pivot-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Todd Volkert <tvolk...@gmail.com>
Subject Release Candidate Sanity Check: Take 2
Date Thu, 02 Apr 2009 01:13:02 GMT
Ok, after several iterations, I believe we're ready for another call
for a sanity check on the release candidate archives before calling
for a vote on this list (which in turn will lead to an incubator PMC
vote).  You can download the files at
http://people.apache.org/~tvolkert/pivot/

> So the "Released Artifact" are the sources and the build system (incl
> instructions) required to produce a useful binary. The binary output
> is NOT included in the primary release artifact, but is "generated" by
> it. So;  SVN  --(packaging)-->  Source Release --(build+package)-->
> Binary Release

This is now exactly how it works.

> 1. Create a target in the Ant build, that zips/tars up the SVN
> sources, not including the .svn directories. Sources in this instance
> means everything that is needed to build Pivot, except for "System
> Requirements" (listed in the README/BUILD). Ant and JDK is typical
> System Requirements, as are any external jar files that are only
> required for the build, BUT some people (like myself) prefer to have
> them part of the source dist.

Done.  This is the "dist" target.  The JDK and Ant are listed as
system requirements in the BUILD file, and the NOTICE file contains
all the legal notices required by our other third party dependencies.

> 2. That zip/tar IS your primary release artifact;
> apache-pivot-1.1-incubating.tar.gz

Per the naming conventions I've seen in all other Apache projects, I
named this apache-pivot-1.1-incubating-src.tar.gz

> 3. Using that zip/tar, execute another Ant target (for instance
> 'install') which compiles, jars and sticks everything into a
> 'generated/apache-pivot-1.1-incubating' directory.

Done.  This is the "install" target.  It creates an
install/apache-pivot-1.1-incubating folder and zip/tar.gz files of
that folder.

> 4. The same target could also create a zip/tar of the
> 'generated/apache-pivot-1.1-incubating', and that IS your
> supplementary binary release.

Per the naming conventions I've seen in all other Apache projects,
this archive is called apache-pivot-1.1-incubating.tar.gz

> 5. Ask a couple of community members to sanity check the binary
> release, and make sure it is useful.

Developers on this list, can you please download the binary
distributions from my home directory at
http://people.apache.org/~tvolkert/pivot/ and try to use the JAR files
therein to make sure that they're ok?  I will do the same.

Mentors, can you please check out both the source archive and the
binary archive to make sure that both in in keeping with the Apache
Way?

> 6. Let people worry about Maven distro separately. And perhaps later
> migrate to Maven build system, if you find Maven support important and
> want to simplify such process.

Yes

> 7. Finally, the release artifacts needs checksums and signatures. The
> PGP signature should be uploaded to at least one or two public PGP
> servers, such as pgp.mit.edu, and eventually be cross-signed in person
> with other people in Apache (for instance at an ApacheCon event). That
> creates the Apache Web of Trust. This may seem like a lot of work for
> nothing, but there are some people who takes this aspect of Apache
> very, very seriously. See
> http://www.apache.org/dev/release-signing.html for more details.

I've uploaded my public key to both the MIT server and the SKS Network
server, as well as provided it in the KEYS file that is in the folder
listed above.  All archives contain MD5 and SHA checksums, as well as
ASCII armored detached signatures.  My key is not connected to the web
of trust because I have not yet attended an ApacheCon conference -- I
hope this will not hold up an incubating release.

Mime
View raw message