Return-Path: X-Original-To: apmail-maven-dev-archive@www.apache.org Delivered-To: apmail-maven-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B5F96C272 for ; Tue, 10 Sep 2013 14:24:19 +0000 (UTC) Received: (qmail 13264 invoked by uid 500); 10 Sep 2013 14:24:17 -0000 Delivered-To: apmail-maven-dev-archive@maven.apache.org Received: (qmail 12946 invoked by uid 500); 10 Sep 2013 14:24:17 -0000 Mailing-List: contact dev-help@maven.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Maven Developers List" Reply-To: "Maven Developers List" Delivered-To: mailing list dev@maven.apache.org Received: (qmail 12938 invoked by uid 99); 10 Sep 2013 14:24:16 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Sep 2013 14:24:16 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sebbaz@gmail.com designates 74.125.82.178 as permitted sender) Received: from [74.125.82.178] (HELO mail-we0-f178.google.com) (74.125.82.178) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Sep 2013 14:24:12 +0000 Received: by mail-we0-f178.google.com with SMTP id u57so5728838wes.9 for ; Tue, 10 Sep 2013 07:23:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=At5nJka3Z5f8wr6AeqQ72FT0OPI8e16YKA7EIusdhyc=; b=clKRuObGMYHkCJOFiT/VtpY1GLuPGiC9pWZKcwibtnuUTaMOH3kEwrTRqkBAvVur7Q HuxKtAHd0aD9Sm+YKKsxpWRU0glhsUAWfng09XDTQW/+4vsYqbKstmzSfslnj3ZoqaRC 2eY/JFvPxhhJrhkOuGcjl30OSAtelCccfHvuYnXV8TYnsZDe1g21qMnTb6ghV8n8m4Zp WhARt+uJ6U8/JDLkAc7Ft/8ZQmJXgCa/4ELHbEnPYCYIHjCK8K0InD6htoY9kxQ1Xkvj ysHJQvrn2cD2ykPhbvQ1fYQxLRUmUGYr0dKFoxiMHSmR0xsJ+rtsITggb8L1iZpx0iFM 7qyg== MIME-Version: 1.0 X-Received: by 10.194.110.138 with SMTP id ia10mr18034654wjb.3.1378823031294; Tue, 10 Sep 2013 07:23:51 -0700 (PDT) Received: by 10.194.24.99 with HTTP; Tue, 10 Sep 2013 07:23:51 -0700 (PDT) In-Reply-To: References: <268EC617-8A49-4A5E-972A-FCD5ABA36447@tesla.io> <522ED615.4020202@gmx.de> Date: Tue, 10 Sep 2013 15:23:51 +0100 Message-ID: Subject: Re: [VOTE] Release Maven 3.1.1 From: sebb To: Maven Developers List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org On 10 September 2013 15:11, Jason van Zyl wrote: > > On Sep 10, 2013, at 9:58 AM, sebb wrote: > >> On 10 September 2013 14:23, Jason van Zyl wrote: >>> >>> On Sep 10, 2013, at 7:53 AM, sebb wrote: >>> >>>> I've just realised that you said the hash is in the maven core jar. >>>> That is a binary artifact, and has no direct relationship with the >>>> source artifact on which people are supposed to be voting. >>>> >>> >>> It is supposed to be the SHA1 of the release from which the build was m= ade. >>> >>>> I don't think it's possible to tie the SCM tag to this vote thread >>>> "for the record" without the hash (and git repo) being provided in >>>> this e-mail. >>>> >>> >>> Well, I'm going to leave it out for now. I'll do what's strictly in the= template here: >>> >>> http://maven.apache.org/developers/release/maven-project-release-proced= ure.html#Call_the_vote >> >> Which as I have argued all along is insufficient. >> - the vote email does not have vital information "for the record" >> - indeed in the case of this vote, neither the vote e-mail nor the >> source archive (on which people are supposed to be voting) has the >> information. >> >> I note that no-one who has voted so far has stated that the contents >> of the source archives are all present and correct and that no files >> are missing from the release and more importantly that there are no >> files in the source archive that should not be there. >> >> IMO this is the most important part of the release vote, along with >> the N&L contents. > > Get the PMC to agree and put it in the template and I'll use what's in th= e template. > >> >>> >>>> Also, I don't think the quoted hash is correct. >>>> >>> >>> It doesn't look correct, it appears to take the parent commit. This has= probably been >>> the case for quite some time, in that the "mvn -v" command doesn't actu= ally tell you >>> what commit it came from. I don't know if it's generally wrong, but thi= s this case >>> c9950d777c7368e51431500c29aecf1e11e3d2c6 is the parent of >> >> Where did you get the above hash from? >> It does not seem to be the same as the one in the binary archive I downl= oaded. >> > > There's the argument for automation! It's actually an argument for quoting the hash in the vote e-mail and for people to actually check it. I find it strange that none of the reviewers noticed the problem. That suggests to me that none of the reviewers are actually interested in doing due diligence on the source archive contents. > I didn't open up the JAR from the checked out build. So