Re: [VOTE] Release Maven 3.1.1
+1 even if I'm late to the epic party. Love the sebbaliser, great work, and sense of humour, Jason! Dislike his lack of enthusiasm for the name. I'd have bragged about it for years if you'd called it the fredaliser :-) Unfortunately I am too busy to continue nagging. Good on sebb for picking up the slack and keeping the pressure on. On Mon, Sep 30, 2013 at 10:39 PM, Robert Scholte rfscho...@apache.orgwrote: +1 Op Wed, 25 Sep 2013 17:22:45 +0200 schreef Jason van Zyl ja...@tesla.io: Anyone else going to give the release a whirl? On Sep 17, 2013, at 8:39 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/**secure/ReleaseNote.jspa?** projectId=10500version=18968https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/**content/repositories/maven-**065/https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/**content/repositories/maven-** 065/org/apache/maven/apache-**maven/3.1.1/https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/**content/repositories/maven-** 065/org/apache/maven/apache-**maven/3.1.1/apache-maven-3.1.**1-bin.ziphttps://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/**content/repositories/maven-** 065/org/apache/maven/apache-**maven/3.1.1/apache-maven-3.1.** 1-bin.tar.gzhttps://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/**content/repositories/maven-** 065/org/apache/maven/apache-**maven/3.1.1/apache-maven-3.1.**1-src.ziphttps://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/**content/repositories/maven-** 065/org/apache/maven/apache-**maven/3.1.1/apache-maven-3.1.** 1-src.tar.gzhttps://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b** 72cd57ed4d Staging site: http://people.apache.org/~**jvanzyl/maven-3.1.1/http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Thanks, Jason --** Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl --**--- --**--**- To unsubscribe, e-mail: dev-unsubscribe@maven.apache.**orgdev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
+1 Regards, Hervé Le mercredi 25 septembre 2013 08:22:45 Jason van Zyl a écrit : Anyone else going to give the release a whirl? On Sep 17, 2013, at 8:39 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version= 18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/ma ven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/ma ven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/m aven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/m aven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/m aven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
+1 Op Wed, 25 Sep 2013 17:22:45 +0200 schreef Jason van Zyl ja...@tesla.io: Anyone else going to give the release a whirl? On Sep 17, 2013, at 8:39 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
+1 binding Finally gave it a shot last night after your reminder email, works well on various projects I tested it with. Wayne On Wed, Sep 25, 2013 at 5:22 PM, Jason van Zyl ja...@tesla.io wrote: Anyone else going to give the release a whirl? On Sep 17, 2013, at 8:39 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
+1 tried on Nexus builds (with modded nx plugin in build, that updates Aether to Eclipse one). On Thu, Sep 26, 2013 at 8:21 AM, Wayne Fay wayne...@gmail.com wrote: +1 binding Finally gave it a shot last night after your reminder email, works well on various projects I tested it with. Wayne On Wed, Sep 25, 2013 at 5:22 PM, Jason van Zyl ja...@tesla.io wrote: Anyone else going to give the release a whirl? On Sep 17, 2013, at 8:39 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
Greetings, On Wed, Sep 25, 2013 at 11:05 PM, Jason van Zyl ja...@tesla.io wrote: Does 3.1.0 not display this behaviour? On Sep 25, 2013, at 6:41 PM, jieryn jie...@gmail.com wrote: Archive for required library: '$HOME/.m2/repository/$GROUPID/$ARTIFACTID/$VERSION/$FINALNAME.jar' in project 'test' cannot be read or is not a valid ZIP file We've run about 2000 builds on Jenkins using 3.1.0 and none have failed in that manner. On my workstation, where I am seeing the problem, I have run perhaps thousands of builds using 3.1.0 and I don't remember seeing the problem.. Other folks are reporting these errors on the Apache Archiva mailing lists. However, without any evidence to support it, I do not think it is immediately an Archiva problem--I think it is 3.1.1. Given how seldom I have seen it, and how easy it is to fix after the fact (just rm -rf $(dirname $bad.jar)) maybe the best thing to flush out this one is to complete 3.1.1 release. - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
Did you/can you check the contents of the bad jars ? Kristian 2013/9/26 jieryn jie...@gmail.com: Greetings, On Wed, Sep 25, 2013 at 11:05 PM, Jason van Zyl ja...@tesla.io wrote: Does 3.1.0 not display this behaviour? On Sep 25, 2013, at 6:41 PM, jieryn jie...@gmail.com wrote: Archive for required library: '$HOME/.m2/repository/$GROUPID/$ARTIFACTID/$VERSION/$FINALNAME.jar' in project 'test' cannot be read or is not a valid ZIP file We've run about 2000 builds on Jenkins using 3.1.0 and none have failed in that manner. On my workstation, where I am seeing the problem, I have run perhaps thousands of builds using 3.1.0 and I don't remember seeing the problem.. Other folks are reporting these errors on the Apache Archiva mailing lists. However, without any evidence to support it, I do not think it is immediately an Archiva problem--I think it is 3.1.1. Given how seldom I have seen it, and how easy it is to fix after the fact (just rm -rf $(dirname $bad.jar)) maybe the best thing to flush out this one is to complete 3.1.1 release. - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
Anyone else going to give the release a whirl? On Sep 17, 2013, at 8:39 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
+1 Den 25. sep. 2013 17:23 skrev Jason van Zyl ja...@tesla.io følgende: Anyone else going to give the release a whirl? On Sep 17, 2013, at 8:39 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
I didn't have any problem in my tests but the release reference documentation staging is still missing: I tried to continue helping on IRC, but couldn't get in touch with you thses last 2 days Tell me if anything prevents you from publishing the doc Regards, Hervé Le mercredi 25 septembre 2013 08:22:45 Jason van Zyl a écrit : Anyone else going to give the release a whirl? On Sep 17, 2013, at 8:39 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version= 18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/ma ven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/ma ven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/m aven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/m aven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/m aven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
For the record - +1 Non Binding after I fixed my broken .m2 :) Lets roll this baby! On 26/09/2013, at 3:22 AM, Jason van Zyl ja...@tesla.io wrote: Anyone else going to give the release a whirl? -- Mark Derricutt ( m...@talios.com ) — twitter: https://twitter.com/talios — podcast: http://www.illegalargument.com — blog: http://www.theoryinpractice.net — google+: http://gplus.to/talios signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [VOTE] Release Maven 3.1.1
Greetings, On Sun, Sep 8, 2013 at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ I can not definitively say that this is because of Apache Maven 3.1.1, but I'm seeing something strange with builds since using it widely. I'm seeing errors of the type: Archive for required library: '$HOME/.m2/repository/$GROUPID/$ARTIFACTID/$VERSION/$FINALNAME.jar' in project 'test' cannot be read or is not a valid ZIP file Where I've replaced the real contents with standard $variables, because it is happening for many artifacts. I use Apache Archiva 1.4-M4, but nothing has changed on that side. The only other variable I can conceive is that sometimes I am fetching all artifacts through the corporate Apache Archiva, and other times directly from Maven central. Any ideas? - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
Does 3.1.0 not display this behaviour? On Sep 25, 2013, at 6:41 PM, jieryn jie...@gmail.com wrote: Greetings, On Sun, Sep 8, 2013 at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ I can not definitively say that this is because of Apache Maven 3.1.1, but I'm seeing something strange with builds since using it widely. I'm seeing errors of the type: Archive for required library: '$HOME/.m2/repository/$GROUPID/$ARTIFACTID/$VERSION/$FINALNAME.jar' in project 'test' cannot be read or is not a valid ZIP file Where I've replaced the real contents with standard $variables, because it is happening for many artifacts. I use Apache Archiva 1.4-M4, but nothing has changed on that side. The only other variable I can conceive is that sometimes I am fetching all artifacts through the corporate Apache Archiva, and other times directly from Maven central. Any ideas? - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
On 22/09/2013, at 9:28 AM, Jason van Zyl ja...@tesla.io wrote: A check is performed to ensure that each file in the source archive is present in the release revision Should that not be the other way around? That every file in the git clone should be in the source archive? Or vice versa, that should be neither more, or less files? Mark -- Mark Derricutt — twitter — podcast — blog — google+ signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [VOTE] Release Maven 3.1.1
On 22 September 2013 08:13, Mark Derricutt m...@talios.com wrote: On 22/09/2013, at 9:28 AM, Jason van Zyl ja...@tesla.io wrote: A check is performed to ensure that each file in the source archive is present in the release revision Should that not be the other way around? That every file in the git clone should be in the source archive? Or vice versa, that should be neither more, or less files? The point of checking the source archive against the SCM tag is to ensure that all the files in the source release have got the correct license clearance. It is assumed that license conditions are checked when content is added to SCM, because that is in the CLA signed by committers. If there are files in the SCM tag that are not in the source release, that is generally not a problem as far as licensing is concerned (thought it's possible that the NOTICE/LICENSE files might need adjusting to take account of the missing files). Of course the missing files may be important for the functioning of the code - that is a separate matter. Ideally the two file sets agree, with the possible exception of some files that only belong in SCM, e.g. .gitignore is not needed in the source archive, and it does not make much sense to release a DOAP file. There may be some other SCM-only files. But I agree any discrepancies need to be investigated. Mark -- Mark Derricutt — twitter — podcast — blog — google+ - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On 22 September 2013 05:03, Jason van Zyl ja...@tesla.io wrote: On Sep 21, 2013, at 7:44 PM, sebb seb...@gmail.com wrote: On 22 September 2013 03:09, Jason van Zyl ja...@tesla.io wrote: On Sep 21, 2013, at 6:16 PM, sebb seb...@gmail.com wrote: On 21 September 2013 23:09, Jason van Zyl ja...@tesla.io wrote: It would still be automated. However the source data would come form the vote e-mail, which makes more sense to me. If it were generated I would agree. Manually making an email is not automated or consistent. I don't care how the e-mail is created; it can be automated. What matters is that the content is understandable and complete. Ok, then we agree. We should try to keep the vote email threads for the votes. I think what you asked for was the impetus for the tool I made and it helped do a more complete audit than I've ever done manually. But the SCM coordinates are not a requirement for the release email currently and if we're going to discuss that then we probably shouldn't hijack the vote threads which we both just did. I don't believe it's hijacking the vote e-mail to point out that it is missing vital information. But the subsequent discussion has certainly veered off-topic. Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
Sent from my iPad On Sep 22, 2013, at 4:41 PM, sebb seb...@gmail.com wrote: On 22 September 2013 05:03, Jason van Zyl ja...@tesla.io wrote: On Sep 21, 2013, at 7:44 PM, sebb seb...@gmail.com wrote: On 22 September 2013 03:09, Jason van Zyl ja...@tesla.io wrote: On Sep 21, 2013, at 6:16 PM, sebb seb...@gmail.com wrote: On 21 September 2013 23:09, Jason van Zyl ja...@tesla.io wrote: It would still be automated. However the source data would come form the vote e-mail, which makes more sense to me. If it were generated I would agree. Manually making an email is not automated or consistent. I don't care how the e-mail is created; it can be automated. What matters is that the content is understandable and complete. Ok, then we agree. We should try to keep the vote email threads for the votes. I think what you asked for was the impetus for the tool I made and it helped do a more complete audit than I've ever done manually. But the SCM coordinates are not a requirement for the release email currently and if we're going to discuss that then we probably shouldn't hijack the vote threads which we both just did. I don't believe it's hijacking the vote e-mail to point out that it is missing vital information. But the subsequent discussion has certainly veered off-topic. It is if the topic has been discussed before on other vote threads and/or the PMC has made a decision about what is required and it is not in conflict with any ASF published policy. If you believe the PMC is in error than as an ASF member you are free to bring that topic up on the PMC list or as a separate thread here. Bringing it up on every vote thread borders on trolling IMO, even if you are 100% correct in what you believe should be done. Ralph - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
