axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Senaka Fernando <sen...@apache.org>
Subject Re: [VOTE] Apache Rampart 1.5.1 release
Date Sat, 25 Dec 2010 13:13:11 GMT
On Sat, Dec 25, 2010 at 3:08 PM, Selvaratnam Uthaiyashankar <
uthaiyashankar@gmail.com> wrote:

> On Sat, Dec 25, 2010 at 2:56 PM, Senaka Fernando <senaka@apache.org>
> wrote:
> > Hi again,
> >
> > So, let's work on these changes and get the release out soon, so that
> other
> > downstream releases (Synapse etc), can get going.
>
> +1. I'll update the pom.xml and host the maven repo again.
>

+1. FYI, I got these two links from legal@, which were two articles done by
Donald Woods, for Apache BVAL. These extend the write-up by Henk.

[1] http://incubator.apache.org/bval/cwiki/release-setup.html
[2] http://incubator.apache.org/bval/cwiki/release-process.html

Thanks,
Senaka.

>
> Regards,
> Shankar
>
>
> >
> > Wish you all a Merry Christmas!
> >
> > Thanks,
> > Senaka.
> >
> > On Sat, Dec 25, 2010 at 2:48 PM, Senaka Fernando <senaka@apache.org>
> wrote:
> >>
> >> Hi all,
> >>
> >> Andreas is correct. I discussed the issue on legal@, and the
> conclusions
> >> were to stage a Maven Repository. Also, we might need to work with
> infra@ to
> >> get the permissions etc sorted out, and we will have to use the Maven
> >> release plugin to sign the Maven artifacts.
> >>
> >> Now, Rampart and Sandesha2, should be having a nearly similar structure,
> >> and we should be able to follow the same approach here.
> >>
> >> Thanks,
> >> Senaka.
> >>
> >> On Sat, Dec 25, 2010 at 2:14 AM, Andreas Veithen
> >> <andreas.veithen@gmail.com> wrote:
> >>>
> >>> On Fri, Dec 24, 2010 at 16:07, Senaka Fernando <senaka@apache.org>
> wrote:
> >>> > Hi Andreas,
> >>> >
> >>> > On Fri, Dec 24, 2010 at 2:04 PM, Andreas Veithen
> >>> > <andreas.veithen@gmail.com>
> >>> > wrote:
> >>> >>
> >>> >> On Fri, Dec 24, 2010 at 07:33, Senaka Fernando <senaka@apache.org>
> >>> >> wrote:
> >>> >> > Hi Andreas,
> >>> >> >
> >>> >> > Many thanks for reminding.
> >>> >> >
> >>> >> > On Fri, Dec 24, 2010 at 4:54 AM, Andreas Veithen
> >>> >> > <andreas.veithen@gmail.com>
> >>> >> > wrote:
> >>> >> >>
> >>> >> >> Unfortunately, the release candidate doesn't yet meet
the (new)
> ASF
> >>> >> >> requirements for a valid release :-(. See [1]:
> >>> >> >>
> >>> >> >> "Every artifact distributed by the Apache Software Foundation
> >>> >> >> should
> >>> >> >> and every new one must be accompanied by one file containing
an
> >>> >> >> OpenPGP compatible ASCII armored detached signature and
another
> >>> >> >> file
> >>> >> >> containing an MD5 checksum."
> >>> >> >>
> >>> >> >> Although the document doesn't mention Maven artifacts
explicitly,
> >>> >> >> the
> >>> >> >> common interpretation [2] of this requirement is that
every
> >>> >> >> individual
> >>> >> >> Maven artifact must be signed.
> >>> >> >
> >>> >> > I will get this clarified, to how this should be done. Signing
> Maven
> >>> >> > artifacts should not be done manually, it should be done
> >>> >> > automatically
> >>> >> > through Maven itself. And, I don't see many apache projects
doing
> >>> >> > the
> >>> >> > same
> >>> >> > as of now.
> >>> >> >>
> >>> >> >> Also, I think that the key used to sign the distributions
doesn't
> >>> >> >> meet
> >>> >> >> the new requirements in terms of key type and length.
> >>> >> >
> >>> >> > Yes, that's a concern, the required key-lengths were revised,
and
> >>> >> > mentioned
> >>> >> > at the very top of [1]. There were some instructions to how
you
> >>> >> > could
> >>> >> > upgrade, if you already have a weak key.
> >>> >> >>
> >>> >> >> These requirements are part of the reasons why I migrated
Axiom,
> >>> >> >> Axis2
