harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <g...@pobox.com>
Subject Re: Release Management
Date Mon, 16 Jan 2006 20:29:16 GMT

Leo Simons wrote:
> Release and build processes
> Hi gang,
> since I missed a lot of the initial talks, I'm writing this seperately. There
> are a lot of "gotchas" related to release management. The ASF has historically
> been real good at it and really lousy at creating a documented policy. Stuff
> like
> * There should be a documented and straightforward and automated way to
>   re-generate any release or relase snapshot "n" years from now. All the
>   artifacts for doing that should live in SVN. Eg we want to be able to do
>     $ svn co http://.../tags/....
>     $ cd ....
>     $ sh release.sh
>     $ wget http://www.apache.org/dist/harmony/..../.....tgz.sha1
>     $ openssl dgst -sha1 -verify .....tgz.sha1 .....
>     Verification OK
>     $
>   or get as close to something like that as possible.

So far, that's there, except for the zipping.  The binaries for the 
current snapshot are created from the ant build and zipped up.  Tim will 
add a 'dist' target when all is sorted.

> * Releases should be properly GPG-signed, with SHA1 digest provided as well,
>   etc etc.
> There is documentation on release management somewhere on
>   http://www.apache.org/dev/
> (sorry, no network as I type). There are incubation rules pertaining to 
> publishing releases and/or snapshots somewhere on
>   http://incubator.apache.org/
> I know I've previously written about this stuff to several mailing lists and
> several wiki pages, IIRC by head something like
>   http://wiki.apache.org/excalibur/ReleaseManagement
> should still exist. (I think at some point about 20% of the files on
> www.apache.org/dist/ where owned by me and I was the biggest policy-breaker
> in terms of bad symlinks, messed up file permissions, missing GPG signatures
> so I *had* to figure out some "right way" to do stuff...I still haven't fixed
> all my problems there I believe...)
> The thing I just want to stress right now...
> **Do not take this stuff lightly.** Apache is one of the most trusted names in
> the world when it comes to distributing large amounts of quality software and we
> have a responsibility to keep up the standard. All contributors and committers
> should take some time to review these links and all the technical details 
> related to building and publishing releases. It might also be a good idea to
> read eg  dev@httpd.apache.org and look at their commit logs and the like to get 
> a feeling for what a "mature" release management process looks like here at the 
> ASF. It  pays off bigtime to get a sound and solid release process in place  
> ASAP. Eg the distro script for JCHEVM in etc/ is a good start.
> Its a good idea to tackle doing a release process incrementally, so by all means
> "just get started" and publish some of those snapshots. Just make sure we're
> complying with all the relevant policies (URLs above). I wish I had
> some time to commit to help out writing down some tips 'n tricks or better yet 
> writing some scripts to help with this and getting a gump run going, but I don't 
> think I have that time at the moment :-/.

That's what has been done.  Everything has so far been marked 'snapshot' 
and they aren't signed because they aren't a release.


> Just some random rants, I'm sorry about not writing more clearly :-)
> cheers,
> Leo

View raw message