axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Veithen <andreas.veit...@gmail.com>
Subject Re: [VOTE] Apache Rampart 1.5.1 release
Date Fri, 24 Dec 2010 08:34:45 GMT
On Fri, Dec 24, 2010 at 07:33, Senaka Fernando <senaka@apache.org> wrote:
> Hi Andreas,
>
> Many thanks for reminding.
>
> On Fri, Dec 24, 2010 at 4:54 AM, Andreas Veithen <andreas.veithen@gmail.com>
> wrote:
>>
>> Unfortunately, the release candidate doesn't yet meet the (new) ASF
>> requirements for a valid release :-(. See [1]:
>>
>> "Every artifact distributed by the Apache Software Foundation should
>> and every new one must be accompanied by one file containing an
>> OpenPGP compatible ASCII armored detached signature and another file
>> containing an MD5 checksum."
>>
>> Although the document doesn't mention Maven artifacts explicitly, the
>> common interpretation [2] of this requirement is that every individual
>> Maven artifact must be signed.
>
> I will get this clarified, to how this should be done. Signing Maven
> artifacts should not be done manually, it should be done automatically
> through Maven itself. And, I don't see many apache projects doing the same
> as of now.
>>
>> Also, I think that the key used to sign the distributions doesn't meet
>> the new requirements in terms of key type and length.
>
> Yes, that's a concern, the required key-lengths were revised, and mentioned
> at the very top of [1]. There were some instructions to how you could
> upgrade, if you already have a weak key.
>>
>> These requirements are part of the reasons why I migrated Axiom, Axis2
>> and Sandesha2 to the (new) standard ASF release process based on
>> maven-release-plugin and Nexus. It automates most of the stuff and
>> Nexus does some validation of the artifacts already when staging them.
>> I think we should migrate Rampart as well, at least for the next
>> release.
>
> So, have you got the Maven Release plugin to sign artifacts as mentioned,
> plus upload them to ASF's Maven repositories in a single go?

Yes. Here are the documents that explain how this is executed for
Axiom and Axis2:

http://ws.apache.org/axiom/devguide/ch02.html#d0e326
http://axis.apache.org/axis2/java/core/release-process.html

Sandesha2 pretty much sticks to the standard procedure:

http://www.apache.org/dev/publishing-maven-artifacts.html

As mentioned earlier, before this could be applied to Rampart, you
would have to request inclusion of org.apache.rampart in the staging
profile for Axis2.

> [1] http://www.apache.org/dev/release-signing.html
>
> Thanks,
> Senaka.
>>
>> Andreas
>>
>> [1] http://www.apache.org/dev/release-signing.html
>> [2] http://people.apache.org/~henkp/repo/faq.html
>>
>> On Thu, Dec 23, 2010 at 05:37, Selvaratnam Uthaiyashankar
>> <uthaiyashankar@gmail.com> wrote:
>> > Devs,
>> >
>> > This is the vote for Apache Rampart 1.5.1 release.
>> >
>> > Please review the signed artifacts:
>> >
>> > http://people.apache.org/~shankar/rampart/1.5.1/dist/
>> >
>> > The m2 repository is available at:
>> > http://people.apache.org/~shankar/rampart/1.5.1/m2_repo/
>> >
>> > The site is temporarily hosted at:
>> > http://people.apache.org/~shankar/rampart/1.5.1/site/
>> >
>> > SVN Info:
>> > https://svn.apache.org/repos/asf/axis/axis2/java/rampart/tags/v1.5.1
>> >
>> > It was tested against Axis2 release candidates hosted in:
>> > http://people.apache.org/~veithen/1.5.4/
>> >
>> > Here's my +1 (binding) to declare the above dist as Apache Rampart 1.5.1
>> >
>> > thanks,
>> > Shankar
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
>> > For additional commands, e-mail: java-dev-help@axis.apache.org
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
>> For additional commands, e-mail: java-dev-help@axis.apache.org
>>
>
>
>
> --
> Senaka Fernando
> Member; Apache Software Foundation; http://apache.org
>
> Associate Technical Lead & Product Manager - WSO2 G-Reg;
> WSO2, Inc.; http://wso2.com
>
> E-mail: senaka AT apache.org
> P: +94 11 223 2481; M: +94 77 322 1818
> Linked-In: http://www.linkedin.com/in/senakafernando
> Blog: http://senakafdo.blogspot.com
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message