mahout-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Owen <sro...@gmail.com>
Subject Re: Feedback on release candidate for 0.2
Date Wed, 04 Nov 2009 13:44:15 GMT
OK, I "gpg --clearsign"-ed all the .jar files in lib and core/lib, and
have all the .asc files. Just commit those?

And roll back the maven-gpg-plugin to maven-deploy-plugin -- I see the
CL you are talking about?

I can commit this now, sure.

On Tue, Nov 3, 2009 at 4:39 PM, Grant Ingersoll <gsingers@apache.org> wrote:
> Hmm, didn't seem to work.  Will try to track down someone w/ Maven knowledge
> at AC.  Random dumb idea:  just check in the sigs into lib directory and
> deploy them.  Then, we just need to update the sigs whenever we update the
> JAR.  Sean, I'm at training all day, could you do that?  Anyone see an issue
> doing this?  These signatures are just for those artifacts in the lib
> directory.  Then, in the core/pom.xml where we do the deploy stuff, we would
> roll back the sign-and-deploy stuff and add executions that also deploy the
> asc files.
>
> -Grant
>
> On Nov 3, 2009, at 6:45 AM, Grant Ingersoll wrote:
>
>> I am trying:
>> http://maven.apache.org/plugins/maven-gpg-plugin/sign-and-deploy-file-mojo.html
>>  right now.  Assuming that goes through, we can call a vote.
>>
>> I agree, in general, we need to be able to get releases out faster and
>> more reliable.  People also should, especially when it is near release time,
>> be encouraged to try trunk, as we aren't going to be making drastic changes
>> at that point and it is much better to get the testing out of the way up
>> front.
>>
>> -Grant
>>
>>
>> On Nov 3, 2009, at 6:02 AM, Sean Owen wrote:
>>
>>> Yeah OK, then sign by hand? Sigs are important indeed.
>>>
>>> I'm just weighing this against, again, 2 more emails today about
>>> problems that I fixed ages ago, that people aren't getting since
>>> they're downloading 0.1. You guys are also in a great position to
>>> promote 0.2 in person. I think it'd be great to get them out ASAP.
>>>
>>> Is there anything at all I can do?
>>>
>>> On Tue, Nov 3, 2009 at 1:58 PM, Grant Ingersoll <gsingers@apache.org>
>>> wrote:
>>>>
>>>> On Nov 3, 2009, at 5:47 AM, Sean Owen wrote:
>>>>
>>>>> What were you referring to in your last email then about legal bits?
I
>>>>> am genuinely curious to understand things like that since they are
>>>>> important.
>>>>
>>>> Oh, sorry.  Was confused by your confusion!
>>>>
>>>> The relevant line in the prior email was:
>>>>
>>>> "Any and all artifacts that we put up under our stuff are our artifacts
>>>> and
>>>> people need to be able to verify that what we put up is what we intended
>>>> to
>>>> put up."
>>>>
>>>> So, those are the legal bits.  People need to be able to trust what we
>>>> put
>>>> up their.  Sigs and MD5 hashes, etc. help establish that trust.
>>>>
>>>> You can read more about ASF reqs on releases at:
>>>> http://www.apache.org/dev/#releases
>>>>
>>>>
>>>>
>>
>
>

Mime
View raw message