[
https://issues.apache.org/jira/browse/PIVOT-260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Todd Volkert updated PIVOT-260:
-------------------------------
Issue Type: Task (was: New Feature)
> Add missing resources in generated jar files, for compatibility with Apache
> Maven Repository
> --------------------------------------------------------------------------------------------
>
> Key: PIVOT-260
> URL: https://issues.apache.org/jira/browse/PIVOT-260
> Project: Pivot
> Issue Type: Task
> Components: project
> Reporter: Sandro Martini
> Priority: Minor
> Fix For: 1.4
>
>
> To publish Pivot jars in the main Apache Maven Repository, some files must be
> added inside jars (under a META-INF directory), the full discussion thread on
> our mailing list here:
> http://markmail.org/message/33a74zxgod4wbovh?q=News+on+Pivot+jars+published+via+Maven
> Our build file should be modified, to include this.
> And maybe renewing our self-signing certificate could be useful, too.
> Extract:
> ASF projects can get their artifacts published in the central Maven
> repository (eg http://repo2.maven.org/maven2/) by copying them to
> http://people.apache.org/repo/m2-ibiblio-rsync-repository/ which
> automatically syncs with the central repo.
> To do that on people.apache.org copy them to
> /x1/www/people.apache.org/repo/m2-ibiblio-rsync-repository.
> All committers should have access to do that, via ssh.
> Each artifact MUST have been voted on by a PMC and comply with all the
> release requirements like having LICENSE, NOTICE, DISCLAIMER files, be
> signed, and indicate they're incubating artifacts in the name eg by including
> the "-incubating" suffix in the artifact name. A common way of getting that
> vote done is by including the artifacts to be published in a staging area
> which is pointed to in the release VOTE.
> Signed in Apache jargong only means ".asc" files. Those are so called
> detached PGP signatures, and from that it is possible to verify authenticity
> of artifacts published.
> See http://www.apache.org/info/verification.html for more info, and perhaps
> you are interested in http://www.apache.org/dev/release-signing.html as well
> in case you end up cutting the releases. Once the troubled server (Minotaur?)
> is back up and working properly again, you will also find interesting data at
> http://www.apache.org/~henkp/trust/apache.html (or there about).
> Maven wants the POMs to be present, but succeeds even without them.
> Maven also have deployment tools, so once the release is properly cut, the
> publishing to Maven central will go via a "mvn deploy:deploy-file" which if
> it is not given a POM will create a skeletal one, which I think for our usage
> is good enough (we don't
> have dependencies).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
