Just a drive-by observation: could you run rat [1] on the release and publish the report along with the release? This will check for obvious licensing issues in your code base. Publishing the rat report will make the lives of your reviewers so much simpler.
Martijn [1] http://incubator.apache.org/rat/ On Thu, Apr 2, 2009 at 3:13 AM, Todd Volkert <[email protected]> wrote: > Ok, after several iterations, I believe we're ready for another call > for a sanity check on the release candidate archives before calling > for a vote on this list (which in turn will lead to an incubator PMC > vote). You can download the files at > http://people.apache.org/~tvolkert/pivot/ > >> So the "Released Artifact" are the sources and the build system (incl >> instructions) required to produce a useful binary. The binary output >> is NOT included in the primary release artifact, but is "generated" by >> it. So; SVN --(packaging)--> Source Release --(build+package)--> >> Binary Release > > This is now exactly how it works. > >> 1. Create a target in the Ant build, that zips/tars up the SVN >> sources, not including the .svn directories. Sources in this instance >> means everything that is needed to build Pivot, except for "System >> Requirements" (listed in the README/BUILD). Ant and JDK is typical >> System Requirements, as are any external jar files that are only >> required for the build, BUT some people (like myself) prefer to have >> them part of the source dist. > > Done. This is the "dist" target. The JDK and Ant are listed as > system requirements in the BUILD file, and the NOTICE file contains > all the legal notices required by our other third party dependencies. > >> 2. That zip/tar IS your primary release artifact; >> apache-pivot-1.1-incubating.tar.gz > > Per the naming conventions I've seen in all other Apache projects, I > named this apache-pivot-1.1-incubating-src.tar.gz > >> 3. Using that zip/tar, execute another Ant target (for instance >> 'install') which compiles, jars and sticks everything into a >> 'generated/apache-pivot-1.1-incubating' directory. > > Done. This is the "install" target. It creates an > install/apache-pivot-1.1-incubating folder and zip/tar.gz files of > that folder. > >> 4. The same target could also create a zip/tar of the >> 'generated/apache-pivot-1.1-incubating', and that IS your >> supplementary binary release. > > Per the naming conventions I've seen in all other Apache projects, > this archive is called apache-pivot-1.1-incubating.tar.gz > >> 5. Ask a couple of community members to sanity check the binary >> release, and make sure it is useful. > > Developers on this list, can you please download the binary > distributions from my home directory at > http://people.apache.org/~tvolkert/pivot/ and try to use the JAR files > therein to make sure that they're ok? I will do the same. > > Mentors, can you please check out both the source archive and the > binary archive to make sure that both in in keeping with the Apache > Way? > >> 6. Let people worry about Maven distro separately. And perhaps later >> migrate to Maven build system, if you find Maven support important and >> want to simplify such process. > > Yes > >> 7. Finally, the release artifacts needs checksums and signatures. The >> PGP signature should be uploaded to at least one or two public PGP >> servers, such as pgp.mit.edu, and eventually be cross-signed in person >> with other people in Apache (for instance at an ApacheCon event). That >> creates the Apache Web of Trust. This may seem like a lot of work for >> nothing, but there are some people who takes this aspect of Apache >> very, very seriously. See >> http://www.apache.org/dev/release-signing.html for more details. > > I've uploaded my public key to both the MIT server and the SKS Network > server, as well as provided it in the KEYS file that is in the folder > listed above. All archives contain MD5 and SHA checksums, as well as > ASCII armored detached signatures. My key is not connected to the web > of trust because I have not yet attended an ApacheCon conference -- I > hope this will not hold up an incubating release. > -- Become a Wicket expert, learn from the best: http://wicketinaction.com Apache Wicket 1.3.5 is released Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.
