commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Phil Steitz" <phil.ste...@gmail.com>
Subject Re: [all] Nightlies are back...mostly
Date Fri, 07 Jul 2006 04:11:37 GMT
On 7/6/06, Brett Porter <brett@apache.org> wrote:
> On 7/07/2006 2:27 AM, Phil Steitz wrote:
> > 2) Need to decide whether we want dated snaps or just overwriting.  If
> > the latter, we would need a way to purge old stuff (like the crontab
> > that runs on Minotaur that purges out the old nightly distros).
>
> I generally prefer dated (just in case something is broken with today's,
> you can try yesterdays). However, it does give you the obligation to
> clean up afterwards (not necessarily a bad thing).
>
> Neither work in Maven 2 if you are downloading from a Maven 1 repo at
> the moment (dated because there was never any facility for that,
> SNAPSHOT because of the bug Jorg mentioned).
>
> >
> > 3) Ensure that the deploy target hosts are set correctly in all of the
> > POMs - maybe modify the script to check to avoid accidental
> > deployments to java-repository.
>
> +1, and also check that currentVersion endsWith -SNAPSHOT.
>
> >
> > 4) Someone needs to remind me (or just patch the script) of the
> > correct maven 1 target to execute. (jar:snapshot-deploy or somesuch).
>
> With the current plugins installed, jar:deploy will do a dated snapshot
> by default I think, based on the end of the version.
>
> >
> > 5) I either need to get over reservations about signing myself, or be
> > OK with no sigs.  Is it OK to deploy unsigned stuff to the snapshot
> > repo?   The same actually applies to the zips, tars being generated by
> > the script now.
>
> As Craig said, no need to sign them.
>
> It's a false sense of security when they aren't any more secure (anyone
> that can compromise the machine can compromise the key being used to
> sign them if it is automated).

 So hashing (which maven does) is as much as we can really practically
do automated.

Looks also like we have consensus on the "snapshot" semantics - i.e.,
just overwrite with a new snap each night.  If there are no objections
in the next couple of days, I will go ahead and make the change to
support this, or someone else can.

I assume the following is correct for maven 1:

maven.repo.list=apache.snapshots

# Repository to deploy snapshots
maven.repo.apache.snapshots=scp://cvs.apache.org
maven.repo.apache.snapshots.directory=/www/people.apache.org/repository

I assume I can also specify these with -D on the m1 command line?

Also, the target is "jar:deploy" right (assuming all have -SNAPSHOT in
trunk version)?

This last bit raises an issue that I had to hack around for [scxml]
and that we might want to consider standardizing - all trunk POMs have
-SNAPSHOT version names.  This means that RCs *must* be built from
branches.  Personally, I think that is a good idea.

Thanks!

Phil

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message