commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dennis Lundberg <>
Subject Re: [all] maven group ids
Date Wed, 16 Aug 2006 20:14:04 GMT
Rahul Akolkar wrote:
> On 8/15/06, Dennis Lundberg <> wrote:
>> Rahul Akolkar wrote:
> <snip/>
>> >
>> > Do we want to do this? Shouldn't we transition all of Commons together
>> > (as Tomasz implies in previous post, and just like we did with the
>> > JIRA transition). Suboptimal if folks have to look up which components
>> > have migrated yet, there are different groupIds for Commons components
>> > in the same POM etc.
>> We should do all of commons, I agree, but I think it would be wise to
>> start with one component and see that everything works as expected. Then
>> we do the rest all in one big transition.
> <snap/>
> OK, I know there was a talk about a "test" repo, has that come about?
> We could also deploy the previous release (old groupId) and current RC
> (new groupId) to such a test repo as a dry run, if one is available.

I don't think so. I'm subscribed to repository@a.o and monitor that list.

>> > Now, the relocation guide below (thanks for that!) talks about
>> > resigning POMs etc., which basically means we need everyone who has
>> > signed a Commons release (POM) to participate here?
>> While writing the guide I talked to Carlos about re-signing poms, and he
>> had never done that. So I don't think that it is necessary for us
>> either. What we do is add a relocation section to the pom, nothing else
>> is touched. Do we sign commons poms that goes to the Maven repo? I had a
>> look in the repo before and got mixed results.
> <snip/>
> AFAIK, nothing should go into any of the Apache Maven repos unless its
> summed and signed. Commons has no particular privilege here, in fact,
> we should ensure that all artifacts are accompanied by appropriate
> metadata (I don't mean metadata.xml in the m2 sense). There are
> existing sums and sigs on some POMs atleast. It appears that even if
> its just a relocation section, it needs a resum and resign. If the
> consensus is that this adds an overhead for too many people, and is
> hence optional, thats another thing.

Checksums (md5 and/or sha1) yes, definitely. Signing, hmm well I'm not 
sure. I haven't cut a release yet, so other will need to fill me in on 
the current policy for signing or not signing poms. If this is 
documented somewhere at Apache, please let me know, so that I can add a 
link in the relocation guide.

> -Rahul
>> -- 
>> Dennis Lundberg
>> >
>> > -Rahul
>> >
>> >
>> >> I will do the necessary work to relocate this and previous releases of
>> >> configuration, once the release has been made, so that the 
>> transition is
>> >> as transparent as possible to downstream users. More info on what 
>> steps
>> >> need to be taken can be found here:
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> Dennis Lundberg
>> >>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Dennis Lundberg

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message