geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: [DISCUSS] do additional artifacts need to be removed as part of the release process.
Date Mon, 12 May 2008 17:12:37 GMT

On May 12, 2008, at 6:31 AM, Joe Bohn wrote:

> Rick McGuire wrote:
>> This is an issue that came up with the vote on 1.0 Yoko release.   
>> The new release process detailed at
>>  generates a bunch of extra artifacts that are .md5 and sha1  
>> signatures for the .asc files. So, for every jar file, you will get  
>> a .asc file, plus additional asc.md5 and asc.sha1 files.
>> In our old release process, one of the steps was to erase all of  
>> the *.asc.* files before staging the release for a vote.  Now that  
>> this is done automatically by using the plugins, these extra  
>> artifacts get included, and even get staged to the repos.  For  
>> example, see the artifacts that got published for the last javamail  
>> release, which was the most recent release to use this process:

>>  Should our release process include the step to delete these  
>> additional files?  Or should this be something that should/could be  
>> fixed in the plugin so that these extraneous files don't get  
>> included accidentally?
> I had the same question when I released javamail.  After some  
> thought I decided that the extra files didn't hurt anything and  
> provide some measure of additional security in that you could (and  
> perhaps should) verify that the asc files themselves haven't been  
> corrupted.

I didn't understand why the original release instructions had the  
"delete the required signature files" step.  These files are required  
as part of an apache release and for uploading to a maven repo.  They  
should be checked as part of the release vote.  Don't remove them.

david jencks

> Joe

View raw message