Return-Path: 
 <dev-return-63057-apmail-geronimo-dev-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-dev-archive@www.apache.org
Received: (qmail 83822 invoked from network); 12 May 2008 17:13:14 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 12 May 2008 17:13:14 -0000
Received: (qmail 57959 invoked by uid 500); 12 May 2008 17:13:14 -0000
Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org
Received: (qmail 57899 invoked by uid 500); 12 May 2008 17:13:14 -0000
Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:dev-help@geronimo.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@geronimo.apache.org>
List-Post: <mailto:dev@geronimo.apache.org>
Reply-To: dev@geronimo.apache.org
List-Id: <dev.geronimo.apache.org>
Delivered-To: mailing list dev@geronimo.apache.org
Received: (qmail 57888 invoked by uid 99); 12 May 2008 17:13:14 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 May 2008 10:13:14 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [98.136.44.63] (HELO smtp108.prem.mail.sp1.yahoo.com)
 (98.136.44.63)
    by apache.org (qpsmtpd/0.29) with SMTP; Mon, 12 May 2008 17:12:26 +0000
Received: (qmail 14489 invoked from network); 12 May 2008 17:12:40 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-Id:From:To:In-Reply-To:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:References:X-Mailer;
  b=I2QxSIdbbq8sS82chARHviFftUPG9zJSEgtMuFnthIumMzZMr7WJiK2Citw3YiMNiRs5usVQ7v93/QrxneclNFbsj38PXV5AyLsobkzrKTLPBNlyTYQm+aZSs4K3zQ74DJ685zUiHdjXsn0TWhCDokEJRIlf4ZQ8L89/gT0hG0s=
  ;
Received: from unknown (HELO ?10.11.55.37?) (david_jencks@63.105.20.225 with
 plain)
  by smtp108.prem.mail.sp1.yahoo.com with SMTP; 12 May 2008 17:12:39 -0000
X-YMail-OSG: 
 UZqzBTAVM1loiF4G7RKz7EdmjuGbgcGuns2f_XfgqK7deNBla17LBXYABOUVMqA154CzWK9q8NovgG7KT5F30Cvu2Nht3pnXTQIf9R59jWWikG0nD4Do6Y5Pz2Y-
X-Yahoo-Newman-Property: ymail-3
Message-Id: <4B60FC3F-1AAC-4445-895C-8D01653BF221@yahoo.com>
From: David Jencks <david_jencks@yahoo.com>
To: dev@geronimo.apache.org
In-Reply-To: <4828469D.9050905@earthlink.net>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v919.2)
Subject: Re: [DISCUSS] do additional artifacts need to be removed as part of
 the release process.
Date: Mon, 12 May 2008 10:12:37 -0700
References: <48283383.7070705@gmail.com> <4828469D.9050905@earthlink.net>
X-Mailer: Apple Mail (2.919.2)
X-Virus-Checked: Checked by ClamAV on apache.org


On May 12, 2008, at 6:31 AM, Joe Bohn wrote:

> Rick McGuire wrote:
>> This is an issue that came up with the vote on 1.0 Yoko release.   
>> The new release process detailed at
>> http://cwiki.apache.org/confluence/display/GMOxPMGT/Geronimo+release+process 
>>  generates a bunch of extra artifacts that are .md5 and sha1  
>> signatures for the .asc files. So, for every jar file, you will get  
>> a .asc file, plus additional asc.md5 and asc.sha1 files.
>> In our old release process, one of the steps was to erase all of  
>> the *.asc.* files before staging the release for a vote.  Now that  
>> this is done automatically by using the plugins, these extra  
>> artifacts get included, and even get staged to the repos.  For  
>> example, see the artifacts that got published for the last javamail  
>> release, which was the most recent release to use this process:
>> http://repo1.maven.org/maven2/org/apache/geronimo/javamail/geronimo-javamail_1.4_provider/1.4/ 
>>  Should our release process include the step to delete these  
>> additional files?  Or should this be something that should/could be  
>> fixed in the plugin so that these extraneous files don't get  
>> included accidentally?
>
>
> I had the same question when I released javamail.  After some  
> thought I decided that the extra files didn't hurt anything and  
> provide some measure of additional security in that you could (and  
> perhaps should) verify that the asc files themselves haven't been  
> corrupted.

I didn't understand why the original release instructions had the  
"delete the required signature files" step.  These files are required  
as part of an apache release and for uploading to a maven repo.  They  
should be checked as part of the release vote.  Don't remove them.

thanks
david jencks

>
>
> Joe