ruwan Linton Software Architect & Product Manager WSO2 Inc.; http://wso2.org Lean . Enterprise . Middleware phone: +1 408 754 7388 ext 51789 email: [email protected]; cell: +94 77 341 3097 blog: http://blog.ruwan.org linkedin: http://www.linkedin.com/in/ruwanlinton google: http://www.google.com/profiles/ruwan.linton tweet: http://twitter.com/ruwanlinton