You will now be infamous :-) https://github.com/jvanzyl/sebbalizer If you don't like the name, happy to change it. I thought it was appropriate and meant as a compliment for being thorough. With a given staging URL, groupId, artifact, and version it will retrieve the source archive, and binary archive and the corresponding SHA1s and validates the SHA1s are right. It unpacks both the archives, digs into the binary archive to find the maven-core JAR to retrieve the build.properties which contains the SHA1 of the release revision from which the source archive was made. A git clone is performed and moved to the release revision. A check is performed to ensure that each file in the source archive is present in the release revision and that the SHA1 of the each file in the source archive matches the SHA1 of the file from the corresponding release revision. So for this release using the Sebbalizer I only found the DEPENDENCIES file to not exist in the release revision, every other file I consider valid and verified. I believe that for this release no errant files slipped in and it's good. People should review the code. I spent an hour on this by yanking a bunch of stuff together so it might very well have errors. I have one hardcoded url for the Git repository but I'll pull that out of the POM and then hopefully it can be used generally to validate source archives for releases. On Sep 20, 2013, at 5:40 PM, sebb seb...@gmail.com wrote: On 17 September 2013 16:39, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d The full scm coordinates are needed. The pom includes the git URL and tag, but that is not immutable. Exactly the same tag was used for the previous vote. To identify the source archive uniquely, additional info such as a hash is needed, so the hash is now included in the vote e-mail. The same applies to the SCM tag. Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
On 21 September 2013 22:28, Jason van Zyl ja...@tesla.io wrote: You will now be infamous :-) https://github.com/jvanzyl/sebbalizer If you don't like the name, happy to change it. I thought it was appropriate and meant as a compliment for being thorough. Thanks, but no thanks. Sorry, but I don't like the association. With a given staging URL, groupId, artifact, and version it will retrieve the source archive, and binary archive and the corresponding SHA1s and validates the SHA1s are right. It unpacks both the archives, digs into the binary archive to find the maven-core JAR to retrieve the build.properties which contains the SHA1 of the release revision from which the source archive was made. A git clone is performed and moved to the release revision. A check is performed to ensure that each file in the source archive is present in the release revision and that the SHA1 of the each file in the source archive matches the SHA1 of the file from the corresponding release revision. So for this release using the Sebbalizer I only found the DEPENDENCIES file to not exist in the release revision, every other file I consider valid and verified. I believe that for this release no errant files slipped in and it's good. People should review the code. I spent an hour on this by yanking a bunch of stuff together so it might very well have errors. I have one hardcoded url for the Git repository but I'll pull that out of the POM and then hopefully it can be used generally to validate source archives for releases. The general procedure seems fine, but the SCM coordinates still need to be in the release vote in order to tie everything together for the release vote, and for the historical record. Rather than pick out the details from the maven-core jar, the information should be taken from the release vote e-mail. That can then be used to ensure that the artifacts match the release vote, and that the sources match the SCM tag. The build.properties entry should be checked to ensure it is the same as the value from the release vote mail. On Sep 20, 2013, at 5:40 PM, sebb seb...@gmail.com wrote: On 17 September 2013 16:39, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d The full scm coordinates are needed. The pom includes the git URL and tag, but that is not immutable. Exactly the same tag was used for the previous vote. To identify the source archive uniquely, additional info such as a hash is needed, so the hash is now included in the vote e-mail. The same applies to the SCM tag. Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On Sep 21, 2013, at 2:51 PM, sebb seb...@gmail.com wrote: On 21 September 2013 22:28, Jason van Zyl ja...@tesla.io wrote: You will now be infamous :-) https://github.com/jvanzyl/sebbalizer If you don't like the name, happy to change it. I thought it was appropriate and meant as a compliment for being thorough. Thanks, but no thanks. Sorry, but I don't like the association. No problem. https://github.com/jvanzyl/source-release-validator With a given staging URL, groupId, artifact, and version it will retrieve the source archive, and binary archive and the corresponding SHA1s and validates the SHA1s are right. It unpacks both the archives, digs into the binary archive to find the maven-core JAR to retrieve the build.properties which contains the SHA1 of the release revision from which the source archive was made. A git clone is performed and moved to the release revision. A check is performed to ensure that each file in the source archive is present in the release revision and that the SHA1 of the each file in the source archive matches the SHA1 of the file from the corresponding release revision. So for this release using the Sebbalizer I only found the DEPENDENCIES file to not exist in the release revision, every other file I consider valid and verified. I believe that for this release no errant files slipped in and it's good. People should review the code. I spent an hour on this by yanking a bunch of stuff together so it might very well have errors. I have one hardcoded url for the Git repository but I'll pull that out of the POM and then hopefully it can be used generally to validate source archives for releases. The general procedure seems fine, but the SCM coordinates still need to be in the release vote in order to tie everything together for the release vote, and for the historical record. Rather than pick out the details from the maven-core jar, the information should be taken from the release vote e-mail. No, I think an automated way is better. As part of the release the release revision should be made available for use in the email. That can then be used to ensure that the artifacts match the release vote, and that the sources match the SCM tag. The build.properties entry should be checked to ensure it is the same as the value from the release vote mail. I want to go in the direction of automation and to generate this as part of the release so it will contain the revision. Going from a manually generated email is not a good solution. I can see the need for a secondary reference but I'm going to fully automate it. If I turn this tool into a Nexus Plugin I can potentially just generate the email. At any rate, I understand your concern to make sure there are no errant files and I believe this tool addresses those concerns. I think at this point with this it's not really necessary to put the release revision in the email template but that's for the PMC to decide. I'll continue to use the official template but I will also run this tool as part of the core releases. On Sep 20, 2013, at 5:40 PM, sebb seb...@gmail.com wrote: On 17 September 2013 16:39, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d The full scm coordinates are needed. The pom includes the git URL and tag, but that is not immutable. Exactly the same tag was used for the previous vote. To identify the source archive uniquely, additional info such as a hash is needed, so the hash is now included in the vote e-mail. The same applies to the SCM tag. Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To
Re: [VOTE] Release Maven 3.1.1
+1 --- Analyzing source release validity... stagingUrl: https://repository.apache.org/content/repositories/maven-065 groupId: org.apache.maven artifactId: apache-maven version: 3.1.1 Source ZIP url exists. https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip Source ZIP SHA1 url exists. https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip.sha1 Binary ZIP url exists. https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip Binary ZIP SHA1 url exists. https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip.sha1 Calculated SHA1 of source ZIP matches published SHA1 of source ZIP. 2251357aa47129674df578e787504b72cd57ed4d Calculated SHA1 of binary ZIP matches published SHA1 of binary ZIP. 8416a8f07f9bd36bbc775eaddda0693a35937fe9 LICENSE file is present in the source distribution. NOTICE file is present in the source distribution. LICENSE file is present in the binary distribution. NOTICE file is present in the binary distribution. Git revision of release as determined from maven-core-3.1.1.jar:org/apache/maven/messages/build.properties(buildNumber): 0728685237757ffbf44136acec0402957f723d9a All files in source distribution have been found in the release revision (taking into account acceptable exclusions). On Sep 17, 2013, at 8:39 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
On 21 September 2013 23:09, Jason van Zyl ja...@tesla.io wrote: On Sep 21, 2013, at 2:51 PM, sebb seb...@gmail.com wrote: On 21 September 2013 22:28, Jason van Zyl ja...@tesla.io wrote: You will now be infamous :-) https://github.com/jvanzyl/sebbalizer If you don't like the name, happy to change it. I thought it was appropriate and meant as a compliment for being thorough. Thanks, but no thanks. Sorry, but I don't like the association. No problem. https://github.com/jvanzyl/source-release-validator Thanks. With a given staging URL, groupId, artifact, and version it will retrieve the source archive, and binary archive and the corresponding SHA1s and validates the SHA1s are right. It unpacks both the archives, digs into the binary archive to find the maven-core JAR to retrieve the build.properties which contains the SHA1 of the release revision from which the source archive was made. A git clone is performed and moved to the release revision. A check is performed to ensure that each file in the source archive is present in the release revision and that the SHA1 of the each file in the source archive matches the SHA1 of the file from the corresponding release revision. So for this release using the Sebbalizer I only found the DEPENDENCIES file to not exist in the release revision, every other file I consider valid and verified. I believe that for this release no errant files slipped in and it's good. People should review the code. I spent an hour on this by yanking a bunch of stuff together so it might very well have errors. I have one hardcoded url for the Git repository but I'll pull that out of the POM and then hopefully it can be used generally to validate source archives for releases. The general procedure seems fine, but the SCM coordinates still need to be in the release vote in order to tie everything together for the release vote, and for the historical record. Rather than pick out the details from the maven-core jar, the information should be taken from the release vote e-mail. No, I think an automated way is better. It would still be automated. However the source data would come form the vote e-mail, which makes more sense to me. As part of the release the release revision should be made available for use in the email. I agree the release revision needs to be part of the e-mail; that is what I have been requesting all along. That can then be used to ensure that the artifacts match the release vote, and that the sources match the SCM tag. The build.properties entry should be checked to ensure it is the same as the value from the release vote mail. I want to go in the direction of automation and to generate this as part of the release so it will contain the revision. +1 Going from a manually generated email is not a good solution. I disagree; so long as the e-mail has a reasonably standard format, it should be easy enough to extract the data to to the checks. I can see the need for a secondary reference but I'm going to fully automate it. It's not a secondary reference. The vote e-mail is the primary reference. If I turn this tool into a Nexus Plugin I can potentially just generate the email. Again, I think that's backwards. The point is that any reviewer needs to be able to check the release. At any rate, I understand your concern to make sure there are no errant files and I believe this tool addresses those concerns. The problem is that without the SCM coordinates it's not possible for a reviewer to independently check the source contents. They may use your tool to do so, or they may use other methods; that is up to them. The point is that it must be possible to independently audit the source release. The vote e-mail chain is the official means by which releases are sanctioned. Therefore the vote e-mail needs to contain all the required information; it should not be necessary for the reviewer to go digging for the information. I think at this point with this it's not really necessary to put the release revision in the email template but that's for the PMC to decide. I'll continue to use the official template but I will also run this tool as part of the core releases. On Sep 20, 2013, at 5:40 PM, sebb seb...@gmail.com wrote: On 17 September 2013 16:39, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here:
Re: [VOTE] Release Maven 3.1.1
