Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On Thu, May 10, 2018 at 3:25 PM, Roman Shaposhnik wrote: > On Thu, May 10, 2018 at 9:50 AM, Julian Hyde wrote: > > In other words, there are several ways to prove that a binary release is > WRONG but (to Greg’s point) there is no way to prove it RIGHT. > > That's actually a great way to put it.

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Hi, Looking at the release candidate just made both the license and notice for the source release and the connivance binary are going to be just about identical as there's only 2 3rd party jars included and none of the other jars contain 3rd party code (other than what is mentioned in LICENSE),

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Hi, >> As a mentor, I strongly advise against podlings making binary releases, >> especially for the first release. >> It’s difficult enough to get L&N correct for source releases, and when a >> binary release is being make >> at the same time with necessarily different L&N, the PPMC tend to get

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Hi, > There is NO WAY to verify a binary. Even compiling from source to binary on > your machine, and trying to compare against a target binary will generally > fail since timestamps are embedded. Or maybe there are different compilers > being used. As per ASF policy a connivance binary can be re

Re: [VOTE] Release Apache Daffodil (incubating) 2.1.0-rc3

Hi - +1 (binding) with a couple of areas for improvement. Source - hashes and signatures are good. I’m finally reviewing this release and in looking at the NOTICE and LICENSE there are many copyrights/required notices that are in the LICENSE instead of the NOTICE. Breaking these apart properly

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On Thu, May 10, 2018 at 9:50 AM, Julian Hyde wrote: > In other words, there are several ways to prove that a binary release is > WRONG but (to Greg’s point) there is no way to prove it RIGHT. That's actually a great way to put it. > As a mentor, I strongly advise against podlings making binary

Re: [VOTE] Apache Crail 1.0-incubating (RC2)

Ok, now I see the difference between them. Whew. The Crail PPMC is going to rename Crail's release from 1.0-rc2 to 1.0 I would assume. However, when users extract the files, even if they fix it the way you're describing you'll end up with a -rc2 in the path. John On 2018/05/10 19:56:11, Juli

Re: [VOTE] Apache Crail 1.0-incubating (RC2)

I’m talking about directories inside the .tar.gz too. Currently there is a leading directory. This is good: $ tar tvfz apache-crail-1.0-rc2-incubating-source.tar.gz |head -3 drwxr-xr-x 0 jpfjpf 0 Apr 23 04:32 incubator-crail/ drwxr-xr-x 0 jpfjpf 0 Apr 23 04:32 incubator-

Re: [VOTE] Apache Crail 1.0-incubating (RC2)

BTW, I just re-read your reply. I'm not talking about the root of the calcite dist area, it's pretty common that projects create a /dist/dev/incubator//version# folder. I'm talking about the actual inside of the tar/zip file having an extra directory. John On 2018/05/10 19:44:53, John D. Amen

Re: [VOTE] Apache Crail 1.0-incubating (RC2)

Ok, I suspect we're seeing the same issues then, just me looking at it on windows my brain can't even process it any longer :-D Calcite inherits from the ASF parent pom. This means the standard source-release distribution is applied. I'm not sure how Crail created their source release, but I

Re: [VOTE] Apache Crail 1.0-incubating (RC2)

Here’s a tar file where every file is in a sub-directory: https://dist.apache.org/repos/dist/release/calcite/apache-calcite-1.16.0/apache-calcite-1.16.0-src.tar.gz I couldn’t find any exa

Re: [VOTE] Apache Crail 1.0-incubating (RC2)

Julian, On 2018/05/10 18:40:12, Julian Hyde wrote: > I agree about the missing DISCLAIMER file and the missing disclaimer in > README.md. -1 until those are fixed. > > Regarding directories, I disagree. Common practice is to have everything > (including NOTICE, README and DISCLAIMER) in a di

Re: [VOTE] Apache Crail 1.0-incubating (RC2)

I agree about the missing DISCLAIMER file and the missing disclaimer in README.md. -1 until those are fixed. Regarding directories, I disagree. Common practice is to have everything (including NOTICE, README and DISCLAIMER) in a directory that is named after the release. If you do otherwise, yo

Re: [VOTE] Release Apache Daffodil (incubating) 2.1.0-rc3

Justin/Steve, Apologies as its very confusing looking at this email thread trying to understand what the current state of the vote is. >From what I understand: - Two files were included in the release that are Cat-X - These were supposed to be relicensed, but doesn't sound like that happened O

Apache Daffodil (incubating) in need of mentors

All, The Daffodil project has had a VOTE open for over a month [1], receiving two votes so far. We would greatly appreciate it if others could review the release so that can we get our first release out as an Apache incubator. That said, although our mentors have been incredibly helpful in gettin

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

There may be binary convenience artifacts, but let's not dignify them by the name release. They aren't, after all. On Thu, May 10, 2018 at 8:56 AM, Matt Sicker wrote: > I still minimally require proper gpg signatures on binary artifacts. The > source artifacts are what get far more scrutiny, b

