It was reported in the general incubator list that the sha files should be
named sha1 or sha512 … a quick check of the man page of the sha-tool names 512
as algorithm version. So, I renamed the files to the sha512 dale suggested
earlier.
Chris
Am 09.12.17, 22:43 schrieb "Christofer Dutz"
Thanks for the clarifications.
Is there any way to disable the changelog stuff - or some way to run the tests
with code coverage and get aggregated html reports when building from a source
release bundle?
Re Nexus, restating just to be sure I understand: the release process’s “mvn
deploy”
I was able to successfully perform almost all of the validation on the source
bundle that I wanted to:
- basically followed the non-RM, non-binary items in [6]
downloaded, checked signatures/sums, checked identical tar.gz / zip contents
verified LICENSE, NOTICE, DISCLAIMER, RELEASE_NOTES,
Interesting re the sha. The updates regarding sha naming are pretty recent -
last 6months or so.
So, they’re just wrong / not compatible with the real world and/or nexus
generated info?
Actually, I suspect it’s OK to just ignore nexus with respect to this - i.e.,
it has it’s own naming
scheme
Ok … so I removed all the distribution and the „tests“-modules from the staging
repo.
Chris
Am 07.12.17, 10:00 schrieb "Christofer Dutz" :
Hi Dale,
I added the zip and then noticed that the tag.gz did have some “next” and
“current” pom copies inside.
Hi Dale,
I added the zip and then noticed that the tag.gz did have some “next” and
“current” pom copies inside. So, I had a look at my original and they didn’t
have them, so I updated the tar.gz and its hashes.
Also, I did rename the sha512 back to sha as SHA is the algorithm … you usually
Agreed on all points regarding the zip.
Since you offered, I updated the scripts to require it and the sha512 noted
below :-)
The verification includes verifying the tar.gz and zip contents are the same.
On another topic, [1] says the suffix MUST be sha512 for a SHA 512 sum (which
in fact is
Hi,
> Regarding the pgp issue i guess you have to Import my Key somehow. But i'm No
> expert on that. My key should be valid judging from the number of Apaches
> that signed it. Eventually there is no path of trust and you need to import
> it manually.
The warning is fine - it just means that
Subject: Re: [DISCUSS] validating Apache Edgent (Incubating) 1.2.0 RC1
I’ll pull of that trust thread, thx.
Another question re RC1:
-Papache-release also generates a zip. I had expected we’d be releasing that
too but it isn’t staged.
At this time I’m fine if we just continue 1.2.0 with onl
uld be valid judging from the number of Apaches
>> that signed it. Eventually there is no path of trust and you need to import
>> it manually.
>>
>> Chris
>>
>> Outlook for Android<https://aka.ms/ghei36> herunterladen
>>
>> ___
017 5:31:03 PM
To: dev@edgent.apache.org
Subject: Re: [DISCUSS] validating Apache Edgent (Incubating) 1.2.0 RC1
I hear your pain :-)
FWIW, I did import your key using the (possibly incomplete?) directions
reported by the script.
That’s why I was wondering if you saw the same thing for 1.2.0 and 1.1.
tlook for Android<https://aka.ms/ghei36> herunterladen
>
>
> From: Dale LaBossiere <dml.apa...@gmail.com>
> Sent: Wednesday, December 6, 2017 5:08:27 PM
> To: dev@edgent.apache.org
> Subject: Re: [DISCUSS] validating Apache Edgent (Incubating) 1.2.0 RC1
>
&g
7 5:08:27 PM
To: dev@edgent.apache.org
Subject: Re: [DISCUSS] validating Apache Edgent (Incubating) 1.2.0 RC1
Thx re the nexus content.
I’m getting a gpg warning validating the 1.2.0RC1 bundle signature that I don’t
get when downloading/validating 1.1.0.
Might your KEY changes have an issue o
Thx re the nexus content.
I’m getting a gpg warning validating the 1.2.0RC1 bundle signature that I don’t
get when downloading/validating 1.1.0.
Might your KEY changes have an issue or you didn’t “published” your key or such?
Or maybe it’s just that with 1.1.0 I’m just validating something that I
Hi Dale,
I guess I updated the KEY manually and it seems to be ok the way it is now.
Regarding stuff in Nexus, we should remove before hitting the “release” button:
- Intermediate poms are important as they are defined as “parent” of other
artifacts. Maven downloads them in order to know the
Re the KEYS, please update the file in the incubator-edgent source repo.
FWI, the 1.0.0 and 1.1.0 staging areas are empty because the "publishing the
release”
process is supposed to *move* the exact staged/voted artifacts to the release
area.
I see the our buildTools/publish_release.sh script
Hi Dale,
So, I updated the scripts, deployed the RC in the correct area (I wonder why
the other 1.0.0 and 1.1.0 areas are empty. Unfortunately, I had to test myself
to the right solution by running the scripts and fine tuning my deployment and
the scripts. But now I think we have a working
HI Dale,
as I mentioned in the other DISCUSS thread I already noticed this shortcoming.
I think the following path should be ok for us to follow:
1. I manually add my pgp key to the list in KEYS in SVN
2. I manually add the files created by the assembly plugin to SVN
3. We continue the voting
18 matches
Mail list logo