On Sep 21, 2013, at 6:16 PM, sebb seb...@gmail.com wrote: On 21 September 2013 23:09, Jason van Zyl ja...@tesla.io wrote: It would still be automated. However the source data would come form the vote e-mail, which makes more sense to me. If it were generated I would agree. Manually making an email is not automated or consistent. As part of the release the release revision should be made available for use in the email. I agree the release revision needs to be part of the e-mail; that is what I have been requesting all along. That can then be used to ensure that the artifacts match the release vote, and that the sources match the SCM tag. The build.properties entry should be checked to ensure it is the same as the value from the release vote mail. I want to go in the direction of automation and to generate this as part of the release so it will contain the revision. +1 Going from a manually generated email is not a good solution. I disagree; so long as the e-mail has a reasonably standard format, it should be easy enough to extract the data to to the checks. Well, we'll just agree to disagree. Nothing made by a human is never going to be as consistent as an automated process. If I can get the sha1 for the release in an automated way, I'm not going to cut and paste it from somewhere. I already grabbed the wrong one already in one of the releases. There is no way you're going to convince me that once a tool has been validated to yield the correct information that making a manual email is better. I can see the need for a secondary reference but I'm going to fully automate it. It's not a secondary reference. The vote e-mail is the primary reference. If I turn this tool into a Nexus Plugin I can potentially just generate the email. Again, I think that's backwards. The point is that any reviewer needs to be able to check the release. At any rate, I understand your concern to make sure there are no errant files and I believe this tool addresses those concerns. The problem is that without the SCM coordinates it's not possible for a reviewer to independently check the source contents. They may use your tool to do so, or they may use other methods; that is up to them. The point is that it must be possible to independently audit the source release. You have the SCM coordinates now. Is the issue not addressed with the tool I made? There is no way that you will be able manually review the release as accurately as the tool. You think it's useful to go file by file and manually check all the files? That you are going to do it consistently and accurately without tooling? If you want to, all the information will be there in the releases I do from now on from the report I'm generating and it's accurate and not susceptible to my cut/paste errors. If from the staging process the email is emitted along with the report then you can do anything manually you wish but everything to that point will have been created in a consistent, repeatable way that can be performed by someone else (at least when I'm done). The vote e-mail chain is the official means by which releases are sanctioned. I have no issue sending an email. Therefore the vote e-mail needs to contain all the required information; it should not be necessary for the reviewer to go digging for the information. Are you manually going to go through each of our releases file by file? If you are I will ask to put the revision in the template. After looking, and making the tool I don't think it's necessary. But if you are going to use no tooling and essentially do what I automated I will ask to add the source revision in the email. If this is for a theoretical reviewer who may want to do it, then I honestly don't think it's useful or necessary. On Sep 20, 2013, at 5:40 PM, sebb seb...@gmail.com wrote: On 17 September 2013 16:39, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip
Re: [VOTE] Release Maven 3.1.1
On 22 September 2013 03:09, Jason van Zyl ja...@tesla.io wrote: On Sep 21, 2013, at 6:16 PM, sebb seb...@gmail.com wrote: On 21 September 2013 23:09, Jason van Zyl ja...@tesla.io wrote: It would still be automated. However the source data would come form the vote e-mail, which makes more sense to me. If it were generated I would agree. Manually making an email is not automated or consistent. I don't care how the e-mail is created; it can be automated. What matters is that the content is understandable and complete. As part of the release the release revision should be made available for use in the email. I agree the release revision needs to be part of the e-mail; that is what I have been requesting all along. That can then be used to ensure that the artifacts match the release vote, and that the sources match the SCM tag. The build.properties entry should be checked to ensure it is the same as the value from the release vote mail. I want to go in the direction of automation and to generate this as part of the release so it will contain the revision. +1 Going from a manually generated email is not a good solution. I disagree; so long as the e-mail has a reasonably standard format, it should be easy enough to extract the data to to the checks. Well, we'll just agree to disagree. Nothing made by a human is never going to be as consistent as an automated process. I did not say that. However if a human uses an email template (as at present) the result should be sufficiently consistent that parsing would not be too difficult. If I can get the sha1 for the release in an automated way, I'm not going to cut and paste it from somewhere. I already grabbed the wrong one already in one of the releases. There is no way you're going to convince me that once a tool has been validated to yield the correct information that making a manual email is better. Again, I don't care how the e-mail is created, so long as it contains all the required information in a readable format. I can see the need for a secondary reference but I'm going to fully automate it. It's not a secondary reference. The vote e-mail is the primary reference. If I turn this tool into a Nexus Plugin I can potentially just generate the email. Again, I think that's backwards. The point is that any reviewer needs to be able to check the release. At any rate, I understand your concern to make sure there are no errant files and I believe this tool addresses those concerns. The problem is that without the SCM coordinates it's not possible for a reviewer to independently check the source contents. They may use your tool to do so, or they may use other methods; that is up to them. The point is that it must be possible to independently audit the source release. You have the SCM coordinates now. I'm not sure what you mean by that. Is the issue not addressed with the tool I made? Does the tool ensure that the SCM coordinates are included in the vote email? There is no way that you will be able manually review the release as accurately as the tool. When I review a release I don't only check files and sigs and hashes. I use a combination of tools and visual inspection. Sometimes the inspection turns up oddities that can then be added to the automated tooling. You think it's useful to go file by file and manually check all the files? No, but it can pay to inspect some files. That you are going to do it consistently and accurately without tooling? No, I never said that. If you want to, all the information will be there in the releases I do from now on from the report I'm generating and it's accurate and not susceptible to my cut/paste errors. So long as the required information is in the vote e-mail, that's all I require. If from the staging process the email is emitted along with the report then you can do anything manually you wish but everything to that point will have been created in a consistent, repeatable way that can be performed by someone else (at least when I'm done). I'll just point out that there have been several plugin releases using the standard release process that added errant files to the source archive. Which is one reason why independent audits are needed. The vote e-mail chain is the official means by which releases are sanctioned. I have no issue sending an email. Therefore the vote e-mail needs to contain all the required information; it should not be necessary for the reviewer to go digging for the information. Are you manually going to go through each of our releases file by file? No, but I may inspect some files. If you are I will ask to put the revision in the template. Thanks, that's part of what I'm asking; the SCM URL is also needed. After looking, and making the tool I don't think it's necessary. You seem to be missing the point that the vote e-mail should be capable of independent audit. And should contain
Re: [VOTE] Release Maven 3.1.1
On Sep 21, 2013, at 7:44 PM, sebb seb...@gmail.com wrote: On 22 September 2013 03:09, Jason van Zyl ja...@tesla.io wrote: On Sep 21, 2013, at 6:16 PM, sebb seb...@gmail.com wrote: On 21 September 2013 23:09, Jason van Zyl ja...@tesla.io wrote: It would still be automated. However the source data would come form the vote e-mail, which makes more sense to me. If it were generated I would agree. Manually making an email is not automated or consistent. I don't care how the e-mail is created; it can be automated. What matters is that the content is understandable and complete. Ok, then we agree. We should try to keep the vote email threads for the votes. I think what you asked for was the impetus for the tool I made and it helped do a more complete audit than I've ever done manually. But the SCM coordinates are not a requirement for the release email currently and if we're going to discuss that then we probably shouldn't hijack the vote threads which we both just did. Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
On 17 September 2013 16:39, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d The full scm coordinates are needed. The pom includes the git URL and tag, but that is not immutable. Exactly the same tag was used for the previous vote. To identify the source archive uniquely, additional info such as a hash is needed, so the hash is now included in the vote e-mail. The same applies to the SCM tag. Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
After some experimentation I still couldn't detect any errors showing up, however, I did remember I noticed some strange anomalies after using dependency:purge-local-repository the other day - where that goal seems to delete all the local artifacts, doesn't clean up any of the meta-data files in the .m2 repository, which triggers problems with version range based builds ( such as my integration build here ) when metadata exists for files that don't. After I rm -rf'd my entire .m2/repository/mygroupidhere directory and watched maven download 400 odd pom versions everything seemed to work fine. So I suspect this is more an issue with the dependency plugin trashing things more than aether, but maybe aether could be more graceful around broken metadata. If I get some time in the morning/weekend I'll see if I can setup a broken ./m2 setup and a test project to reproduce. -- Mark Derricutt — twitter — podcast — blog — google+ On 19/09/2013, at 1:09 PM, Jason van Zyl ja...@tesla.io wrote: If you can reproduce it in a stand-alone example I can track it down. Or if it's an OSS project I'll take a look. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [VOTE] Release Maven 3.1.1
Are you just manually copying that or is there an option on the CMS to make the staging site? On Sep 18, 2013, at 10:18 PM, Hervé BOUTEMY herve.bout...@free.fr wrote: I didn't have time to test this release for the moment but I updated a few days ago Maven core release instructions [1] to stage core reference documentation: http://maven.apache.org/ref/3-LATEST/ Actual state is the staging from previous release vote: it should be updated from actual tag, but I don't have time for the moment Please take a few minutes to run the commands from your release directory. Regards, Hervé [1] http://maven.apache.org/developers/release/maven-core-release.html#Stage_the_Latest_Documentation Le mardi 17 septembre 2013 11:39:17 Jason van Zyl a écrit : Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18 968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/mave n/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/mave n/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
Jason, are you going to cast your vote on this? On 17 September 2013 16:39, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks,
Re: [VOTE] Release Maven 3.1.1
it does not use CMS I split the instructions in 2 parts to make things as clear as possible: 1. mvn -Preporting site site:stage = local HTML generation and staging of multiple modules into one local staging area 2. mvn scm-publish:publish-scm publish local staging area to website svn area, which distributes it to live http server through svnpubsub Regards, Hervé Le jeudi 19 septembre 2013 07:00:13 Jason van Zyl a écrit : Are you just manually copying that or is there an option on the CMS to make the staging site? On Sep 18, 2013, at 10:18 PM, Hervé BOUTEMY herve.bout...@free.fr wrote: I didn't have time to test this release for the moment but I updated a few days ago Maven core release instructions [1] to stage core reference documentation: http://maven.apache.org/ref/3-LATEST/ Actual state is the staging from previous release vote: it should be updated from actual tag, but I don't have time for the moment Please take a few minutes to run the commands from your release directory. Regards, Hervé [1] http://maven.apache.org/developers/release/maven-core-release.html#Stage_ the_Latest_Documentation Le mardi 17 septembre 2013 11:39:17 Jason van Zyl a écrit : Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version =18 968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/m ave n/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/m ave n/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/m av en/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/m av en/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/m av en/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