this is probably = the best way right now and you've verified the right hash is available from= the build itself so that's probably what you need. No, as I already wrote, that is not suitable. Voting is on source archives; it's no good having the hash buried away in an indirectly related binary archive. >> On the git page: >> >> https://git-wip-us.apache.org/repos/asf?p=3Dmaven.git;a=3Dsummary >> >> the c995... hash seems to be associated with >> >> [MNG-5509] org.apache.maven.repository.legacy.DefaultWa... >> >> This happens to be the line after >> >> [maven-release-plugin] prepare release maven-3.1.1 maven-3.1.1<= /yellow> >> >> which seems to have the following hash: >> >>> 892b464683645bcdc1d28febf0bf3cc1c3181350 which is the SHA1 for the rele= ase. >> >> Also the above hash is the one I just found in build.properties. >> >> And it agrees with mvn -v >> >> Apache Maven 3.1.1 (892b464683645bcdc1d28febf0bf3cc1c3181350; >> 2013-09-05 18:04:21+0100) >> >> So I don't think there's a problem with the build process, but there >> is still a major problem with the vote e-mail contents. >> >>> >>> I assumed someone actually tested this, or maybe it's being used in the= release for something it wasn't intended for. I'll take a look at the code= . But for now I will make the template from: >>> >>> http://maven.apache.org/developers/release/maven-project-release-proced= ure.html#Call_the_vote >>> >>> >>>> Are you sure that >>>> >>>> c9950d777c7368e51431500c29aecf1e11e3d2c6 >>>> >>>> is the hash for the build? >>>> >>>> On 10 September 2013 09:19, Karl Heinz Marbaise wr= ote: >>>>> +1 [non-binding] >>>>> >>>>> Tested with >>>>> * appassembler-maven-plugin (trunk: r18705) >>>>> >>>>> * maven-invoker-plugin (trunk: r1521365), >>>>> >>>>> * iterator-maven-plugin (git: 07ddf1a6a8fe4b60dbb84ce944c3a4f7828bff3= e >>>>> https://github.com/khmarbaise/iterator-maven-plugin), >>>>> >>>>> * several of my own projects worked like a charm. >>>>> >>>>> >>>>> >>>>> On 9/8/13 3:07 PM, Jason van Zyl wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> Here is a link to Jira with 6 issues resolved: >>>>>> >>>>>> https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=3D10500&= version=3D18968 >>>>>> >>>>>> Staging repo: >>>>>> https://repository.apache.org/content/repositories/maven-016/ >>>>>> >>>>>> The distributable binaries and sources for testing can be found here= : >>>>>> >>>>>> https://repository.apache.org/content/repositories/maven-016/org/apa= che/maven/apache-maven/3.1.1/ >>>>>> >>>>>> Specifically the zip, tarball, and source archives can be found here= : >>>>>> >>>>>> https://repository.apache.org/content/repositories/maven-016/org/apa= che/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip >>>>>> >>>>>> https://repository.apache.org/content/repositories/maven-016/org/apa= che/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz >>>>>> >>>>>> https://repository.apache.org/content/repositories/maven-016/org/apa= che/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip >>>>>> >>>>>> https://repository.apache.org/content/repositories/maven-016/org/apa= che/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz >>>>>> >>>>>> Vote open for 72 hours. >>>>>> >>>>>> [ ] +1 >>>>>> [ ] +0 >>>>>> [ ] -1 >>>>>> >>>>>> Thanks, >>>>>> >>>>>> The Maven Team >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> Mit freundlichem Gru=DF >>>>> Karl-Heinz Marbaise >>>>> -- >>>>> SoftwareEntwicklung Beratung Schulung Tel.: +49 (0) 2405 / 415 893 >>>>> Dipl.Ing.(FH) Karl-Heinz Marbaise ICQ#: 135949029 >>>>> Hauptstrasse 177 USt.IdNr: DE191347579 >>>>> 52146 W=FCrselen http://www.soebes.de >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org >>>>> For additional commands, e-mail: dev-help@maven.apache.org >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org >>>> For additional commands, e-mail: dev-help@maven.apache.org >>>> >>> >>> Thanks, >>> >>> Jason >>> >>> ---------------------------------------------------------- >>> Jason van Zyl >>> Founder, Apache Maven >>> http://twitter.com/jvanzyl >>> --------------------------------------------------------- >>> >>> >>> >>> >>> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org >> For additional commands, e-mail: dev-help@maven.apache.org >> > > Thanks, > > Jason > > ---------------------------------------------------------- > Jason van Zyl > Founder, Apache Maven > http://twitter.com/jvanzyl > --------------------------------------------------------- > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For additional commands, e-mail: dev-help@maven.apache.org