On Tue, Dec 28, 2010 at 3:30 AM, Andreas Veithen <[email protected]> wrote: > It's actually not difficult at all to set this up correctly. Here is > what needs to be done: > > 1. Make sure that the project uses a recent version of the > org.apache:apache super-POM (which contains the relevant default > configurations for the standard Apache release process). > 2. Ask infra to add org.apache.rampart to the Axis2 staging profile > (see INFRA-3271 for corresponding the request for Sandesha2).
It is already done[1] and I am waiting for the response. Regards, Shankar [1] https://issues.apache.org/jira/browse/INFRA-3320 > 3. Eliminate stuff from the Rampart POMs that conflicts with the > configurations in org.apache:apache. > 4. [For the RM and other people who want to test the release process] > Set up the credentials in settings.xml as described in [1]. > 5. Test the release process, check the produced artifacts and do > whatever fixes are necessary. > > It should only take a couple of hours to do the necessary changes. The > only uncertainty is item 2, because this requires somebody from the > infra team to pick up and execute the task. > > Andreas > > [1] http://axis.apache.org/axis2/java/core/release-process.html#Pre-requisites > > On Sat, Dec 25, 2010 at 10:18, Senaka Fernando <[email protected]> wrote: >> Hi all, >> >> Andreas is correct. I discussed the issue on legal@, and the conclusions >> were to stage a Maven Repository. Also, we might need to work with infra@ to >> get the permissions etc sorted out, and we will have to use the Maven >> release plugin to sign the Maven artifacts. >> >> Now, Rampart and Sandesha2, should be having a nearly similar structure, and >> we should be able to follow the same approach here. >> >> Thanks, >> Senaka. >> >> On Sat, Dec 25, 2010 at 2:14 AM, Andreas Veithen <[email protected]> >> wrote: >>> >>> On Fri, Dec 24, 2010 at 16:07, Senaka Fernando <[email protected]> wrote: >>> > Hi Andreas, >>> > >>> > On Fri, Dec 24, 2010 at 2:04 PM, Andreas Veithen >>> > <[email protected]> >>> > wrote: >>> >> >>> >> On Fri, Dec 24, 2010 at 07:33, Senaka Fernando <[email protected]> >>> >> wrote: >>> >> > Hi Andreas, >>> >> > >>> >> > Many thanks for reminding. >>> >> > >>> >> > On Fri, Dec 24, 2010 at 4:54 AM, Andreas Veithen >>> >> > <[email protected]> >>> >> > wrote: >>> >> >> >>> >> >> Unfortunately, the release candidate doesn't yet meet the (new) ASF >>> >> >> requirements for a valid release :-(. See [1]: >>> >> >> >>> >> >> "Every artifact distributed by the Apache Software Foundation should >>> >> >> and every new one must be accompanied by one file containing an >>> >> >> OpenPGP compatible ASCII armored detached signature and another file >>> >> >> containing an MD5 checksum." >>> >> >> >>> >> >> Although the document doesn't mention Maven artifacts explicitly, >>> >> >> the >>> >> >> common interpretation [2] of this requirement is that every >>> >> >> individual >>> >> >> Maven artifact must be signed. >>> >> > >>> >> > I will get this clarified, to how this should be done. Signing Maven >>> >> > artifacts should not be done manually, it should be done >>> >> > automatically >>> >> > through Maven itself. And, I don't see many apache projects doing the >>> >> > same >>> >> > as of now. >>> >> >> >>> >> >> Also, I think that the key used to sign the distributions doesn't >>> >> >> meet >>> >> >> the new requirements in terms of key type and length. >>> >> > >>> >> > Yes, that's a concern, the required key-lengths were revised, and >>> >> > mentioned >>> >> > at the very top of [1]. There were some instructions to how you could >>> >> > upgrade, if you already have a weak key. >>> >> >> >>> >> >> These requirements are part of the reasons why I migrated Axiom, >>> >> >> Axis2 >>> >> >> and Sandesha2 to the (new) standard ASF release process based on >>> >> >> maven-release-plugin and Nexus. It automates most of the stuff and >>> >> >> Nexus does some validation of the artifacts already when staging >>> >> >> them. >>> >> >> I think we should migrate Rampart as well, at least for the next >>> >> >> release. >>> >> > >>> >> > So, have you got the Maven Release plugin to sign artifacts as >>> >> > mentioned, >>> >> > plus upload them to ASF's Maven repositories in a single go? >>> >> >>> >> Yes. Here are the documents that explain how this is executed for >>> >> Axiom and Axis2: >>> >> >>> >> http://ws.apache.org/axiom/devguide/ch02.html#d0e326 >>> >> http://axis.apache.org/axis2/java/core/release-process.html >>> >> >>> >> Sandesha2 pretty much sticks to the standard procedure: >>> >> >>> >> http://www.apache.org/dev/publishing-maven-artifacts.html >>> >> >>> >> As mentioned earlier, before this could be applied to Rampart, you >>> >> would have to request inclusion of org.apache.rampart in the staging >>> >> profile for Axis2. >>> > >>> > Thanks