Do you think we can make a small addition to have it publish to a standard staging location? Is that hard to add to the tool? Would help us reach a state of more automation. I'll follow those steps for the time being. On Sep 19, 2013, at 10:19 AM, Hervé BOUTEMY herve.bout...@free.fr wrote: it does not use CMS I split the instructions in 2 parts to make things as clear as possible: 1. mvn -Preporting site site:stage = local HTML generation and staging of multiple modules into one local staging area 2. mvn scm-publish:publish-scm publish local staging area to website svn area, which distributes it to live http server through svnpubsub Regards, Hervé Le jeudi 19 septembre 2013 07:00:13 Jason van Zyl a écrit : Are you just manually copying that or is there an option on the CMS to make the staging site? On Sep 18, 2013, at 10:18 PM, Hervé BOUTEMY herve.bout...@free.fr wrote: I didn't have time to test this release for the moment but I updated a few days ago Maven core release instructions [1] to stage core reference documentation: http://maven.apache.org/ref/3-LATEST/ Actual state is the staging from previous release vote: it should be updated from actual tag, but I don't have time for the moment Please take a few minutes to run the commands from your release directory. Regards, Hervé [1] http://maven.apache.org/developers/release/maven-core-release.html#Stage_ the_Latest_Documentation Le mardi 17 septembre 2013 11:39:17 Jason van Zyl a écrit : Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version =18 968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/m ave n/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/m ave n/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/m av en/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/m av en/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/m av en/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
I'm making a small tool to validate the distro. I don't want to do this manually anymore :-) On Sep 19, 2013, at 7:14 AM, Stephen Connolly stephen.alan.conno...@gmail.com wrote: Jason, are you going to cast your vote on this? On 17 September 2013 16:39, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
Sent from my HTC On kme™ X, an ATT 4G LTE smartphone - Reply message - From: Jason van Zyl ja...@tesla.io To: Maven Developers List dev@maven.apache.org Subject: [VOTE] Release Maven 3.1.1 Date: Thu, Sep 19, 2013 7:30 PM Are you just manually copying that or is there an option on the CMS to make the staging site? On Sep 18, 2013, at 10:18 PM, Hervé BOUTEMY herve.bout...@free.fr wrote: I didn't have time to test this release for the moment but I updated a few days ago Maven core release instructions [1] to stage core reference documentation: http://maven.apache.org/ref/3-LATEST/ Actual state is the staging from previous release vote: it should be updated from actual tag, but I don't have time for the moment Please take a few minutes to run the commands from your release directory. Regards, Hervé [1] http://maven.apache.org/developers/release/maven-core-release.html#Stage_the_Latest_Documentation Le mardi 17 septembre 2013 11:39:17 Jason van Zyl a écrit : Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18 968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/mave n/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/mave n/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
Sent from my HTC One™ X, an ATT 4G LTE smartphone - Reply message - From: Jason van Zyl ja...@tesla.io To: Maven Developers List dev@maven.apache.org Subject: [VOTE] Release Maven 3.1.1 Date: Thu, Sep 19, 2013 7:30 PM Are you just manually copying that or is there an option on the CMS to make the staging site? On Sep 18, 2013, at 10:18 PM, Hervé BOUTEMY herve.bout...@free.fr wrote: I didn't have time to test this release for the moment but I updated a few days ago Maven core release instructions [1] to stage core reference documentation: http://maven.apache.org/ref/3-LATEST/ Actual state is the staging from previous release vote: it should be updated from actual tag, but I don't have time for the moment Please take a few minutes to run the commands from your release directory. Regards, Hervé [1] http://maven.apache.org/developers/release/maven-core-release.html#Stage_the_Latest_Documentation Le mardi 17 septembre 2013 11:39:17 Jason van Zyl a écrit : Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18 968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/mave n/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/mave n/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
what do you call a standard staging location? what more automation do you expect? Le jeudi 19 septembre 2013 11:02:46 Jason van Zyl a écrit : Do you think we can make a small addition to have it publish to a standard staging location? Is that hard to add to the tool? Would help us reach a state of more automation. I'll follow those steps for the time being. On Sep 19, 2013, at 10:19 AM, Hervé BOUTEMY herve.bout...@free.fr wrote: it does not use CMS I split the instructions in 2 parts to make things as clear as possible: 1. mvn -Preporting site site:stage = local HTML generation and staging of multiple modules into one local staging area 2. mvn scm-publish:publish-scm publish local staging area to website svn area, which distributes it to live http server through svnpubsub Regards, Hervé Le jeudi 19 septembre 2013 07:00:13 Jason van Zyl a écrit : Are you just manually copying that or is there an option on the CMS to make the staging site? On Sep 18, 2013, at 10:18 PM, Hervé BOUTEMY herve.bout...@free.fr wrote: I didn't have time to test this release for the moment but I updated a few days ago Maven core release instructions [1] to stage core reference documentation: http://maven.apache.org/ref/3-LATEST/ Actual state is the staging from previous release vote: it should be updated from actual tag, but I don't have time for the moment Please take a few minutes to run the commands from your release directory. Regards, Hervé [1] http://maven.apache.org/developers/release/maven-core-release.html#Stage _ the_Latest_Documentation Le mardi 17 septembre 2013 11:39:17 Jason van Zyl a écrit : Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500versi on =18 968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache /m ave n/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache /m ave n/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache /m av en/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache /m av en/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache /m av en/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
A button on the CMS page that says Staging Site and it produces a standard URL for a staging site that can be used for all core releases. On Sep 19, 2013, at 1:19 PM, Hervé BOUTEMY herve.bout...@free.fr wrote: what do you call a standard staging location? what more automation do you expect? Le jeudi 19 septembre 2013 11:02:46 Jason van Zyl a écrit : Do you think we can make a small addition to have it publish to a standard staging location? Is that hard to add to the tool? Would help us reach a state of more automation. I'll follow those steps for the time being. On Sep 19, 2013, at 10:19 AM, Hervé BOUTEMY herve.bout...@free.fr wrote: it does not use CMS I split the instructions in 2 parts to make things as clear as possible: 1. mvn -Preporting site site:stage = local HTML generation and staging of multiple modules into one local staging area 2. mvn scm-publish:publish-scm publish local staging area to website svn area, which distributes it to live http server through svnpubsub Regards, Hervé Le jeudi 19 septembre 2013 07:00:13 Jason van Zyl a écrit : Are you just manually copying that or is there an option on the CMS to make the staging site? On Sep 18, 2013, at 10:18 PM, Hervé BOUTEMY herve.bout...@free.fr wrote: I didn't have time to test this release for the moment but I updated a few days ago Maven core release instructions [1] to stage core reference documentation: http://maven.apache.org/ref/3-LATEST/ Actual state is the staging from previous release vote: it should be updated from actual tag, but I don't have time for the moment Please take a few minutes to run the commands from your release directory. Regards, Hervé [1] http://maven.apache.org/developers/release/maven-core-release.html#Stage _ the_Latest_Documentation Le mardi 17 septembre 2013 11:39:17 Jason van Zyl a écrit : Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500versi on =18 968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache /m ave n/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache /m ave n/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache /m av en/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache /m av en/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache /m av en/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
ah ok, staging to http://maven.staging.apache.org/ no, this url is for CMS staging only, which does not contain/support component included sites: see http://maven.staging.apache.org/ref/ for example, which does not exist. In fact, everything from extpaths.txt isn't published in CMS staging site (nor svn area) CMS staging is only for Maven project main site, which is published by CMS. Maven core staging site, like any other component staging area, is done in CMS production area protected by extpaths.txt, with a -LATEST convention: versionned release documentation is done with svn cp This is the only way I found to integrate with CMS + svnpubsub solution in as much natural way as possible Le jeudi 19 septembre 2013 14:35:16 Jason van Zyl a écrit : A button on the CMS page that says Staging Site and it produces a standard URL for a staging site that can be used for all core releases. On Sep 19, 2013, at 1:19 PM, Hervé BOUTEMY herve.bout...@free.fr wrote: what do you call a standard staging location? what more automation do you expect? Le jeudi 19 septembre 2013 11:02:46 Jason van Zyl a écrit : Do you think we can make a small addition to have it publish to a standard staging location? Is that hard to add to the tool? Would help us reach a state of more automation. I'll follow those steps for the time being. On Sep 19, 2013, at 10:19 AM, Hervé BOUTEMY herve.bout...@free.fr wrote: it does not use CMS I split the instructions in 2 parts to make things as clear as possible: 1. mvn -Preporting site site:stage = local HTML generation and staging of multiple modules into one local staging area 2. mvn scm-publish:publish-scm publish local staging area to website svn area, which distributes it to live http server through svnpubsub Regards, Hervé Le jeudi 19 septembre 2013 07:00:13 Jason van Zyl a écrit : Are you just manually copying that or is there an option on the CMS to make the staging site? On Sep 18, 2013, at 10:18 PM, Hervé BOUTEMY herve.bout...@free.fr wrote: I didn't have time to test this release for the moment but I updated a few days ago Maven core release instructions [1] to stage core reference documentation: http://maven.apache.org/ref/3-LATEST/ Actual state is the staging from previous release vote: it should be updated from actual tag, but I don't have time for the moment Please take a few minutes to run the commands from your release directory. Regards, Hervé [1] http://maven.apache.org/developers/release/maven-core-release.html#Sta ge _ the_Latest_Documentation Le mardi 17 septembre 2013 11:39:17 Jason van Zyl a écrit : Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500ver si on =18 968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apac he /m ave n/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apac he /m ave n/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apac he /m av en/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apac he /m av en/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apac he /m av en/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
+1 (non-binding), installed this as default Maven 3 on a Jenkins installation and after upping maven-site-plugin from 3.0 to 3.3 in some projects, around 20 projects (Mostly maven and Jenkins plugin) were successfully running mvn clean install site (@Stephen: even with Jenkins' Maven job type!) I also checked the SHA1 of the src.zip at the staging repository is 2251357aa47129674df578e787504b72cd57ed4d, the SHA1 from the binary (mvn -v) reports 0728685237757ffbf44136acec0402957f723d9a which is the prepare commit of the release-plugin. Regards Mirko Regards Mirko -- http://illegalstateexception.blogspot.com/ https://github.com/mfriedenhagen/ https://bitbucket.org/mfriedenhagen/ On Tue, Sep 17, 2013 at 5:39 PM, Jason van Zyl ja...@tesla.io wrote: Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
If you can reproduce it in a stand-alone example I can track it down. Or if it's an OSS project I'll take a look. On Sep 18, 2013, at 5:45 PM, Mark Derricutt m...@talios.com wrote: Maybe a -1 here, not sure. I was about to +1 this from basic builds/releases, but then needed to run some integration tests locally and hit the following issue, strangely - this also occurs using 3.1.0 AND 3.0.5, but only on my machine. So I'm suspecting something strange in my .m2 maybe… I'm seeing Aether fall into an endless loop that: On our integration tests I'm seeing this lock solid: main prio=5 tid=0x7fc1dc801800 nid=0x1903 runnable [0x00010b458000] java.lang.Thread.State: RUNNABLE at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at org.eclipse.aether.graph.DefaultDependencyNode.accept(DefaultDependencyNode.java:329) at
Re: [VOTE] Release Maven 3.1.1
On 19/09/2013, at 1:09 PM, Jason van Zyl ja...@tesla.io wrote: If you can reproduce it in a stand-alone example I can track it down. Or if it's an OSS project I'll take a look. Sadly not unfortunately - 3.1.1 seems to work flawlessly fine for our main artefacts and any OSS projects I have, but something in our integration tests is tripping it up, -X doesn't give me anything useful either. Since I'm seeing this on 3.0.5/3.0.1 as well as 3.1.1 I don't think this should prevent a release assuming nothing else crops up. I'll see if I can nail it down a bit and step thru the code and try figure it out. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [VOTE] Release Maven 3.1.1
