Return-Path: Delivered-To: apmail-lucene-mahout-dev-archive@minotaur.apache.org Received: (qmail 34854 invoked from network); 4 Nov 2009 13:44:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 4 Nov 2009 13:44:45 -0000 Received: (qmail 31747 invoked by uid 500); 4 Nov 2009 13:44:44 -0000 Delivered-To: apmail-lucene-mahout-dev-archive@lucene.apache.org Received: (qmail 31658 invoked by uid 500); 4 Nov 2009 13:44:44 -0000 Mailing-List: contact mahout-dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: mahout-dev@lucene.apache.org Delivered-To: mailing list mahout-dev@lucene.apache.org Received: (qmail 31648 invoked by uid 99); 4 Nov 2009 13:44:43 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Nov 2009 13:44:43 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of srowen@gmail.com designates 209.85.219.226 as permitted sender) Received: from [209.85.219.226] (HELO mail-ew0-f226.google.com) (209.85.219.226) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Nov 2009 13:44:35 +0000 Received: by ewy26 with SMTP id 26so7260544ewy.5 for ; Wed, 04 Nov 2009 05:44:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=kMmDgIbry1f5siL9MxBA4qTz2km2PaIxMGHAXHOakHk=; b=ClpQ5XLq8chwOYH1e1qI79KGDvJYXTDccHcSSTXMQwb8qSWgingDt+ScxWLAukvVr8 Hj+uLfLVyGJn2GHZ3bPKxP9g000pH+IZd8sr1dRxCJH6ZDiLys1NW5w8sOX9x2GfFNtx sHv7d3inKkl6qCJLY/gl7RK3QxJ6LIMmHnZGU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=aaD0p10oF3TtCq8fYter4q9xsaqReoOV2dL+AMiScpHJTUeAvixl1wWkr1hj4sUV+Z VufbCpk1AvRbf6e4aE4QKJu971Z5zbw8HajILi0qU2FnxxeXKQO8iLkVDeXhSEfF8CN0 SUoYXut0UEFSHqueyPdWuLyDjk/rohkQuLnJw= MIME-Version: 1.0 Received: by 10.213.0.215 with SMTP id 23mr1716017ebc.84.1257342255307; Wed, 04 Nov 2009 05:44:15 -0800 (PST) In-Reply-To: <9D129FB1-78F4-4E05-B89D-A43198C42268@apache.org> References: <95406B82-69ED-402B-8078-36B34EE0DA12@apache.org> <068B8C4B-9898-4EC5-89C1-0DF7EADF4704@apache.org> <9D129FB1-78F4-4E05-B89D-A43198C42268@apache.org> Date: Wed, 4 Nov 2009 13:44:15 +0000 Message-ID: Subject: Re: Feedback on release candidate for 0.2 From: Sean Owen To: mahout-dev@lucene.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org OK, I "gpg --clearsign"-ed all the .jar files in lib and core/lib, and have all the .asc files. Just commit those? And roll back the maven-gpg-plugin to maven-deploy-plugin -- I see the CL you are talking about? I can commit this now, sure. On Tue, Nov 3, 2009 at 4:39 PM, Grant Ingersoll wrote= : > Hmm, didn't seem to work. =C2=A0Will try to track down someone w/ Maven k= nowledge > at AC. =C2=A0Random dumb idea: =C2=A0just check in the sigs into lib dire= ctory and > deploy them. =C2=A0Then, we just need to update the sigs whenever we upda= te the > JAR. =C2=A0Sean, I'm at training all day, could you do that? =C2=A0Anyone= see an issue > doing this? =C2=A0These signatures are just for those artifacts in the li= b > directory. =C2=A0Then, in the core/pom.xml where we do the deploy stuff, = we would > roll back the sign-and-deploy stuff and add executions that also deploy t= he > asc files. > > -Grant > > On Nov 3, 2009, at 6:45 AM, Grant Ingersoll wrote: > >> I am trying: >> http://maven.apache.org/plugins/maven-gpg-plugin/sign-and-deploy-file-mo= jo.html >> =C2=A0right now. =C2=A0Assuming that goes through, we can call a vote. >> >> I agree, in general, we need to be able to get releases out faster and >> more reliable. =C2=A0People also should, especially when it is near rele= ase time, >> be encouraged to try trunk, as we aren't going to be making drastic chan= ges >> at that point and it is much better to get the testing out of the way up >> front. >> >> -Grant >> >> >> On Nov 3, 2009, at 6:02 AM, Sean Owen wrote: >> >>> Yeah OK, then sign by hand? Sigs are important indeed. >>> >>> I'm just weighing this against, again, 2 more emails today about >>> problems that I fixed ages ago, that people aren't getting since >>> they're downloading 0.1. You guys are also in a great position to >>> promote 0.2 in person. I think it'd be great to get them out ASAP. >>> >>> Is there anything at all I can do? >>> >>> On Tue, Nov 3, 2009 at 1:58 PM, Grant Ingersoll >>> wrote: >>>> >>>> On Nov 3, 2009, at 5:47 AM, Sean Owen wrote: >>>> >>>>> What were you referring to in your last email then about legal bits? = I >>>>> am genuinely curious to understand things like that since they are >>>>> important. >>>> >>>> Oh, sorry. =C2=A0Was confused by your confusion! >>>> >>>> The relevant line in the prior email was: >>>> >>>> "Any and all artifacts that we put up under our stuff are our artifact= s >>>> and >>>> people need to be able to verify that what we put up is what we intend= ed >>>> to >>>> put up." >>>> >>>> So, those are the legal bits. =C2=A0People need to be able to trust wh= at we >>>> put >>>> up their. =C2=A0Sigs and MD5 hashes, etc. help establish that trust. >>>> >>>> You can read more about ASF reqs on releases at: >>>> http://www.apache.org/dev/#releases >>>> >>>> >>>> >> > >