for the information. For the benefit of someone who's reading >>> > this >>> > mail thread, the documents that Andreas linked also explains how you >>> > could >>> > publish the artifacts on the staging repo etc. >>> > >>> > Having said that, I am yet to figure out the legitimacy (hard to find >>> > the >>> > people during the holiday season, :-).. ) of a release without having >>> > the >>> > Maven artifacts signed, for projects that are not under the Maven PMC (I >>> > found out that they do need something as such). >>> > >>> > But, as you have mentioned in your first reply to this thread, I'm +1 >>> > for >>> > introducing the same concepts for Rampart. My concern is that, if these >>> > requirements are not mandatory, we could go ahead with this release, >>> > instead >>> > of delaying it (some other releases, Synapse is also waiting for this >>> > AFAIK), and fix these inconsistencies for the next release. >>> >>> I think these requirements are mandatory for all projects. What is >>> sure is that if the Maven artifacts are not signed, you will get a >>> friendly reminder about that: >>> >>> http://markmail.org/search/?q=%22your+MAVEN+repo+artifacts%22 >>> >>> We can't simply ignore this. >>> >>> > However, in general, everything under [1] are mandatory, and enforced by >>> > the >>> > ASF. >>> > >>> > [1] http://www.apache.org/dev/release-signing.html >>> > >>> > Thanks, >>> > Senaka. >>> >> >>> >> > [1] http://www.apache.org/dev/release-signing.html >>> >> > >>> >> > Thanks, >>> >> > Senaka. >>> >> >> >>> >> >> Andreas >>> >> >> >>> >> >> [1] http://www.apache.org/dev/release-signing.html >>> >> >> [2] http://people.apache.org/~henkp/repo/faq.html >>> >> >> >>> >> >> On Thu, Dec 23, 2010 at 05:37, Selvaratnam Uthaiyashankar >>> >> >> <[email protected]> wrote: >>> >> >> > Devs, >>> >> >> > >>> >> >> > This is the vote for Apache Rampart 1.5.1 release. >>> >> >> > >>> >> >> > Please review the signed artifacts: >>> >> >> > >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/dist/ >>> >> >> > >>> >> >> > The m2 repository is available at: >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/m2_repo/ >>> >> >> > >>> >> >> > The site is temporarily hosted at: >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/site/ >>> >> >> > >>> >> >> > SVN Info: >>> >> >> > >>> >> >> > https://svn.apache.org/repos/asf/axis/axis2/java/rampart/tags/v1.5.1 >>> >> >> > >>> >> >> > It was tested against Axis2 release candidates hosted in: >>> >> >> > http://people.apache.org/~veithen/1.5.4/ >>> >> >> > >>> >> >> > Here's my +1 (binding) to declare the above dist as Apache Rampart >>> >> >> > 1.5.1 >>> >> >> > >>> >> >> > thanks, >>> >> >> > Shankar >>> >> >> > >>> >> >> > >>> >> >> > --------------------------------------------------------------------- >>> >> >> > To unsubscribe, e-mail: [email protected] >>> >> >> > For additional commands, e-mail: [email protected] >>> >> >> > >>> >> >> > >>> >> >> >>> >> >> >>> >> >> --------------------------------------------------------------------- >>> >> >> To unsubscribe, e-mail: [email protected] >>> >> >> For additional commands, e-mail: [email protected] >>> >> >> >>> >> > >>> >> > >>> >> > >>> >> > -- >>> >> > Senaka Fernando >>> >> > Member; Apache Software Foundation; http://apache.org >>> >> > >>> >> > Associate Technical Lead & Product Manager - WSO2 G-Reg; >>> >> > WSO2, Inc.; http://wso2.com >>> >> > >>> >> > E-mail: senaka AT apache.org >>> >> > P: +94 11 223 2481; M: +94 77 322 1818 >>> >> > Linked-In: http://www.linkedin.com/in/senakafernando >>> >> > Blog: http://senakafdo.blogspot.com >>> >> > >>> >> > >>> >> >>> >> --------------------------------------------------------------------- >>> >> To unsubscribe, e-mail: [email protected] >>> >> For additional commands, e-mail: [email protected] >>> >> >>> >> -- >>> >> Senaka Fernando >>> >> Member; Apache Software Foundation; http://apache.org >>> >> >>> >> Associate Technical Lead & Product Manager - WSO2 G-Reg; >>> >> WSO2, Inc.; http://wso2.com >>> >> >>> >> E-mail: senaka AT apache.org >>> >> P: +94 11 223 2481; M: +94 77 322 1818 >>> >> Linked-In: http://www.linkedin.com/in/senakafernando >>> >> Blog: http://senakafdo.blogspot.com >>> >> >>> >> >>> >> >>> > >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >> >> >> >> -- >> Senaka Fernando >> Member; Apache Software Foundation; http://apache.org >> >> Associate Technical Lead & Product Manager - WSO2 G-Reg; >> WSO2, Inc.; http://wso2.com >> >> E-mail: senaka AT apache.org >> P: +94 11 223 2481; M: +94 77 322 1818 >> Linked-In: http://www.linkedin.com/in/senakafernando >> Blog: http://senakafdo.blogspot.com >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- S.Uthaiyashankar Senior Architect & Senior Manager WSO2 Inc. http://wso2.com/ - "lean . enterprise . middleware" --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
