activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robbie Gemmell <robbie.gemm...@gmail.com>
Subject [DISCUSS] release process improvements
Date Tue, 12 Sep 2017 13:49:18 GMT
Hi folks,

I mentioned on the recent Artemis 2.3.0 vote that I had some suggested
changes for the release process improvements, not just for Artemis but
for other components too, and would send a mail later.

The short version is there are three main things I'd like to suggest
as improvements, both for folks testing+voting, and end users
downloading the release later:
- Using the dist dev repo for publishing bits for folks to test and vote on.
- Providing checksum files in the dist repo which verify more easily
with the related tools.
- Use SHA512 rather than SHA1 for checksums in the dist repo.

# Dist dev repo for votes

Currently the ActiveMQ votes for the Java components tend to link to
the artifacts in the nexus staging repo. I think using the dist dev
repo (https://dist.apache.org/repos/dist/dev/activemq/) to publish the
bits under vote would be an improvement. Its easy for folks to grab
all the files at once, helps ensure that what people test is actually
what will end up in the dist release repo later, and it simplifies the
eventual release step to a single svn remote copy command.

# Provide more easily verifiable checksum files in dist release repo

Currently, the checksum files provides in the dist release repo are
just the ones from nexus. These lack filename information and so you
cant verify them as easily with tools. Files which contain the
filename detail can be verified quickly and even grouped in a single
shot with the checksum tools, e.g "md5sum -c *.md5". For the MD5 and
SHA1 cases they could be prepared either by manipulating the existing
files taken from nexus to add the names, or simply generating the
checksums again with the tools and manually verifying them the same
way everyone currently needs to.

# Provide SHA512 checksum files in the dist repo

The release distribution policy has suggested using SHA512 for some
time now, I think it would be good to make the switch for the files
provided in the dist repo.
http://www.apache.org/dev/release-distribution.html#sigs-and-sums

Robbie

Mime
View raw message