I didn't have time to test this release for the moment but I updated a few days ago Maven core release instructions [1] to stage core reference documentation: http://maven.apache.org/ref/3-LATEST/ Actual state is the staging from previous release vote: it should be updated from actual tag, but I don't have time for the moment Please take a few minutes to run the commands from your release directory. Regards, Hervé [1] http://maven.apache.org/developers/release/maven-core-release.html#Stage_the_Latest_Documentation Le mardi 17 septembre 2013 11:39:17 Jason van Zyl a écrit : Hi, Maven Core ITs are good, and the license/notice issue has been resolved so I'm rolling 3.1.1 again. Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18 968 Staging repo: https://repository.apache.org/content/repositories/maven-065/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/mave n/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-065/org/apache/mave n/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-065/org/apache/mav en/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Source release checksum(s): apache-maven-3.1.1-src.zip sha1: 2251357aa47129674df578e787504b72cd57ed4d Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
I'm going to do the re-roll in 30 minutes. On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
Core ITs are all blue again, there was a resolution failure but seems to be spurious and the jdk7 build is ok again. On Sep 17, 2013, at 10:08 AM, Jason van Zyl ja...@tesla.io wrote: I'm going to do the re-roll in 30 minutes. On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
Le 13 sept. 2013 19:00, sebb seb...@gmail.com a écrit : On 12 September 2013 21:52, Baptiste Mathus m...@batmat.net wrote: 2013/9/12 sebb seb...@gmail.com On 12 September 2013 14:52, Arnaud Héritier aherit...@gmail.com wrote: On Thu, Sep 12, 2013 at 3:44 PM, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: Like we already say I think we aren't convinced about this because it will imply to recopy these files across ~50 projects (plugins, shared libs) and thus update them the day we'll decide/need to do it. That's why we always prefered to bundle them at build time. The point is: the NL files should be at the top-level of SCM. That is because SCM URLs are published, so the readers need to know the what the license conditions are. Wasn't it explained that SCM is actually a convenience, and that only the released source tarballs would actually matter here? It's not the case that SCM is only a convenience; the SCM locations are published to end-users on the web-site and in the POMs. And the SCM is anyway public. Well, according to this thread http://mail-archives.apache.org/mod_mbox/maven-dev/201308.mbox/%3CCA+nPnMwE=ON4AfAmFq3dvnpMdcsKt0u3G=RYvQWiZsmL=ea...@mail.gmail.com%3Eand Stephen's answer, that was my understanding and I don't remember someone pointing to somewhere at apache docs stating this is actually wrong. In this case, Arnaud's point about only adding them at build time is really valid here. Not sure what you are referring to here, but the build is not relevant to this discussion. Once again, in the above linked thread, my readings make me think there were already answers from pmc that you would then have to agree to disagree on this point. And this is also the understanding I have from last Arnaud's answer above. The fact that having the NL files there would likely have ensured they were in the source archive is an added bonus; it's not the primary reason for having them at the top-level of SCM. In the source, but possibly different in many places and having to maintain their sameness, that's again Arnaud's point. As an external observer and a developer, not duplicating files in many places as they should really be the same seem quite a sound PMC choice to me. - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On 14 September 2013 11:19, Baptiste Mathus bmat...@batmat.net wrote: Le 13 sept. 2013 19:00, sebb seb...@gmail.com a écrit : On 12 September 2013 21:52, Baptiste Mathus m...@batmat.net wrote: 2013/9/12 sebb seb...@gmail.com On 12 September 2013 14:52, Arnaud Héritier aherit...@gmail.com wrote: On Thu, Sep 12, 2013 at 3:44 PM, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: Like we already say I think we aren't convinced about this because it will imply to recopy these files across ~50 projects (plugins, shared libs) and thus update them the day we'll decide/need to do it. That's why we always prefered to bundle them at build time. The point is: the NL files should be at the top-level of SCM. That is because SCM URLs are published, so the readers need to know the what the license conditions are. Wasn't it explained that SCM is actually a convenience, and that only the released source tarballs would actually matter here? It's not the case that SCM is only a convenience; the SCM locations are published to end-users on the web-site and in the POMs. And the SCM is anyway public. Well, according to this thread http://mail-archives.apache.org/mod_mbox/maven-dev/201308.mbox/%3CCA+nPnMwE=ON4AfAmFq3dvnpMdcsKt0u3G=RYvQWiZsmL=ea...@mail.gmail.com%3E That thread was about including the SCM details in the VOTE e-mail. and Stephen's answer, that was my understanding and I don't remember someone pointing to somewhere at apache docs stating this is actually wrong. In this case, Arnaud's point about only adding them at build time is really valid here. Not sure what you are referring to here, but the build is not relevant to this discussion. Once again, in the above linked thread, my readings make me think there were already answers from pmc that you would then have to agree to disagree on this point. And this is also the understanding I have from last Arnaud's answer above. There is a thread active currently on legal-discuss; at least one of the ASF legal types thinks that SCM trees should have NL files. The fact that having the NL files there would likely have ensured they were in the source archive is an added bonus; it's not the primary reason for having them at the top-level of SCM. In the source, but possibly different in many places and having to maintain their sameness, that's again Arnaud's point. As an external observer and a developer, not duplicating files in many places as they should really be the same seem quite a sound PMC choice to me. - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
Just a thought that comes to mind. I see just as this vote was raised a new maven-install-plugin was released, and a vote is also underway for an updated wagon release. Is it worth updating the default versions of plugins etc. to use these along with the 3.1.1 release? On 9/09/2013, at 1:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Mark Derricutt ( m...@talios.com ) — twitter: https://twitter.com/talios — podcast: http://www.illegalargument.com — blog: http://www.theoryinpractice.net — google+: http://gplus.to/talios signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [VOTE] Release Maven 3.1.1
Assuming that we need another vote, it is worth waiting to include Wagon 2.5 due to WAGON-381. I wouldn't upgrade the Install Plugin yet. First the Deploy Plugin should be released as well, so the installAtEnd and deployAtEnd chain is complete. With only the installAtEnd we can expect confusion. Robert Op Fri, 13 Sep 2013 07:59:58 +0200 schreef Mark Derricutt m...@talios.com: Just a thought that comes to mind. I see just as this vote was raised a new maven-install-plugin was released, and a vote is also underway for an updated wagon release. Is it worth updating the default versions of plugins etc. to use these along with the 3.1.1 release? On 9/09/2013, at 1:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Mark Derricutt ( m...@talios.com ) — twitter: https://twitter.com/talios — podcast: http://www.illegalargument.com — blog: http://www.theoryinpractice.net — google+: http://gplus.to/talios - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On Sep 13, 2013, at 10:14 AM, Robert Scholte rfscho...@apache.org wrote: Assuming that we need another vote, it is worth waiting to include Wagon 2.5 due to WAGON-381. No, I would prefer to do another release and only fix what's necessary here. I'd still like to get to the point where we can do push button, mostly automated releases. To get there we need to release more often. There's one issue that Tamas pointed out that needs to be fixed, and we've discovered another issue in m2e while trying to make it use 3.1.x. So I'd like to focus on those issues and release again. I wouldn't upgrade the Install Plugin yet. First the Deploy Plugin should be released as well, so the installAtEnd and deployAtEnd chain is complete. With only the installAtEnd we can expect confusion. Robert Op Fri, 13 Sep 2013 07:59:58 +0200 schreef Mark Derricutt m...@talios.com: Just a thought that comes to mind. I see just as this vote was raised a new maven-install-plugin was released, and a vote is also underway for an updated wagon release. Is it worth updating the default versions of plugins etc. to use these along with the 3.1.1 release? On 9/09/2013, at 1:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Mark Derricutt ( m...@talios.com ) — twitter: https://twitter.com/talios — podcast: http://www.illegalargument.com — blog: http://www.theoryinpractice.net — google+: http://gplus.to/talios - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
On 12 September 2013 21:52, Baptiste Mathus m...@batmat.net wrote: 2013/9/12 sebb seb...@gmail.com On 12 September 2013 14:52, Arnaud Héritier aherit...@gmail.com wrote: On Thu, Sep 12, 2013 at 3:44 PM, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. The NL files should also be present at the top-level of SCM. That is not a release-blocker per se, however if they had been there they would likely also be in the source archives at the top-level, which is a release blocker IMO. Like we already say I think we aren't convinced about this because it will imply to recopy these files across ~50 projects (plugins, shared libs) and thus update them the day we'll decide/need to do it. That's why we always prefered to bundle them at build time. The point is: the NL files should be at the top-level of SCM. That is because SCM URLs are published, so the readers need to know the what the license conditions are. Wasn't it explained that SCM is actually a convenience, and that only the released source tarballs would actually matter here? It's not the case that SCM is only a convenience; the SCM locations are published to end-users on the web-site and in the POMs. And the SCM is anyway public. In this case, Arnaud's point about only adding them at build time is really valid here. Not sure what you are referring to here, but the build is not relevant to this discussion. The fact that having the NL files there would likely have ensured they were in the source archive is an added bonus; it's not the primary reason for having them at the top-level of SCM. In the source, but possibly different in many places and having to maintain their sameness, that's again Arnaud's point. As an external observer and a developer, not duplicating files in many places as they should really be the same seem quite a sound PMC choice to me. - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
+1 (non-binding) tested on Apache Mahout trunk Kind regards, Stevo Slavic. On Tue, Sep 10, 2013 at 7:09 PM, Daniel Kulp dk...@apache.org wrote: On Sep 10, 2013, at 12:16 PM, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK.There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. OK, so is it necessary to check the release against the tag? That's one way, sure. Personally, I log the trunk/master/branch, find the appropriate commit for prepare release maven-3.1.1, check that out, then diff that with the src tar ball as well as diff that with the tag to make sure all three match up. Likely not necessary with git where the tag would apply directly to that commit, but with subversion, it is certainly possible that the three don't match and the diffs make sure to check that.If any of the three diffs find differences, it's an immediate red-flag for further review and likely require a -1 on the vote until resolved. Or is that just your personal take on what a reviewer should do? A reviewer should do whatever they feel is necessary to do a thorough review. If it is necessary (for at least one reviewer) to do, then the SCM coordinates need to be provided in a transparent manner so any reviewer can do it, and the coordinates need to be part of the vote e-mail for the public record. No, each reviewer should do what they feel is appropriate for them. If every reviewer did the exact same thing, we'd get the exact same result from each of them. Some reviewers may checkout the tag, others may troll back master, others may do something completely different. -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. The NL files should also be present at the top-level of SCM. That is not a release-blocker per se, however if they had been there they would likely also be in the source archives at the top-level, which is a release blocker IMO. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK. There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. Most likely, the doap_Maven.rdf shouldn't be part of the release either. Probalby shouldn't be in the main maven git repo. Definitely not a big deal. Dan On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
-1 due to the issue found by Dan about Notice and License files Otherwise I tested it on various projects and found no regressions Cheers On Thu, Sep 12, 2013 at 3:37 PM, Stevo Slavić ssla...@gmail.com wrote: +1 (non-binding) tested on Apache Mahout trunk Kind regards, Stevo Slavic. On Tue, Sep 10, 2013 at 7:09 PM, Daniel Kulp dk...@apache.org wrote: On Sep 10, 2013, at 12:16 PM, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK.There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. OK, so is it necessary to check the release against the tag? That's one way, sure. Personally, I log the trunk/master/branch, find the appropriate commit for prepare release maven-3.1.1, check that out, then diff that with the src tar ball as well as diff that with the tag to make sure all three match up. Likely not necessary with git where the tag would apply directly to that commit, but with subversion, it is certainly possible that the three don't match and the diffs make sure to check that.If any of the three diffs find differences, it's an immediate red-flag for further review and likely require a -1 on the vote until resolved. Or is that just your personal take on what a reviewer should do? A reviewer should do whatever they feel is necessary to do a thorough review. If it is necessary (for at least one reviewer) to do, then the SCM coordinates need to be provided in a transparent manner so any reviewer can do it, and the coordinates need to be part of the vote e-mail for the public record. No, each reviewer should do what they feel is appropriate for them. If every reviewer did the exact same thing, we'd get the exact same result from each of them. Some reviewers may checkout the tag, others may troll back master, others may do something completely different. -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org -- - Arnaud Héritier http://aheritier.net Mail/GTalk: aheritier AT gmail DOT com Twitter/Skype : aheritier