Re: [VOTE] Apache Crail 1.0-incubating (RC2)

Also, it could be that I'm back to windows and no idea what I'm doing (I've grown to be a mac user), but there's a root incubator-crail folder that's in the zip. We typically expect the LICENSE/NOTICE/DISCLAIMER at the root. Speaking of, there is no DISCLAIMER file and the README.md does not in

Re: [VOTE] Apache Crail 1.0-incubating (RC2)

Hi, Where can I find the key that was used to sign these files? John On 2018/05/07 14:49:29, "Jonas Pfefferle" wrote: > Please vote to approve the source release of Apache Crail 1.0-incubating > (RC2). > > The podling dev vote thread: > https://www.mail-archive.com/dev@crail.apache.org/msg0

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

In other words, there are several ways to prove that a binary release is WRONG but (to Greg’s point) there is no way to prove it RIGHT. As a mentor, I strongly advise against podlings making binary releases, especially for the first release. It’s difficult enough to get L&N correct for source r

Re: [VOTE] Apache Crail 1.0-incubating (RC2)

IPMC members, This vote has been open 72 hours and has two votes so far (Luciano and I are mentors). I’d really appreciate it if someone else could download and vote. This is Crail’s first release in the incubator but in my opinion they’re in pretty good shape. Julian > On May 7, 2018, at

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On 10 May 2018 at 16:56, Matt Sicker wrote: > I still minimally require proper gpg signatures on binary artifacts. The > source artifacts are what get far more scrutiny, but the binaries are > released on apache.org after all. +1 It may also be possible to verify that the binary package works. T

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

I still minimally require proper gpg signatures on binary artifacts. The source artifacts are what get far more scrutiny, but the binaries are released on apache.org after all. On 10 May 2018 at 10:20, Roman Shaposhnik wrote: > On Thu, May 10, 2018 at 4:17 AM, sebb wrote: > > On 10 May 2018 at

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On Thu, May 10, 2018 at 4:17 AM, sebb wrote: > On 10 May 2018 at 11:37, Greg Stein wrote: >> On Thu, May 10, 2018 at 3:31 AM, Huxing Zhang wrote: >> >>> Hi, >>> >>> On Thu, May 10, 2018 at 3:59 PM, Willem Jiang >>> wrote: >>> > Is there any plan for going through the vote process of Binary file

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On 10 May 2018 at 11:37, Greg Stein wrote: > On Thu, May 10, 2018 at 3:31 AM, Huxing Zhang wrote: > >> Hi, >> >> On Thu, May 10, 2018 at 3:59 PM, Willem Jiang >> wrote: >> > Is there any plan for going through the vote process of Binary file? >> >> Yes, binaries will also go through the vote pro

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

On Thu, May 10, 2018 at 3:31 AM, Huxing Zhang wrote: > Hi, > > On Thu, May 10, 2018 at 3:59 PM, Willem Jiang > wrote: > > Is there any plan for going through the vote process of Binary file? > > Yes, binaries will also go through the vote process. No. It makes no sense. There is NO WAY to ver

Removing Legacy websites

All, I was reminded of an outstanding issue from the conversion from svn to git for the website where some of the old podlings are still served from an svn dir that gets loaded into the same git dir. All of the podlings at this point that this was working for are either retired, graduated or conv

Re: [VOTE] Release Apache Omid 0.9.0.0 (incubating)

Thanks Justin. Could you please review the notice file in OMID-44 before I'll cook a new release candidate? Thanks, Ohad On Thu, May 10, 2018 at 2:13 AM, Justin Mclean wrote: > Hi, > > > Has the project taken YCSB notice file into account [1] an

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Hi,, IMO it only the source release that is important and unless we find a serious issue like GPL licensed software in the binary all is good. Particularly if you call out that they may be issues with the binary license and notice files as part of the vote email. This is an incubating project and i

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Hi, Dubbo teams are making every endeavor to prepare the first formal release under the apache way, I also help teams to sweep away the binary and source liences problems :-) Best Regards, Von Gosling > 在 2018年5月10日，16:31，Huxing Zhang 写道： > > Hi, > > On Thu, May 10, 2018 at 3:59 PM, Wille

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Hi, On Thu, May 10, 2018 at 3:59 PM, Willem Jiang wrote: > Is there any plan for going through the vote process of Binary file? Yes, binaries will also go through the vote process. > Normally there are lots of work on the License files of Binary durning the > first release. > Maybe we should ne

Re: Publishing Maven artifacts under third-party coordinates (was: Set up Nexus staging profile for Dubbo ...)

Is there any plan for going through the vote process of Binary file? Normally there are lots of work on the License files of Binary durning the first release. Maybe we should need to vote the binary file as well. Willem Jiang Blog: http://willemjiang.blogspot.com (English) http://jnn.i