felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Pauls <karlpa...@gmail.com>
Subject Re: [VOTE] Release of the dependencymanager 2.0.0
Date Sat, 31 Jan 2009 13:13:14 GMT
On Sat, Jan 31, 2009 at 1:30 PM, Marcel Offermans
<marcel.offermans@luminis.nl> wrote:
> Hey Karl,
>
> Thanks for your help on this!
>
> On Jan 31, 2009, at 13:09 , Karl Pauls wrote:
>
>> Seriously, nobody did say its easy to do releases - I agree with
>> richard that it is more of a pain then it should be. Contributions to
>> make it easier by doing some maven magic or writing a check/built
>> script are more then welcome!
>
> I'll definitely add to the release page as I learn more.

Great!

>>> For the signing process, I also followed the procedure. Can anyone tell
>>> me
>>> what went wrong there? Karl?
>>
>> I think you already figured it out. You need to have a LICENSE and
>> NOTICE file in the root of your projects. Additionally, depending on
>> your set-up you might need an
>>
>> <Include-Resource>META-INF/LICENSE=LICENSE,META-INF/NOTICE=NOTICE</Include-Resrouce>
>> instruction in your poms to make them end-up in the jar artifacts.
>
> Ok, I seem to have to add that.
>
>> I guess the next step is to clean-up the release tags in svn and
>> downgrade your version in trunk manually. Then you can redo the
>> release. Ping me when you need more help.
>
> I'm a bit puzzled about that downgrading message. You mean I can still try
> to fix 2.0.0 and re-open the vote? I did remove the release tags for now.

Well, i don't think that there is a clear rule on this one. If you
want to follow the process as we did it most of the times then you
wouldn't need to downgrade and do a new release with a higher version
number (maybe 3.0 if you want a major release). In any case, the
release tags need to be removed.

>>>>> p.s.: Additionally, I don't think the key that was used for signing is
>>>>> in the KEYS file.
>
> Could you please explain this, as I did add my key to the KEYS file. Also,
> when I verify the signature on one of the release files it says:

How did you add it and to which file. I see a key at the end of the
file but it doesn't have a header (i.e., your name doesn't appear).
Maybe you did forget a --armor or something just went wrong? Also, it
might be just me and my set-up - could somebody else try whether the
KEYS file works and let us know for sure?

> $ gpg org.apache.felix.dependencymanager-2.0.0.jar.asc
> gpg: Signature made Wed Jan 28 22:29:37 2009 CET using DSA key ID C5E9604F
> gpg: Good signature from "Marcel Offermans (CODE SIGNING KEY)
> <marrs@apache.org>"

Yes, but that would be running against your local keyring which
contains your key already....

regards,

Karl

> Greetings, Marcel
>
>



-- 
Karl Pauls
karlpauls@gmail.com

Mime
View raw message