Re: [VOTE] Release Maven 3.1.1
On Thu, Sep 12, 2013 at 3:44 PM, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. The NL files should also be present at the top-level of SCM. That is not a release-blocker per se, however if they had been there they would likely also be in the source archives at the top-level, which is a release blocker IMO. Like we already say I think we aren't convinced about this because it will imply to recopy these files across ~50 projects (plugins, shared libs) and thus update them the day we'll decide/need to do it. That's why we always prefered to bundle them at build time. Arnaud
Re: [VOTE] Release Maven 3.1.1
-1 for the same reason as Dan and Arnaud, though found no regression. Robert Op Thu, 12 Sep 2013 15:49:06 +0200 schreef Arnaud Héritier aherit...@gmail.com: -1 due to the issue found by Dan about Notice and License files Otherwise I tested it on various projects and found no regressions Cheers On Thu, Sep 12, 2013 at 3:37 PM, Stevo Slavić ssla...@gmail.com wrote: +1 (non-binding) tested on Apache Mahout trunk Kind regards, Stevo Slavic. On Tue, Sep 10, 2013 at 7:09 PM, Daniel Kulp dk...@apache.org wrote: On Sep 10, 2013, at 12:16 PM, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK.There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. OK, so is it necessary to check the release against the tag? That's one way, sure. Personally, I log the trunk/master/branch, find the appropriate commit for prepare release maven-3.1.1, check that out, then diff that with the src tar ball as well as diff that with the tag to make sure all three match up. Likely not necessary with git where the tag would apply directly to that commit, but with subversion, it is certainly possible that the three don't match and the diffs make sure to check that.If any of the three diffs find differences, it's an immediate red-flag for further review and likely require a -1 on the vote until resolved. Or is that just your personal take on what a reviewer should do? A reviewer should do whatever they feel is necessary to do a thorough review. If it is necessary (for at least one reviewer) to do, then the SCM coordinates need to be provided in a transparent manner so any reviewer can do it, and the coordinates need to be part of the vote e-mail for the public record. No, each reviewer should do what they feel is appropriate for them. If every reviewer did the exact same thing, we'd get the exact same result from each of them. Some reviewers may checkout the tag, others may troll back master, others may do something completely different. -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
This should now be fixed on master. Feel free to cancel this vote and respin the builds. Thanks! Dan On Sep 10, 2013, at 11:33 AM, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK. There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. Most likely, the doap_Maven.rdf shouldn't be part of the release either. Probalby shouldn't be in the main maven git repo. Definitely not a big deal. Dan On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On 12 September 2013 14:52, Arnaud Héritier aherit...@gmail.com wrote: On Thu, Sep 12, 2013 at 3:44 PM, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. The NL files should also be present at the top-level of SCM. That is not a release-blocker per se, however if they had been there they would likely also be in the source archives at the top-level, which is a release blocker IMO. Like we already say I think we aren't convinced about this because it will imply to recopy these files across ~50 projects (plugins, shared libs) and thus update them the day we'll decide/need to do it. That's why we always prefered to bundle them at build time. The point is: the NL files should be at the top-level of SCM. That is because SCM URLs are published, so the readers need to know the what the license conditions are. The fact that having the NL files there would likely have ensured they were in the source archive is an added bonus; it's not the primary reason for having them at the top-level of SCM. Arnaud - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
Right o, thanks. On Sep 12, 2013, at 10:06 AM, Daniel Kulp dk...@apache.org wrote: This should now be fixed on master. Feel free to cancel this vote and respin the builds. Thanks! Dan On Sep 10, 2013, at 11:33 AM, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK. There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. Most likely, the doap_Maven.rdf shouldn't be part of the release either. Probalby shouldn't be in the main maven git repo. Definitely not a big deal. Dan On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
The point is: the NL files should be at the top-level of SCM. That is because SCM URLs are published, so the readers need to know the what the license conditions are. For the License when you are reading some code hosted on apache.org I think nobody should have a doubt about it. The fact that having the NL files there would likely have ensured they were in the source archive is an added bonus; it's not the primary reason for having them at the top-level of SCM. Arnaud - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org -- - Arnaud Héritier http://aheritier.net Mail/GTalk: aheritier AT gmail DOT com Twitter/Skype : aheritier
Re: [VOTE] Release Maven 3.1.1
On 12 September 2013 18:20, Arnaud Héritier aherit...@gmail.com wrote: The point is: the NL files should be at the top-level of SCM. That is because SCM URLs are published, so the readers need to know the what the license conditions are. For the License when you are reading some code hosted on apache.org I think nobody should have a doubt about it. Not all code included in our SCM is necessarily AL-licensed. Obviously it has to be AL-compatible so the project as a whole is AL, but parts can be non-AL. The fact that having the NL files there would likely have ensured they were in the source archive is an added bonus; it's not the primary reason for having them at the top-level of SCM. Arnaud - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org -- - Arnaud Héritier http://aheritier.net Mail/GTalk: aheritier AT gmail DOT com Twitter/Skype : aheritier - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
2013/9/12 sebb seb...@gmail.com On 12 September 2013 14:52, Arnaud Héritier aherit...@gmail.com wrote: On Thu, Sep 12, 2013 at 3:44 PM, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. The NL files should also be present at the top-level of SCM. That is not a release-blocker per se, however if they had been there they would likely also be in the source archives at the top-level, which is a release blocker IMO. Like we already say I think we aren't convinced about this because it will imply to recopy these files across ~50 projects (plugins, shared libs) and thus update them the day we'll decide/need to do it. That's why we always prefered to bundle them at build time. The point is: the NL files should be at the top-level of SCM. That is because SCM URLs are published, so the readers need to know the what the license conditions are. Wasn't it explained that SCM is actually a convenience, and that only the released source tarballs would actually matter here? In this case, Arnaud's point about only adding them at build time is really valid here. The fact that having the NL files there would likely have ensured they were in the source archive is an added bonus; it's not the primary reason for having them at the top-level of SCM. In the source, but possibly different in many places and having to maintain their sameness, that's again Arnaud's point. As an external observer and a developer, not duplicating files in many places as they should really be the same seem quite a sound PMC choice to me.
Re: [VOTE] Release Maven 3.1.1
+1 [non-binding] Tested with * appassembler-maven-plugin (trunk: r18705) * maven-invoker-plugin (trunk: r1521365), * iterator-maven-plugin (git: 07ddf1a6a8fe4b60dbb84ce944c3a4f7828bff3e https://github.com/khmarbaise/iterator-maven-plugin), * several of my own projects worked like a charm. On 9/8/13 3:07 PM, Jason van Zyl wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Mit freundlichem Gruß Karl-Heinz Marbaise -- SoftwareEntwicklung Beratung SchulungTel.: +49 (0) 2405 / 415 893 Dipl.Ing.(FH) Karl-Heinz MarbaiseICQ#: 135949029 Hauptstrasse 177 USt.IdNr: DE191347579 52146 Würselen http://www.soebes.de - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
I've just realised that you said the hash is in the maven core jar. That is a binary artifact, and has no direct relationship with the source artifact on which people are supposed to be voting. I don't think it's possible to tie the SCM tag to this vote thread for the record without the hash (and git repo) being provided in this e-mail. Also, I don't think the quoted hash is correct. Are you sure that c9950d777c7368e51431500c29aecf1e11e3d2c6 is the hash for the build? On 10 September 2013 09:19, Karl Heinz Marbaise khmarba...@gmx.de wrote: +1 [non-binding] Tested with * appassembler-maven-plugin (trunk: r18705) * maven-invoker-plugin (trunk: r1521365), * iterator-maven-plugin (git: 07ddf1a6a8fe4b60dbb84ce944c3a4f7828bff3e https://github.com/khmarbaise/iterator-maven-plugin), * several of my own projects worked like a charm. On 9/8/13 3:07 PM, Jason van Zyl wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Mit freundlichem Gruß Karl-Heinz Marbaise -- SoftwareEntwicklung Beratung SchulungTel.: +49 (0) 2405 / 415 893 Dipl.Ing.(FH) Karl-Heinz MarbaiseICQ#: 135949029 Hauptstrasse 177 USt.IdNr: DE191347579 52146 Würselen http://www.soebes.de - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
+1 Den 8. sep. 2013 15:08 skrev Jason van Zyl ja...@tesla.io følgende: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team
Re: [VOTE] Release Maven 3.1.1
Sure, I can remake the email, but the binaries are fine. I made a little tool for myself and I'll just use the template from the website. The SHA1 I took was for the release which is the value that's interpolated into the build.properties. On Sep 9, 2013, at 3:56 PM, Stephen Connolly stephen.alan.conno...@gmail.com wrote: On 8 September 2013 18:51, Jason van Zyl ja...@tesla.io wrote: On Sep 8, 2013, at 1:12 PM, sebb seb...@gmail.com wrote: I thought you were going to include the SCM coordinates used to create the tarballs? Sorry, not intentional. I forgot. It's particularly important here, because AFAICT the SCM coordinates are not present in the POM. If true, then it's not possible to verify the files in the source tarballs. I hash is always in the distribution, it's how we show where it comes from when you type mvn -v. It's in the build properties in the core JAR and the hash in there is: c9950d777c7368e51431500c29aecf1e11e3d2c6 Is that the SHA1 of the src.zip and src.tar.gz or is it the SHA1 of the git commit. What we are looking for on the vote emails is the SHA1 and MD5 of the src.zip and src.tar.gz so that interested parties can verify that the vote was against the source distribution that ends up in dist and central. Since the staging repository is deleted as part of the release process, and since what the PMC is voting on is the source bundles, we need the vote email to specify the hashes of the source bundle *for the record*... Of course this is really easy to do as Maven helpfully uploads the hashes to the staging repository, but since it didn't happen if it wasn't on a mailing list (stephenc rolls his eyes) we need the release manager to ensure that the vote has this required information. Note: The commit hash is really nice to have, but is not part of the minimum set of required information, and we are trying to stick to minimum procedure. So we don't look for that *even* if other people think we should. Also, AFAIK, the PMC agreed to include hashes of the tarballs in vote e-mails? On 8 September 2013 14:07, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
On Sep 10, 2013, at 7:53 AM, sebb seb...@gmail.com wrote: I've just realised that you said the hash is in the maven core jar. That is a binary artifact, and has no direct relationship with the source artifact on which people are supposed to be voting. It is supposed to be the SHA1 of the release from which the build was made. I don't think it's possible to tie the SCM tag to this vote thread for the record without the hash (and git repo) being provided in this e-mail. Well, I'm going to leave it out for now. I'll do what's strictly in the template here: http://maven.apache.org/developers/release/maven-project-release-procedure.html#Call_the_vote Also, I don't think the quoted hash is correct. It doesn't look correct, it appears to take the parent commit. This has probably been the case for quite some time, in that the mvn -v command doesn't actually tell you what commit it came from. I don't know if it's generally wrong, but this this case c9950d777c7368e51431500c29aecf1e11e3d2c6 is the parent of 892b464683645bcdc1d28febf0bf3cc1c3181350 which is the SHA1 for the release. I assumed someone actually tested this, or maybe it's being used in the release for something it wasn't intended for. I'll take a look at the code. But for now I will make the template from: http://maven.apache.org/developers/release/maven-project-release-procedure.html#Call_the_vote Are you sure that c9950d777c7368e51431500c29aecf1e11e3d2c6 is the hash for the build? On 10 September 2013 09:19, Karl Heinz Marbaise khmarba...@gmx.de wrote: +1 [non-binding] Tested with * appassembler-maven-plugin (trunk: r18705) * maven-invoker-plugin (trunk: r1521365), * iterator-maven-plugin (git: 07ddf1a6a8fe4b60dbb84ce944c3a4f7828bff3e https://github.com/khmarbaise/iterator-maven-plugin), * several of my own projects worked like a charm. On 9/8/13 3:07 PM, Jason van Zyl wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Mit freundlichem Gruß Karl-Heinz Marbaise -- SoftwareEntwicklung Beratung SchulungTel.: +49 (0) 2405 / 415 893 Dipl.Ing.(FH) Karl-Heinz MarbaiseICQ#: 135949029 Hauptstrasse 177 USt.IdNr: DE191347579 52146 Würselen http://www.soebes.de - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
