Return-Path: 
 <general-return-17213-apmail-incubator-general-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-general-archive@www.apache.org
Received: (qmail 10384 invoked from network); 1 Feb 2008 13:15:04 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 1 Feb 2008 13:15:04 -0000
Received: (qmail 25217 invoked by uid 500); 1 Feb 2008 13:14:54 -0000
Delivered-To: apmail-incubator-general-archive@incubator.apache.org
Received: (qmail 25145 invoked by uid 500); 1 Feb 2008 13:14:53 -0000
Mailing-List: contact general-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:general-help@incubator.apache.org>
List-Unsubscribe: <mailto:general-unsubscribe@incubator.apache.org>
List-Post: <mailto:general@incubator.apache.org>
List-Id: <general.incubator.apache.org>
Reply-To: general@incubator.apache.org
Delivered-To: mailing list general@incubator.apache.org
Received: (qmail 25134 invoked by uid 99); 1 Feb 2008 13:14:53 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Feb 2008 05:14:53 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of robertburrelldonkin@gmail.com
 designates 209.85.146.183 as permitted sender)
Received: from [209.85.146.183] (HELO wa-out-1112.google.com) (209.85.146.183)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Feb 2008 13:14:26 +0000
Received: by wa-out-1112.google.com with SMTP id n4so1738395wag.6
        for <general@incubator.apache.org>;
 Fri, 01 Feb 2008 05:14:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        bh=udwZNQuQbaVp8rYpsC+XWlzwXebSwSxocC7ejQs2v00=;
        b=kb3/7STCGEmvhIw6zghNZU6cOKZqddVP5j5AdCCyAGV1XmEKHWaQsSnFRWcnLK0X8aWT2M4F+iGNUQDluY5bZvgdrkUrAXQKwp5kQo4FLuxw7bvsKeyOL2HaOs5+WQ4xt0+8YsN2SuokZrhUR+fzh1+lg+YTF8nd8tE+VgNykAg=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=cjqnqILckgzJvU2QkNzv6mJnVCijbzf1qLNuIPvMLanMRvx5ZFpGBwcrBC3Pzkcz8uHH1pHJKeS3sqZzPSbhljeAVr8tAdVPZ9W7i6rcAx5oW8ygxRq472kvZdC2YoSWgiTnueqtu3JRxpoHVf/cxSyzATYD4g/KcTMqwxF28Nk=
Received: by 10.115.46.9 with SMTP id y9mr3952462waj.129.1201871673437;
        Fri, 01 Feb 2008 05:14:33 -0800 (PST)
Received: by 10.114.81.13 with HTTP; Fri, 1 Feb 2008 05:14:33 -0800 (PST)
Message-ID: <f470f68e0802010514s2ba4a732q9a4d26c2c8efb870@mail.gmail.com>
Date: Fri, 1 Feb 2008 13:14:33 +0000
From: "Robert Burrell Donkin" <robertburrelldonkin@gmail.com>
To: general@incubator.apache.org
Subject: Re: Automated Release Audit Reports [Re: Release Audit Report
 2008-01-29]
In-Reply-To: <510143ac0801301437o1c564582rdf101320daa7e3b8@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <f470f68e0801301229h702b5756uaf55ba7471b8878f@mail.gmail.com>
	 <510143ac0801301437o1c564582rdf101320daa7e3b8@mail.gmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org

On Jan 30, 2008 10:37 PM, Jukka Zitting <jukka.zitting@gmail.com> wrote:

<snip>

> > 3. web page: too concise? too verbose?
>
> Please include checksums or signatures of the release packages. That
> way we'll have easier time tracking things if the release artifacts
> change for one reason or another.

the raw data is already stored and signed in subversion but the format
is custom xml. if i switch to using xhtml+microformat then the raw
data will be more easily accessible (and yes, i have been reading
restful web services recently). i should be able to add links to the
various sums the audit computes.

> Also, as a general after-the-fact audit, it would be great if the tool
> could do some basic release checks and include the results in the
> report. For example verify that all the checksums and signatures
> included in the dist directory are correct.

henk's scanner already checks signatures and sums but he only posts to
the podling list. he also has some good proposals for hierarchical
signature protection.

but unless someone volunteers, this will have to wait until RAT is
working more completely later this year

> It would be even cooler if
> there was some way (perhaps with explicit release metadata) that would
> link the reported release artifacts to the related vote threads.

would be good but not sure how to do it (quickly). any ideas

- robert

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org