villebro opened a new pull request, #134:
URL: https://github.com/apache/superset-kubernetes-operator/pull/134
## Summary
The `[VOTE]` email template emitted by `scripts/release-email.sh` instructs
voters to download and verify the release candidate with:
```bash
curl -O .../source.tar.gz{,.asc,.sha512}
```
The shell expands the braces into three URLs, but curl -O applies
remote-name behavior to only the first URL. So curl saves the tarball and
streams the .asc and .sha512 responses to stdout — they print to the terminal
but never land on disk. The next step, `gpg --verify ...{.asc,}`, then fails
for every voter because the signature file doesn't exist. This was hit while
preparing the 0.1.0-rc1 vote on macOS.
This swaps `curl -O` for `curl --remote-name-all`, which uses the remote
filename for all URLs, so the tarball, signature, and checksum are all written
to disk.
## Details
- Only the multi-URL line is changed; the adjacent `curl -O .../KEYS` is a
single URL and is left as-is.
- `--remote-name-all` has been in curl since 7.19.0 (2008), so it's safe on
macOS (curl 8.x) and Linux.
- The `cp ...{,.asc,.sha512}` invocations in
`docs/contributing/releasing.md` are unaffected — cp handles multiple
brace-expanded arguments correctly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