On 10 September 2013 14:23, Jason van Zyl ja...@tesla.io wrote: On Sep 10, 2013, at 7:53 AM, sebb seb...@gmail.com wrote: I've just realised that you said the hash is in the maven core jar. That is a binary artifact, and has no direct relationship with the source artifact on which people are supposed to be voting. It is supposed to be the SHA1 of the release from which the build was made. I don't think it's possible to tie the SCM tag to this vote thread for the record without the hash (and git repo) being provided in this e-mail. Well, I'm going to leave it out for now. I'll do what's strictly in the template here: http://maven.apache.org/developers/release/maven-project-release-procedure.html#Call_the_vote Which as I have argued all along is insufficient. - the vote email does not have vital information for the record - indeed in the case of this vote, neither the vote e-mail nor the source archive (on which people are supposed to be voting) has the information. I note that no-one who has voted so far has stated that the contents of the source archives are all present and correct and that no files are missing from the release and more importantly that there are no files in the source archive that should not be there. IMO this is the most important part of the release vote, along with the NL contents. Also, I don't think the quoted hash is correct. It doesn't look correct, it appears to take the parent commit. This has probably been the case for quite some time, in that the mvn -v command doesn't actually tell you what commit it came from. I don't know if it's generally wrong, but this this case c9950d777c7368e51431500c29aecf1e11e3d2c6 is the parent of Where did you get the above hash from? It does not seem to be the same as the one in the binary archive I downloaded. On the git page: https://git-wip-us.apache.org/repos/asf?p=maven.git;a=summary the c995... hash seems to be associated with [MNG-5509] org.apache.maven.repository.legacy.DefaultWa... This happens to be the line after [maven-release-plugin] prepare release maven-3.1.1 yellowmaven-3.1.1/yellow which seems to have the following hash: 892b464683645bcdc1d28febf0bf3cc1c3181350 which is the SHA1 for the release. Also the above hash is the one I just found in build.properties. And it agrees with mvn -v Apache Maven 3.1.1 (892b464683645bcdc1d28febf0bf3cc1c3181350; 2013-09-05 18:04:21+0100) So I don't think there's a problem with the build process, but there is still a major problem with the vote e-mail contents. I assumed someone actually tested this, or maybe it's being used in the release for something it wasn't intended for. I'll take a look at the code. But for now I will make the template from: http://maven.apache.org/developers/release/maven-project-release-procedure.html#Call_the_vote Are you sure that c9950d777c7368e51431500c29aecf1e11e3d2c6 is the hash for the build? On 10 September 2013 09:19, Karl Heinz Marbaise khmarba...@gmx.de wrote: +1 [non-binding] Tested with * appassembler-maven-plugin (trunk: r18705) * maven-invoker-plugin (trunk: r1521365), * iterator-maven-plugin (git: 07ddf1a6a8fe4b60dbb84ce944c3a4f7828bff3e https://github.com/khmarbaise/iterator-maven-plugin), * several of my own projects worked like a charm. On 9/8/13 3:07 PM, Jason van Zyl wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Mit freundlichem Gruß Karl-Heinz Marbaise -- SoftwareEntwicklung Beratung SchulungTel.: +49 (0) 2405 / 415 893 Dipl.Ing.(FH) Karl-Heinz MarbaiseICQ#: 135949029 Hauptstrasse 177 USt.IdNr: DE191347579 52146 Würselen http://www.soebes.de - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org -
Re: [VOTE] Release Maven 3.1.1
Let's continue with the vote, the binaries are still good. I will send another message with a new email template for posterity. On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip Source release checksum(s): apache-maven-3.1.1-bin.zip sha1: 46a49ea9baf862d1ca31a98a7d4e188c1ad1b7ac Staging site: http://people.apache.org/~jvanzyl/maven-3.1.1/ Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On Sep 10, 2013, at 9:58 AM, sebb seb...@gmail.com wrote: On 10 September 2013 14:23, Jason van Zyl ja...@tesla.io wrote: On Sep 10, 2013, at 7:53 AM, sebb seb...@gmail.com wrote: I've just realised that you said the hash is in the maven core jar. That is a binary artifact, and has no direct relationship with the source artifact on which people are supposed to be voting. It is supposed to be the SHA1 of the release from which the build was made. I don't think it's possible to tie the SCM tag to this vote thread for the record without the hash (and git repo) being provided in this e-mail. Well, I'm going to leave it out for now. I'll do what's strictly in the template here: http://maven.apache.org/developers/release/maven-project-release-procedure.html#Call_the_vote Which as I have argued all along is insufficient. - the vote email does not have vital information for the record - indeed in the case of this vote, neither the vote e-mail nor the source archive (on which people are supposed to be voting) has the information. I note that no-one who has voted so far has stated that the contents of the source archives are all present and correct and that no files are missing from the release and more importantly that there are no files in the source archive that should not be there. IMO this is the most important part of the release vote, along with the NL contents. Get the PMC to agree and put it in the template and I'll use what's in the template. Also, I don't think the quoted hash is correct. It doesn't look correct, it appears to take the parent commit. This has probably been the case for quite some time, in that the mvn -v command doesn't actually tell you what commit it came from. I don't know if it's generally wrong, but this this case c9950d777c7368e51431500c29aecf1e11e3d2c6 is the parent of Where did you get the above hash from? It does not seem to be the same as the one in the binary archive I downloaded. There's the argument for automation! I didn't open up the JAR from the checked out build. So this is probably the best way right now and you've verified the right hash is available from the build itself so that's probably what you need. On the git page: https://git-wip-us.apache.org/repos/asf?p=maven.git;a=summary the c995... hash seems to be associated with [MNG-5509] org.apache.maven.repository.legacy.DefaultWa... This happens to be the line after [maven-release-plugin] prepare release maven-3.1.1 yellowmaven-3.1.1/yellow which seems to have the following hash: 892b464683645bcdc1d28febf0bf3cc1c3181350 which is the SHA1 for the release. Also the above hash is the one I just found in build.properties. And it agrees with mvn -v Apache Maven 3.1.1 (892b464683645bcdc1d28febf0bf3cc1c3181350; 2013-09-05 18:04:21+0100) So I don't think there's a problem with the build process, but there is still a major problem with the vote e-mail contents. I assumed someone actually tested this, or maybe it's being used in the release for something it wasn't intended for. I'll take a look at the code. But for now I will make the template from: http://maven.apache.org/developers/release/maven-project-release-procedure.html#Call_the_vote Are you sure that c9950d777c7368e51431500c29aecf1e11e3d2c6 is the hash for the build? On 10 September 2013 09:19, Karl Heinz Marbaise khmarba...@gmx.de wrote: +1 [non-binding] Tested with * appassembler-maven-plugin (trunk: r18705) * maven-invoker-plugin (trunk: r1521365), * iterator-maven-plugin (git: 07ddf1a6a8fe4b60dbb84ce944c3a4f7828bff3e https://github.com/khmarbaise/iterator-maven-plugin), * several of my own projects worked like a charm. On 9/8/13 3:07 PM, Jason van Zyl wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team Mit freundlichem Gruß Karl-Heinz Marbaise -- SoftwareEntwicklung Beratung
Re: [VOTE] Release Maven 3.1.1
On 10 September 2013 15:11, Jason van Zyl ja...@tesla.io wrote: On Sep 10, 2013, at 9:58 AM, sebb seb...@gmail.com wrote: On 10 September 2013 14:23, Jason van Zyl ja...@tesla.io wrote: On Sep 10, 2013, at 7:53 AM, sebb seb...@gmail.com wrote: I've just realised that you said the hash is in the maven core jar. That is a binary artifact, and has no direct relationship with the source artifact on which people are supposed to be voting. It is supposed to be the SHA1 of the release from which the build was made. I don't think it's possible to tie the SCM tag to this vote thread for the record without the hash (and git repo) being provided in this e-mail. Well, I'm going to leave it out for now. I'll do what's strictly in the template here: http://maven.apache.org/developers/release/maven-project-release-procedure.html#Call_the_vote Which as I have argued all along is insufficient. - the vote email does not have vital information for the record - indeed in the case of this vote, neither the vote e-mail nor the source archive (on which people are supposed to be voting) has the information. I note that no-one who has voted so far has stated that the contents of the source archives are all present and correct and that no files are missing from the release and more importantly that there are no files in the source archive that should not be there. IMO this is the most important part of the release vote, along with the NL contents. Get the PMC to agree and put it in the template and I'll use what's in the template. Also, I don't think the quoted hash is correct. It doesn't look correct, it appears to take the parent commit. This has probably been the case for quite some time, in that the mvn -v command doesn't actually tell you what commit it came from. I don't know if it's generally wrong, but this this case c9950d777c7368e51431500c29aecf1e11e3d2c6 is the parent of Where did you get the above hash from? It does not seem to be the same as the one in the binary archive I downloaded. There's the argument for automation! It's actually an argument for quoting the hash in the vote e-mail and for people to actually check it. I find it strange that none of the reviewers noticed the problem. That suggests to me that none of the reviewers are actually interested in doing due diligence on the source archive contents. I didn't open up the JAR from the checked out build. So this is probably the best way right now and you've verified the right hash is available from the build itself so that's probably what you need. No, as I already wrote, that is not suitable. Voting is on source archives; it's no good having the hash buried away in an indirectly related binary archive. On the git page: https://git-wip-us.apache.org/repos/asf?p=maven.git;a=summary the c995... hash seems to be associated with [MNG-5509] org.apache.maven.repository.legacy.DefaultWa... This happens to be the line after [maven-release-plugin] prepare release maven-3.1.1 yellowmaven-3.1.1/yellow which seems to have the following hash: 892b464683645bcdc1d28febf0bf3cc1c3181350 which is the SHA1 for the release. Also the above hash is the one I just found in build.properties. And it agrees with mvn -v Apache Maven 3.1.1 (892b464683645bcdc1d28febf0bf3cc1c3181350; 2013-09-05 18:04:21+0100) So I don't think there's a problem with the build process, but there is still a major problem with the vote e-mail contents. I assumed someone actually tested this, or maybe it's being used in the release for something it wasn't intended for. I'll take a look at the code. But for now I will make the template from: http://maven.apache.org/developers/release/maven-project-release-procedure.html#Call_the_vote Are you sure that c9950d777c7368e51431500c29aecf1e11e3d2c6 is the hash for the build? On 10 September 2013 09:19, Karl Heinz Marbaise khmarba...@gmx.de wrote: +1 [non-binding] Tested with * appassembler-maven-plugin (trunk: r18705) * maven-invoker-plugin (trunk: r1521365), * iterator-maven-plugin (git: 07ddf1a6a8fe4b60dbb84ce944c3a4f7828bff3e https://github.com/khmarbaise/iterator-maven-plugin), * several of my own projects worked like a charm. On 9/8/13 3:07 PM, Jason van Zyl wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip
Re: [VOTE] Release Maven 3.1.1
On Sep 10, 2013, at 10:11 AM, Jason van Zyl ja...@tesla.io wrote: On Sep 10, 2013, at 9:58 AM, sebb seb...@gmail.com wrote: Which as I have argued all along is insufficient. - the vote email does not have vital information for the record - indeed in the case of this vote, neither the vote e-mail nor the source archive (on which people are supposed to be voting) has the information. I note that no-one who has voted so far has stated that the contents of the source archives are all present and correct and that no files are missing from the release and more importantly that there are no files in the source archive that should not be there. IMO this is the most important part of the release vote, along with the NL contents. Get the PMC to agree and put it in the template and I'll use what's in the template. Which the PMC has already discussed and decided it was not needed. Sebb's opinion on this is respected, but it's still not something we, as the PMC, feel is required. The commits list is monitored If Sebb feels that strongly about it, he can take it up with the board or something, but for the purpose of this community, it's not something that is required. -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK. There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. OK, so is it necessary to check the release against the tag? Or is that just your personal take on what a reviewer should do? If it is necessary (for at least one reviewer) to do, then the SCM coordinates need to be provided in a transparent manner so any reviewer can do it, and the coordinates need to be part of the vote e-mail for the public record. Most likely, the doap_Maven.rdf shouldn't be part of the release either. Probalby shouldn't be in the main maven git repo. Definitely not a big deal. Dan On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
