Mailing-List: contact general-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: general@incubator.apache.org
Received-SPF: pass (herse.apache.org: domain of robertburrelldonkin@gmail.com
 designates 66.249.92.172 as permitted sender)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=qirJUzNQDpweiSV8Y0JeyPINnR6t3S1nHVzS4XGW81nUzH1D3USuY7IjFTYMC04aA7PeeVYu1nEvafv4tF6QwN9i8EdEhiJJlx2ZhaBToCzYtFOz4m5cUNWOXbILeiNPeogc2eCK6fIZKVOpjureekim9q0cMDxTxCElpUVeSLs=
Message-ID: <f470f68e0612111321t3b5737adk96c4d013aaee0b19@mail.gmail.com>
Date: Mon, 11 Dec 2006 21:21:35 +0000
From: "robert burrell donkin" <robertburrelldonkin@gmail.com>
To: general@incubator.apache.org
Subject: Re: [VOTE] Apache Felix 0.8.0 Incubator Release
In-Reply-To: <457D8881.20305@ungoverned.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <487a994c0612100547p7c275f58yae40ab67495cac23@mail.gmail.com>
	 <200612100939.18775.daniel.kulp@iona.com>
	 <457D7FDE.5010100@ungoverned.org>
	 <200612111128.15918.daniel.kulp@iona.com>
	 <457D8881.20305@ungoverned.org>

On 12/11/06, Richard S. Hall <heavy@ungoverned.org> wrote:
> Daniel Kulp wrote:
> > On Monday 11 December 2006 10:57, Richard S. Hall wrote:
> >
> >> As a follow up, we resolved every issue raised by Daniel except the
> >> signing portion. A new snapshot of the release is available at:
> >>
> >>     http://people.apache.org/~rickhall/felix-0.8.0-incubator.html
> >>
> >> I was able to fix one minor bug in our maven bundle plugin that was
> >> causing LICENSE/NOTICE files to not get copied.
> >>
> >
> > Not quite there yet.   The incubator DISCLAIMER file is still missing from the
> > jars.   That would prevent them going into maven repositories.
> >
>
> Is that just a recommendation or a requirement? Our NOTICE files contain
> the incubator disclaimer text.

it's a requirement that the text is present but AIUI in the NOTICE is
ok (though perhaps a separate DISCLAIMER is clear)

please let me know whether you plan to cut another candidate or
whether i should review the one above

> > For the signing part, you really need gnupg installed.    Create a key if you
> > don't already have one. (I think it's "gpg --gen-key", but it's been a while
> > since I looked into that part)   Then you just need to run "gpg -a -s
> > filename.tar.gz" to produce the asc files.
> >
> > You would also need to do:
> > gpg --list-keys  "username" > KEYS
> > gpg -a --export "username" >> KEYS
> >
> > and get that KEYS file added into the root of your SVN repository.   Ideally,
> > you would also upload it to one of the public keyservers as well.   Longer
> > term, you should also attend an apache keysigning party or similar to get
> > your keys signed by enough "apache people" so that apache people can trust
> > that those keys really are yours.
> >
>
> Thanks for this info. We will work on it.

see http://www.apache.org/dev/release-signing.html

signing the releases is a requirement. having a well connected code
signing key is definitely good but not mandatory

- robert

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org