Resources:
https://infra.apache.org/release-signing.html#valid-untrusted-vs-invalid-trusted
https://infra.apache.org/release-signing.html#web-of-trust
Best,
Dave
> On Mar 18, 2022, at 1:45 PM, Interrante, John A (GE Research, US)
> wrote:
>
> Yes, it's either that or it's even simpler than
Yes, it's either that or it's even simpler than that. I see the same warning
when verifying Mike's signature:
interran@GH3WPL13E:/u/Downloads$ gpg --verify apache-daffodil-3.2.1-src.zip.asc
apache-daffodil-3.2.1-src.zip
gpg: Signature made Mon Dec 20 09:18:16 2021 PST
gpg:
I think 2664 is a legit bug with fix. We reverted an earlier change to fix
this.
On Fri, Mar 18, 2022 at 4:34 PM Interrante, John A (GE Research, US) <
john.interra...@ge.com> wrote:
> I'll remove the "not a bug" issues from the release notes.
>
> Mike identified
Mike you probably participated in a Keysigning party and John has not.
Look up keysigning on www.Apache.org and have a “party” to sign his key. If
that’s not possible right now that’s ok.
Sent from my iPhone
> On Mar 18, 2022, at 1:27 PM, Mike Beckerle wrote:
>
> When verifying GPG
I'll remove the "not a bug" issues from the release notes.
Mike identified https://issues.apache.org/jira/browse/DAFFODIL-2618 as a "not a
bug" and I concur.
I've looked at the other issues; should
https://issues.apache.org/jira/browse/DAFFODIL-2664 fall into the "not a bug"
category since
When verifying GPG signatures recently I got this warning:
gpg --verify ./apache-daffodil-3.3.0-1.noarch.rpm.asc
./apache-daffodil-3.3.0-1.noarch.rpm
gpg: Signature made Thu 17 Mar 2022 04:12:45 PM EDT
gpg:using RSA key 85849EC0374262C7110CA74404A735FC1A36AE84
gpg: Good signature
+1
I ran tests of 60+ regression test schemas which passed. I also tested
against a few very new schemas that are large and quite complex and
they passed.
I reviewed the release notes.
I downloaded all the artifacts and verified the signatures (after
remembering to import John I's public gpg
Since this vote closes sunday, and I won't have further test time before
then, I have to vote now.
Voting -1
I couldn't get the convenience binary .vsix file to work to debug EDIFACT
with a breakpoint in the 2nd file of the schema.
I went so far as to uninstall the older extension, shut down
Yeah, it looks like FileDocumentPart had this same behavior of returning
-1 for files in jars as far back as I can find. So likely at somepoint
we just started requiring a length. That's a bit harder to find where we
did that, but ideally we can get rid of this -1 thing and get lengths of
This means when using IntelliJ IDEA, running tests, the TDML runner is NOT
doing the jar export and then looking inside them.
Ok. I guess I believe that.
A TDML runner change must have happened between 3.0.0 and 3.1.0 creating
this vulnerability, because it doesn't happen in 3.0.0.
There are a
Using EDIFACT, modifying the build.sbt to have exportJars := true.
Java 17, sbt 1.6.2,
Using daffodil 2.6.0
sbt clean test - all works
Using daffodil 3.0.0
sbt clean test - all works
Using daffodil 3.1.0 (or seemingly anything newer)
sbt clean test - fails Abort: Usage error:
Hmm, I think this is just a bug in the Daffodil TDML runner related to
documentPart's with type="file":
https://github.com/apache/daffodil/blob/main/daffodil-tdml-lib/src/main/scala/org/apache/daffodil/tdml/TDMLRunner.scala#L2249-L2262
When exportJars is true, findTDMLResource for the file
I was also able to recreate this error in the CSV repo by adding the
"exportJars := true" (note: false doesn't cause this error),
and updating the Daffodil version to the last commit before the RC
commit (i.e 613c2b0c077f56dbb425e7ebab1a2d154cbdbd06).
so:
exportJars :=true
There isn't a lot of documentation specific to the Daffodil website. But
it is built using Jekyll, which has decent documentation:
https://jekyllrb.com/docs/
Specifically for Daffodil releases, the releases.md file defines the
main page (https://daffodil.apache.org/releases/) which lists
Is there somewhere that has documentation on how to do?
On 2022/03/18 12:06:16 Steve Lawrence wrote:
> I haven't reviewed the release yet, but ASF requires a page on
> daffodil.apache.org that has links to downloads/hashes/keys/etc. It
> doesn't have to be done the same way we do Daffodil
I tried many things, including clean git clones of all related repos. This
problem is a very bizarre interaction.
The fact that the tests ran flawlessly under intelliJ IDEA, but failed
running sbt from the command line
I searched for sbt bugs related to exportJars. I did find
I can confirm that at least sbt clean does not resolve the issue. Didn't try a
got clean, although I had just cloned the repo in question so I don't think it
had gotten dirty in anyway either.
Josh
On Mar 18, 2022 1:22 PM, Steve Lawrence wrote:
That's surprising to me. All that exportJars is
That's surprising to me. All that exportJars is supposed to to do is
include or not include certains files on the class path and use packages
jars instead.
And that assertion that is failing is beacuase the length of test data
is negative, which should never happen and I don't know how
We noticed that only when running "sbt test" in schema projects with the
exportJar setting, the error below was generated resulting in failure of
all the tests. Note that running the same tests via IntelliJ/Junit
didn't reproduce this error, and the error was isolated to using sbt to
run the
It looks like your "interran" account has access. Not sure which one you
use, but I also added your "jinterrante" account as an admin.
On 3/18/22 12:31 PM, Interrante, John A (GE Research, US) wrote:
Steve, I think the same JIRA problem (no permission) exists on Confluence too.
I've looked
Steve, I think the same JIRA problem (no permission) exists on Confluence too.
I've looked carefully but I can't find an Edit link in the Release Workflow
page:
https://cwiki.apache.org/confluence/display/DAFFODIL/Release+Workflow
John
P.S. I apologize for addressing only PMC members in my
Hi PMC members,
I'd like to call a vote to release Apache Daffodil 3.3.0-rc1.
All distribution packages, including signatures, digests, etc. can be
found at:
https://dist.apache.org/repos/dist/dev/daffodil/3.3.0-rc1/
Staging artifacts can be found at:
There are many people asking for various fixes to Daffodil.
You can certainly get the priority of a particular fix/feature increased by
advocating for it on dev or users mailing lists.
But,... (my recruiting hat on now... you know what is coming...) you could
also contribute the fix (and a test
I haven't reviewed the release yet, but ASF requires a page on
daffodil.apache.org that has links to downloads/hashes/keys/etc. It
doesn't have to be done the same way we do Daffodil releases pages, but
that's mostly just a template with a .md page for each release so
copying that and making
I think I've added you (and all other PMC members) to the appropriate
roles to manage Jira. You should be able to bulk edit and add new
releases now.
Yes, that release notes page looks like a much better approach to
creating the site information. Could you update the release workflow
with
Mike
Appreciate the suggested workaround. I did incorporate/test your snippet
per Mar 16, 2022 at 12:21 PM [below] w/ following anticipated results:
[1]Satellite numbers w/ leading whitespace(s) yields lossless unparse
results.
[2]Satellite numbers w/ leading zero(s) or whitespace(s)+zero(s)
I know you're preparing to release 3.3.0.
When do think this issue might be resolved? Which point release are you
targeting?
On a related subject, Daffodil implements a subset of XPATH function.
Might dev-team consider implementing all XPATH functions in lieu of
workarounds?
Thx in advance -
27 matches
Mail list logo
