Re: Dubbo release candidate

Hi, >> - The binary LICENSE fails to mention FastJSON (but as this is ALv2 it’s not >> required) Not this will make the connivance binary LICENSE file different to >> the source LICENSE file > > FastJSON should not be part of the binary release, should be caused by a bug > of filters, i will

Re: Dubbo release candidate

> - The binary LICENSE fails to mention FastJSON (but as this is ALv2 it’s not > required) Not this will make the connivance binary LICENSE file different to > the source LICENSE file FastJSON should not be part of the binary release, should be caused by a bug of filters, i will remove it. >

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On Thu, May 10, 2018 at 3:25 PM, Roman Shaposhnik wrote: > On Thu, May 10, 2018 at 9:50 AM, Julian Hyde wrote: > > In other words, there are several ways to prove that a binary release is > WRONG but (to Greg’s point) there is no way to prove it RIGHT. >

Re: Dubbo release candidate

Hi, On Fri, May 11, 2018 at 12:05 PM, Justin Mclean wrote: > Hi, > > I saw that a release candidate has been put up here [1] and I had a quick > look at it. It looks good to me with a couple of minor issues: > - The binary LICENSE fails to mention FastJSON (but as this

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Hi, Looking at the release candidate just made both the license and notice for the source release and the connivance binary are going to be just about identical as there's only 2 3rd party jars included and none of the other jars contain 3rd party code (other than what is mentioned in

Dubbo release candidate

Hi, I saw that a release candidate has been put up here [1] and I had a quick look at it. It looks good to me with a couple of minor issues: - The binary LICENSE fails to mention FastJSON (but as this is ALv2 it’s not required) Not this will make the connivance binary LICENSE file different to

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Hi, >> As a mentor, I strongly advise against podlings making binary releases, >> especially for the first release. >> It’s difficult enough to get L correct for source releases, and when a >> binary release is being make >> at the same time with necessarily different L, the PPMC tend to get

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Hi, > There is NO WAY to verify a binary. Even compiling from source to binary on > your machine, and trying to compare against a target binary will generally > fail since timestamps are embedded. Or maybe there are different compilers > being used. As per ASF policy a connivance binary can be

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On Thu, May 10, 2018 at 9:50 AM, Julian Hyde wrote: > In other words, there are several ways to prove that a binary release is > WRONG but (to Greg’s point) there is no way to prove it RIGHT. That's actually a great way to put it. > As a mentor, I strongly advise against

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

In other words, there are several ways to prove that a binary release is WRONG but (to Greg’s point) there is no way to prove it RIGHT. As a mentor, I strongly advise against podlings making binary releases, especially for the first release. It’s difficult enough to get L correct for source

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On 10 May 2018 at 16:56, Matt Sicker wrote: > I still minimally require proper gpg signatures on binary artifacts. The > source artifacts are what get far more scrutiny, but the binaries are > released on apache.org after all. +1 It may also be possible to verify that the

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

I still minimally require proper gpg signatures on binary artifacts. The source artifacts are what get far more scrutiny, but the binaries are released on apache.org after all. On 10 May 2018 at 10:20, Roman Shaposhnik wrote: > On Thu, May 10, 2018 at 4:17 AM, sebb

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On Thu, May 10, 2018 at 4:17 AM, sebb wrote: > On 10 May 2018 at 11:37, Greg Stein wrote: >> On Thu, May 10, 2018 at 3:31 AM, Huxing Zhang wrote: >> >>> Hi, >>> >>> On Thu, May 10, 2018 at 3:59 PM, Willem Jiang >>>

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On 10 May 2018 at 11:37, Greg Stein wrote: > On Thu, May 10, 2018 at 3:31 AM, Huxing Zhang wrote: > >> Hi, >> >> On Thu, May 10, 2018 at 3:59 PM, Willem Jiang >> wrote: >> > Is there any plan for going through the vote process of

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On Thu, May 10, 2018 at 3:31 AM, Huxing Zhang wrote: > Hi, > > On Thu, May 10, 2018 at 3:59 PM, Willem Jiang > wrote: > > Is there any plan for going through the vote process of Binary file? > > Yes, binaries will also go through the vote process.

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Is there any plan for going through the vote process of Binary file? Normally there are lots of work on the License files of Binary durning the first release. Maybe we should need to vote the binary file as well. Willem Jiang Blog: http://willemjiang.blogspot.com (English)