-1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK. There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. Most likely, the doap_Maven.rdf shouldn't be part of the release either. Probalby shouldn't be in the main maven git repo. Definitely not a big deal. Dan On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On Sun, 8 Sep 2013 09:07:33 -0400 Jason van Zyl ja...@tesla.io wrote: +1 (none-binding) works fine for some mojo projects + nuiton.org and chorem.org projects. thanks, tony. Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Tony Chemit tél: +33 (0) 2 40 50 29 28 email: che...@codelutin.com http://www.codelutin.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On Sep 10, 2013, at 12:04 PM, Jason van Zyl ja...@tesla.io wrote: What do you think happened? Is this a change in the remote resources plugin? No…. in the old releases, they were named LICENSE.txt and NOTICE.txt (txt extension) which is not how the RR plugin would have ever generated them. This is a source archive and thus the generated LICENSE/NOTICE is likely not applicable (as that would have information about the binary jars and such that aren't included in the source archive). Dan On Sep 10, 2013, at 11:33 AM, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK. There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. Most likely, the doap_Maven.rdf shouldn't be part of the release either. Probalby shouldn't be in the main maven git repo. Definitely not a big deal. Dan On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On Sep 10, 2013, at 12:16 PM, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK. There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. OK, so is it necessary to check the release against the tag? That's one way, sure. Personally, I log the trunk/master/branch, find the appropriate commit for prepare release maven-3.1.1, check that out, then diff that with the src tar ball as well as diff that with the tag to make sure all three match up. Likely not necessary with git where the tag would apply directly to that commit, but with subversion, it is certainly possible that the three don't match and the diffs make sure to check that.If any of the three diffs find differences, it's an immediate red-flag for further review and likely require a -1 on the vote until resolved. Or is that just your personal take on what a reviewer should do? A reviewer should do whatever they feel is necessary to do a thorough review. If it is necessary (for at least one reviewer) to do, then the SCM coordinates need to be provided in a transparent manner so any reviewer can do it, and the coordinates need to be part of the vote e-mail for the public record. No, each reviewer should do what they feel is appropriate for them. If every reviewer did the exact same thing, we'd get the exact same result from each of them. Some reviewers may checkout the tag, others may troll back master, others may do something completely different. -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On 10 September 2013 17:16, sebb seb...@gmail.com wrote: On 10 September 2013 16:33, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK. There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. OK, so is it necessary to check the release against the tag? Or is that just your personal take on what a reviewer should do? If it is necessary (for at least one reviewer) to do, then the SCM coordinates need to be provided in a transparent manner so any reviewer can do it, and the coordinates need to be part of the vote e-mail for the public record. The source bundle contains the root pom which contains the SCM coordinates. The email contains the hash of the source bundle, and the source bundle is what we release. In this PMC's opinion there is no need to add more information to the email. Most likely, the doap_Maven.rdf shouldn't be part of the release either. Probalby shouldn't be in the main maven git repo. Definitely not a big deal. Dan On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
What do you think happened? Is this a change in the remote resources plugin? On Sep 10, 2013, at 11:33 AM, Daniel Kulp dk...@apache.org wrote: -1 The src.tar.gz and src.zip files have lost their top level NOTICE and LICENSE files. This is a regression from 3.1.0 (and 3.0.5). That definitely needs to be fixed. I don't have time today to look into that, but might tomorrow if someone doesn't beat me to it. Ran a couple builds with the result of building the source and things look OK. I checked the rest of the contents with the tag and everything looks OK. There are three files in the git repo that aren't part of the release (/.gitignore, /.gitattributes, and /apache-maven/src/bin/.gitattributes), but those files really are specific to our scm and thus don't need to be in the source release. Most likely, the doap_Maven.rdf shouldn't be part of the release either. Probalby shouldn't be in the main maven git repo. Definitely not a big deal. Dan On Sep 8, 2013, at 9:07 AM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
+1 (non-binding), tested with extra-enforcer-rules, testlink-junit and jenkinsci-jobConfigHistory-plugin. Regards Mirko -- http://illegalstateexception.blogspot.com/ https://github.com/mfriedenhagen/ https://bitbucket.org/mfriedenhagen/ On Sun, Sep 8, 2013 at 3:07 PM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
Awesome, thanks. On Sep 9, 2013, at 3:19 PM, Mirko Friedenhagen mfriedenha...@gmail.com wrote: +1 (non-binding), tested with extra-enforcer-rules, testlink-junit and jenkinsci-jobConfigHistory-plugin. Regards Mirko -- http://illegalstateexception.blogspot.com/ https://github.com/mfriedenhagen/ https://bitbucket.org/mfriedenhagen/ On Sun, Sep 8, 2013 at 3:07 PM, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
+1 (non-binding) - tested releases against our OSGi based setup using maven-bundle-plugin, my own coffeescript mojos and others. Nothing glaringly out of order for me. -- Mark Derricutt — twitter — podcast — blog — google+ On 9/09/2013, at 1:07 AM, Jason van Zyl ja...@tesla.io wrote: Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [VOTE] Release Maven 3.1.1
On 8 September 2013 18:51, Jason van Zyl ja...@tesla.io wrote: On Sep 8, 2013, at 1:12 PM, sebb seb...@gmail.com wrote: I thought you were going to include the SCM coordinates used to create the tarballs? Sorry, not intentional. I forgot. It's particularly important here, because AFAICT the SCM coordinates are not present in the POM. If true, then it's not possible to verify the files in the source tarballs. I hash is always in the distribution, it's how we show where it comes from when you type mvn -v. It's in the build properties in the core JAR and the hash in there is: c9950d777c7368e51431500c29aecf1e11e3d2c6 Is that the SHA1 of the src.zip and src.tar.gz or is it the SHA1 of the git commit. What we are looking for on the vote emails is the SHA1 and MD5 of the src.zip and src.tar.gz so that interested parties can verify that the vote was against the source distribution that ends up in dist and central. Since the staging repository is deleted as part of the release process, and since what the PMC is voting on is the source bundles, we need the vote email to specify the hashes of the source bundle *for the record*... Of course this is really easy to do as Maven helpfully uploads the hashes to the staging repository, but since it didn't happen if it wasn't on a mailing list (stephenc rolls his eyes) we need the release manager to ensure that the vote has this required information. Note: The commit hash is really nice to have, but is not part of the minimum set of required information, and we are trying to stick to minimum procedure. So we don't look for that *even* if other people think we should. Also, AFAIK, the PMC agreed to include hashes of the tarballs in vote e-mails? On 8 September 2013 14:07, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
On 9 September 2013 20:56, Stephen Connolly stephen.alan.conno...@gmail.com wrote: On 8 September 2013 18:51, Jason van Zyl ja...@tesla.io wrote: On Sep 8, 2013, at 1:12 PM, sebb seb...@gmail.com wrote: I thought you were going to include the SCM coordinates used to create the tarballs? Sorry, not intentional. I forgot. It's particularly important here, because AFAICT the SCM coordinates are not present in the POM. If true, then it's not possible to verify the files in the source tarballs. I hash is always in the distribution, it's how we show where it comes from when you type mvn -v. It's in the build properties in the core JAR and the hash in there is: c9950d777c7368e51431500c29aecf1e11e3d2c6 Is that the SHA1 of the src.zip and src.tar.gz or is it the SHA1 of the git commit. What we are looking for on the vote emails is the SHA1 and MD5 of the src.zip and src.tar.gz so that interested parties can verify that the vote was against the source distribution that ends up in dist and central. Since the staging repository is deleted as part of the release process, and since what the PMC is voting on is the source bundles, we need the vote email to specify the hashes of the source bundle *for the record*... +1, especially for the record Of course this is really easy to do as Maven helpfully uploads the hashes to the staging repository, but since it didn't happen if it wasn't on a mailing list (stephenc rolls his eyes) we need the release manager to ensure that the vote has this required information. +1, especially idhiiwoaml Note: The commit hash is really nice to have, but is not part of the minimum set of required information, and we are trying to stick to minimum procedure. So we don't look for that *even* if other people think we should. Part of the due diligence that should be performed by the reviewers is to check that the source archives only contain files with the appropriate licensing. By far the easiest way to do this is to compare the source archive(s) with the SCM tag, since it is assumed that due diligence has been performed on the SCM contents. This is critical information and needs to be readily available to the reviewer, and for the record needs to be in the vote e-mail. Otherwise it did not happen on the mailing list. Also, AFAIK, the PMC agreed to include hashes of the tarballs in vote e-mails? On 8 September 2013 14:07, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
I thought you were going to include the SCM coordinates used to create the tarballs? It's particularly important here, because AFAICT the SCM coordinates are not present in the POM. If true, then it's not possible to verify the files in the source tarballs. Also, AFAIK, the PMC agreed to include hashes of the tarballs in vote e-mails? On 8 September 2013 14:07, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Maven 3.1.1
On Sep 8, 2013, at 1:12 PM, sebb seb...@gmail.com wrote: I thought you were going to include the SCM coordinates used to create the tarballs? Sorry, not intentional. I forgot. It's particularly important here, because AFAICT the SCM coordinates are not present in the POM. If true, then it's not possible to verify the files in the source tarballs. I hash is always in the distribution, it's how we show where it comes from when you type mvn -v. It's in the build properties in the core JAR and the hash in there is: c9950d777c7368e51431500c29aecf1e11e3d2c6 Also, AFAIK, the PMC agreed to include hashes of the tarballs in vote e-mails? On 8 September 2013 14:07, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl -
Re: [VOTE] Release Maven 3.1.1
On 8 September 2013 18:51, Jason van Zyl ja...@tesla.io wrote: On Sep 8, 2013, at 1:12 PM, sebb seb...@gmail.com wrote: I thought you were going to include the SCM coordinates used to create the tarballs? Sorry, not intentional. I forgot. It's particularly important here, because AFAICT the SCM coordinates are not present in the POM. If true, then it's not possible to verify the files in the source tarballs. I hash is always in the distribution, it's how we show where it comes from when you type mvn -v. It's in the build properties in the core JAR and the hash in there is: c9950d777c7368e51431500c29aecf1e11e3d2c6 Not exactly easy to find! In order to actually find the sources that correspond with the hash, additional information is needed, which also needs to be in the vote e-mail. Also, AFAIK, the PMC agreed to include hashes of the tarballs in vote e-mails? According to [1], the vote email should have the following contents: Source release checksum(s): [NAME-OF]-source-release.zip sha1: [SHA1SUM] md5: [MD5SUM] [1] http://maven.apache.org/developers/release/maven-project-release-procedure.html#Call_the_vote On 8 September 2013 14:07, Jason van Zyl ja...@tesla.io wrote: Hi, Here is a link to Jira with 6 issues resolved: https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500version=18968 Staging repo: https://repository.apache.org/content/repositories/maven-016/ The distributable binaries and sources for testing can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ Specifically the zip, tarball, and source archives can be found here: https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz Vote open for 72 hours. [ ] +1 [ ] +0 [ ] -1 Thanks, The Maven Team - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Thanks, Jason -- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl - - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org