I'll remove the snapshot jars published yesterday.
I'm not sure the maven jar:deploy-snapshot code could have updated
those other jars, but I'll look into the commands it runs under SSH.
On Thu, 02 Sep 2004 20:17:53 -0400, Mark R. Diggory
[EMAIL PROTECTED] wrote:
I'm forwarding this onto the Repository email list.
Dion, the reason I was suggesting it was your action is because files
also owned by yourself were added to the commons-jelly/jars directory. I
assume it was your upload of those files which altered them so that the
md5's no longer matched.
-rw-rw-r-- 1 dion apcvs 12377 Sep 2 00:39
commons-jelly-tags-validate-20040902.073836.jar
-rw-rw-r-- 1 dion apcvs 32 Sep 2 00:39
commons-jelly-tags-validate-20040902.073836.jar.md5
...
-rw-rw-r-- 1 dion apcvs 10343 Sep 2 00:39
commons-jelly-tags-velocity-20040902.073917.jar
-rw-rw-r-- 1 dion apcvs 32 Sep 2 00:39
commons-jelly-tags-velocity-20040902.073917.jar.md5
...
-rw-rw-r-- 1 dion apcvs 161479 Sep 2 00:08
commons-jelly-20040902.070806.jar
-rw-rw-r-- 1 dion apcvs 32 Sep 2 00:09
commons-jelly-20040902.070806.jar.md5
...
-rw-rw-r-- 1 dion apcvs 35076 Sep 2 00:21
commons-jelly-tags-xml-20040902.072037.jar
-rw-rw-r-- 1 dion apcvs 32 Sep 2 00:21
commons-jelly-tags-xml-20040902.072037.jar.md5
...
-rw-rw-r-- 1 mdiggory apcvs 11489 Sep 2 00:28
commons-jelly-tags-xmlunit-20030211.144251.jar
-rw-rw-r-- 1 mdiggory apcvs 33 Jan 19 2004
commons-jelly-tags-xmlunit-20030211.144251.jar.md5
So I was suspecting it was Dion because the published jars under his
name like those represented above got transferred last night to ibiblio:
http://www.ibiblio.org/maven/reports/apache/2004/09/02/apache-20040902-050103.txt
All I know is that there was a process running around midnight which
walked through this directory and updated jar files within it, breaking
some of the md5 signatures on files which were owned by me.
Henk P. Penning wrote:
On Fri, 3 Sep 2004, Dion Gillard wrote:
Date: Fri, 3 Sep 2004 09:11:25 +1000
From: Dion Gillard [EMAIL PROTECTED]
To: Henk P. Penning [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: md5 errors in java-repository
Sorry guys, I haven't updated those files?
.. then some of the 909 other members of group apcvs did it.
true, true. We need to get the permissions locked down.
IMHO, these files shouldn't be group writable ;
only the directories should be; now file ownership
means nothing.
Well, I'm unsure how different individuals are publishing, I assume most
are using maven, which will set files permission according to how it
coded in the Maven client. If the Maven client were configurable, then
maybe this could be managed.
I'm still very curious how java-repository is maintained
-- what stuff is added, and how
Really, its only supposed to be getting full releases published within it.
-- what stuff is deleted and when
Currently, release which are removed from the public should be removed.
Whouldn't it be easier if there was a config like
this-jar FROM that-dist-tgz GOES there
so that
-- 'this-jar' can be removed if 'that-dist-tgz' is gone
That would be managed by the project owners, like it is now.
-- installation in java-repository can be automated
Again, Maven, as a client is used to publish a release jar into the
repository based on the project that is being worked with on the client
side, the structure is fairly strict.
HPP
_
Henk P. Penning, Computer Systems Group R Uithof CGN-A232 _/ \_
Dept of Computer Science, Utrecht University T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/
http://www.cs.uu.nl/staff/henkp.html M [EMAIL PROTECTED] \_/
--
Mark Diggory
Software Developer
Harvard MIT Data Center
http://www.hmdc.harvard.edu
--
http://www.multitask.com.au/people/dion/