> >>> >> >> and Sandesha2 to the (new) standard ASF release process
based on
> >>> >> >> maven-release-plugin and Nexus. It automates most of the
stuff
> and
> >>> >> >> Nexus does some validation of the artifacts already when
staging
> >>> >> >> them.
> >>> >> >> I think we should migrate Rampart as well, at least for
the next
> >>> >> >> release.
> >>> >> >
> >>> >> > So, have you got the Maven Release plugin to sign artifacts
as
> >>> >> > mentioned,
> >>> >> > plus upload them to ASF's Maven repositories in a single go?
> >>> >>
> >>> >> Yes. Here are the documents that explain how this is executed for
> >>> >> Axiom and Axis2:
> >>> >>
> >>> >> http://ws.apache.org/axiom/devguide/ch02.html#d0e326
> >>> >> http://axis.apache.org/axis2/java/core/release-process.html
> >>> >>
> >>> >> Sandesha2 pretty much sticks to the standard procedure:
> >>> >>
> >>> >> http://www.apache.org/dev/publishing-maven-artifacts.html
> >>> >>
> >>> >> As mentioned earlier, before this could be applied to Rampart,
you
> >>> >> would have to request inclusion of org.apache.rampart in the staging
> >>> >> profile for Axis2.
> >>> >
> >>> > Thanks for the information. For the benefit of someone who's reading
> >>> > this
> >>> > mail thread, the documents that Andreas linked also explains how you
> >>> > could
> >>> > publish the artifacts on the staging repo etc.
> >>> >
> >>> > Having said that, I am yet to figure out the legitimacy (hard to find
> >>> > the
> >>> > people during the holiday season, :-).. ) of a release without having
> >>> > the
> >>> > Maven artifacts signed, for projects that are not under the Maven PMC
> >>> > (I
> >>> > found out that they do need something as such).
> >>> >
> >>> > But, as you have mentioned in your first reply to this thread, I'm
+1
> >>> > for
> >>> > introducing the same concepts for Rampart. My concern is that, if
> these
> >>> > requirements are not mandatory, we could go ahead with this release,
> >>> > instead
> >>> > of delaying it (some other releases, Synapse is also waiting for this
> >>> > AFAIK), and fix these inconsistencies for the next release.
> >>>
> >>> I think these requirements are mandatory for all projects. What is
> >>> sure is that if the Maven artifacts are not signed, you will get a
> >>> friendly reminder about that:
> >>>
> >>> http://markmail.org/search/?q=%22your+MAVEN+repo+artifacts%22
> >>>
> >>> We can't simply ignore this.
> >>>
> >>> > However, in general, everything under [1] are mandatory, and enforced
> >>> > by the
> >>> > ASF.
> >>> >
> >>> > [1] http://www.apache.org/dev/release-signing.html
> >>> >
> >>> > Thanks,
> >>> > Senaka.
> >>> >>
> >>> >> > [1] http://www.apache.org/dev/release-signing.html
> >>> >> >
> >>> >> > Thanks,
> >>> >> > Senaka.
> >>> >> >>
> >>> >> >> Andreas
> >>> >> >>
> >>> >> >> [1] http://www.apache.org/dev/release-signing.html
> >>> >> >> [2] http://people.apache.org/~henkp/repo/faq.html<http://people.apache.org/%7Ehenkp/repo/faq.html>
> >>> >> >>
> >>> >> >> On Thu, Dec 23, 2010 at 05:37, Selvaratnam Uthaiyashankar
> >>> >> >> <uthaiyashankar@gmail.com> wrote:
> >>> >> >> > Devs,
> >>> >> >> >
> >>> >> >> > This is the vote for Apache Rampart 1.5.1 release.
> >>> >> >> >
> >>> >> >> > Please review the signed artifacts:
> >>> >> >> >
> >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/dist/<http://people.apache.org/%7Eshankar/rampart/1.5.1/dist/>
> >>> >> >> >
> >>> >> >> > The m2 repository is available at:
> >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/m2_repo/<http://people.apache.org/%7Eshankar/rampart/1.5.1/m2_repo/>
> >>> >> >> >
> >>> >> >> > The site is temporarily hosted at:
> >>> >> >> > http://people.apache.org/~shankar/rampart/1.5.1/site/<http://people.apache.org/%7Eshankar/rampart/1.5.1/site/>
