river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dennis Reedy <dennis.re...@gmail.com>
Subject Re: [Vote] Release Apache River 2.2.1
Date Tue, 30 Apr 2013 13:08:15 GMT

On Apr 30, 2013, at 850AM, Greg Trasuk wrote:

> 
> Hi Dennis:
> 
> Couple of questions present themselves...
> 
> 1 - Is it OK or expected to sign the jars with the same code signing key
> as the release "tar.gz" and ".zip" artifacts that I've already
> generated?

Yes, it should be.

>  I'm fine with doing that.  Be aware, however that I've just
> generated the keys recently, so I'm not in the Apache Web of Trust.  I
> certainly can publish the public keys, however.

> 
> 2 - Central seems to want the uploaded jars to be named in the like
> "jsk-platform-2.2.1.jar".  We currently don't name the jars that way. 
> Is it a wish or a requirement?
> 
> 3 - and if it is a requirement, does your Groovy script handle it, or do
> we need to change the build?  

The maven deploy plugin handles it. Well, I'll have to change the script to use the Maven
GPG plugin (http://maven.apache.org/plugins/maven-gpg-plugin/), that way we can sign the jars
and deploy them at the same time.


> Either way, would that be a 2.2.2 release,
> or do we just re-name and sign the jars?  

We use the Maven plugin to sign & deploy, and release as normal.

> I suspect that there are a few
> cases (Starter and examples for instance) where we actually have jar
> names hard-coded into the scripts.

I think this is okay for now. What we need is to have the artifacts uploaded to central so
developers that use dependency management (Maven, Ivy, ...) can have 2.2.1 jars resolved.


Maybe we should touch base and I can work you through the process using your keys to deploy
the jars to the staging repository?

Dennis



Mime
View raw message