incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "robert burrell donkin" <robertburrelldon...@gmail.com>
Subject Re: [VOTE] Apache Felix 0.8.0 Incubator Release
Date Mon, 11 Dec 2006 21:21:35 GMT
On 12/11/06, Richard S. Hall <heavy@ungoverned.org> wrote:
> Daniel Kulp wrote:
> > On Monday 11 December 2006 10:57, Richard S. Hall wrote:
> >
> >> As a follow up, we resolved every issue raised by Daniel except the
> >> signing portion. A new snapshot of the release is available at:
> >>
> >>     http://people.apache.org/~rickhall/felix-0.8.0-incubator.html
> >>
> >> I was able to fix one minor bug in our maven bundle plugin that was
> >> causing LICENSE/NOTICE files to not get copied.
> >>
> >
> > Not quite there yet.   The incubator DISCLAIMER file is still missing from the
> > jars.   That would prevent them going into maven repositories.
> >
>
> Is that just a recommendation or a requirement? Our NOTICE files contain
> the incubator disclaimer text.

it's a requirement that the text is present but AIUI in the NOTICE is
ok (though perhaps a separate DISCLAIMER is clear)

please let me know whether you plan to cut another candidate or
whether i should review the one above

> > For the signing part, you really need gnupg installed.    Create a key if you
> > don't already have one. (I think it's "gpg --gen-key", but it's been a while
> > since I looked into that part)   Then you just need to run "gpg -a -s
> > filename.tar.gz" to produce the asc files.
> >
> > You would also need to do:
> > gpg --list-keys  "username" > KEYS
> > gpg -a --export "username" >> KEYS
> >
> > and get that KEYS file added into the root of your SVN repository.   Ideally,
> > you would also upload it to one of the public keyservers as well.   Longer
> > term, you should also attend an apache keysigning party or similar to get
> > your keys signed by enough "apache people" so that apache people can trust
> > that those keys really are yours.
> >
>
> Thanks for this info. We will work on it.

see http://www.apache.org/dev/release-signing.html

signing the releases is a requirement. having a well connected code
signing key is definitely good but not mandatory

- robert

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message