> >>> >> >> >
> >>> >> >> > SVN Info:
> >>> >> >> >
> >>> >> >> >
> https://svn.apache.org/repos/asf/axis/axis2/java/rampart/tags/v1.5.1
> >>> >> >> >
> >>> >> >> > It was tested against Axis2 release candidates hosted
in:
> >>> >> >> > http://people.apache.org/~veithen/1.5.4/<http://people.apache.org/%7Eveithen/1.5.4/>
> >>> >> >> >
> >>> >> >> > Here's my +1 (binding) to declare the above dist
as Apache
> >>> >> >> > Rampart
> >>> >> >> > 1.5.1
> >>> >> >> >
> >>> >> >> > thanks,
> >>> >> >> > Shankar
> >>> >> >> >
> >>> >> >> >
> >>> >> >> >
> ---------------------------------------------------------------------
> >>> >> >> > To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> >>> >> >> > For additional commands, e-mail: java-dev-help@axis.apache.org
> >>> >> >> >
> >>> >> >> >
> >>> >> >>
> >>> >> >>
> >>> >> >>
> ---------------------------------------------------------------------
> >>> >> >> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> >>> >> >> For additional commands, e-mail: java-dev-help@axis.apache.org
> >>> >> >>
> >>> >> >
> >>> >> >
> >>> >> >
> >>> >> > --
> >>> >> > Senaka Fernando
> >>> >> > Member; Apache Software Foundation; http://apache.org
> >>> >> >
> >>> >> > Associate Technical Lead & Product Manager - WSO2 G-Reg;
> >>> >> > WSO2, Inc.; http://wso2.com
> >>> >> >
> >>> >> > E-mail: senaka AT apache.org
> >>> >> > P: +94 11 223 2481; M: +94 77 322 1818
> >>> >> > Linked-In: http://www.linkedin.com/in/senakafernando
> >>> >> > Blog: http://senakafdo.blogspot.com
> >>> >> >
> >>> >> >
> >>> >>
> >>> >>
> ---------------------------------------------------------------------
> >>> >> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> >>> >> For additional commands, e-mail: java-dev-help@axis.apache.org
> >>> >>
> >>> >> --
> >>> >> Senaka Fernando
> >>> >> Member; Apache Software Foundation; http://apache.org
> >>> >>
> >>> >> Associate Technical Lead & Product Manager - WSO2 G-Reg;
> >>> >> WSO2, Inc.; http://wso2.com
> >>> >>
> >>> >> E-mail: senaka AT apache.org
> >>> >> P: +94 11 223 2481; M: +94 77 322 1818
> >>> >> Linked-In: http://www.linkedin.com/in/senakafernando
> >>> >> Blog: http://senakafdo.blogspot.com
> >>> >>
> >>> >>
> >>> >>
> >>> >
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> >>> For additional commands, e-mail: java-dev-help@axis.apache.org
> >>>
> >>
> >>
> >>
> >> --
> >> Senaka Fernando
> >> Member; Apache Software Foundation; http://apache.org
> >>
> >> Associate Technical Lead & Product Manager - WSO2 G-Reg;
> >> WSO2, Inc.; http://wso2.com
> >>
> >> E-mail: senaka AT apache.org
> >> P: +94 11 223 2481;
> >> M: +94 77 322 1818
> >> Linked-In: http://www.linkedin.com/in/senakafernando
> >> Blog:
> >> http://senakafdo.blogspot.com
> >>
> >> --
> >> Senaka Fernando
> >> Member; Apache Software Foundation;
> >> http://apache.org
> >>
> >> Associate Technical Lead & Product Manager - WSO2 G-Reg;
> >> WSO2, Inc.; http://wso2.com
> >>
> >> E-mail: senaka AT apache.org
> >> P: +94 11 223 2481; M: +94 77 322 1818
> >> Linked-In: http://www.linkedin.com/in/senakafernando
> >> Blog: http://senakafdo.blogspot.com
> >>
> >>
> >>
> >
>
>
>
> --
> S.Uthaiyashankar
> Senior Architect & Senior Manager
> WSO2 Inc.
> http://wso2.com/ - "lean . enterprise . middleware"
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-dev-help@axis.apache.org
>
>


-- 
*Senaka Fernando*
Member; Apache Software Foundation; http://apache.org
*
Associate Technical Lead & Product Manager - WSO2 G-Reg;
WSO2, Inc.; http://wso2.com** <http://apache.org/>

E-mail: senaka AT apache.org
**P: +94 11 223 2481*; *M: +94 77 322 1818
Linked-In: http://www.linkedin.com/in/senakafernando
Blog: http://senakafdo.blogspot.com
*

Mime
View raw message