edgent-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christofer Dutz <christofer.d...@c-ware.de>
Subject Re: [DISCUSS] validating Apache Edgent (Incubating) 1.2.0 RC1
Date Thu, 07 Dec 2017 09:00:33 GMT
Hi Dale,

I added the zip and then noticed that the tag.gz did have some “next” and “current”
pom copies inside. So, I had a look at my original and they didn’t have them, so I updated
the tar.gz and its hashes.

Also, I did rename the sha512 back to sha as SHA is the algorithm … you usually encounter
SHA, SHA1 or SHA2, but never SHA512 in the wild. 

Regarding the hashes in Nexus: We shouldn’t change this, as these are the hashes Maven works
with. If we change this, it could be that the artifacts are no longer accessible. The build
isn’t generating them anyway but Nexus generates them automatically. So I guess even if
we wanted to change things, we couldn’t.


Am 06.12.17, 23:55 schrieb "Dale LaBossiere" <dml.apache@gmail.com>:

    Agreed on all points regarding the zip.  
    Since you offered, I updated the scripts to require it and the sha512 noted below :-)
    The verification includes verifying the tar.gz and zip contents are the same.
    On another topic, [1] says the suffix MUST be sha512 for a SHA 512 sum (which in fact
is what the file contains)
    So that needs be changed in the staging area in addition to staging the zip and its sums/sig.
    — Dale
    [1] http://www.apache.org/dev/release-distribution#sigs-and-sums
    > On Dec 6, 2017, at 2:35 PM, Christofer Dutz <christofer.dutz@c-ware.de> wrote:
    > ...
    > I just had a look at what the script was looking for. If releasing tar and zip i
think we would have to do the checking for both types. I can add the other zip easily. But
in that Case i would suggest adding that to the script and add one check to make sure the
content is identical. Would be good If we could be sure we need to detail-check only one.
    > ...
    > From: Dale LaBossiere <dml.apache@gmail.com>
    > ...
    > -Papache-release also generates a zip.  I had expected we’d be releasing that too
but it isn’t staged.
    > At this time I’m fine if we just continue 1.2.0 with only the tar.gz but if you
also want to stage the zip that's fine too.
    > I just need to know which way we’re going because I need to adjust the “downloads”
website page accordingly.

View raw message