maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benson Margulies <bimargul...@gmail.com>
Subject Re: Getting Maven component and plugin releases to /dist -- space
Date Sun, 23 Dec 2012 14:26:18 GMT
Henk,

I'm sorry that I'm effectively top-posting; for some reason gmail
doesn't want to set up interlinear commentary on your message. If I
miss something, please let me know.

If you look in https://svn.apache.org/repos/asf/maven/project/tools/scrape-nexus-releases,
you will find two files, inventory.archive and inventory.latest. These
list the release archives that, as far as I can tell, make up Maven
PMC releases that (a) were voted, and (b) were never put on /dist. The
'latest' file contains current releases, and the 'archive' file
contains not-current releases. So, my intention is to push the files
listed in the 'latest' file to /dist, and the others directly to
archive. As for 'where' on /dist, my proposal to the Maven PMC is
going to be to have two subdirectories of the Maven /dist: 'plugins'
and 'components'. However, the Maven PMC is still in the early phases
of confronting the requirement to do this at all, so it will be a few
days, I expect, before there's a consensus. I'd be grateful if you
have anything to add here; as you know, I fell into this project by
discovering the hard way that it had to be done. This hasn't been my
historical area of expertise.

All these files currently reside on repository.apache.org. The Nexus
configuration there forces each file to be accompanied by valid
signatures when you deploy them there. The python program I've written
(which you can also find there)  just pulls metadata from Nexus. The
next python program will actually pull files, including their
accompanying detached signatures. Since the Maven project releases
something about once a week, this next script will be driven by the
Nexus metadata, not by the files. So the inventory is likely to creep
up a bit by the time we go live.

It wouldn't hurt to run a verification pass on the signatures before
actually pushing these files live. Have you got a script that examines
an entire directory? I suspect that you do.

Regards,

Benson

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org


Mime
View raw message