www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Senaka Fernando <sen...@wso2.com>
Subject Re: Stage a Maven Repository with Signed Artifacts to qualify a Release Vote
Date Sat, 25 Dec 2010 09:06:21 GMT
Hi Ralph, Strub, Benson,

Thanks for the useful information. I will work with the Axis PMC to get the
issues rectified.

Wish you all a Merry Christmas!

Thanks,
Senaka.

On Sat, Dec 25, 2010 at 3:00 AM, Benson Margulies <bimargulies@gmail.com>wrote:

> Senaka,
>
> At this point, many of the Maven-built projects do use the built-in
> staging capability of the ASF Nexus instance to do just that.  Before
> a vote, they run the release plugin all the way, and it pushes the
> artifacts, signatures and all, to the auto-genererated staging area
> for their project. The URL thereto goes into the vote, and everyone
> goes home happy. If the vote passes, we promote the staging repo which
> releases it; if it fails, we drop it.
>
> --benson
>
>
> On Fri, Dec 24, 2010 at 4:09 PM, Senaka Fernando <senaka@apache.org>
> wrote:
> > Hi Ralph,
> >
> > Sorry if the list was wrong. But my intention was to understand the legal
> > requirements, should there be any. A practice can be followed, but
> something
> > that's legally required must be followed.
> >
> > Yes, you are correct about the release plugin. But, normally a release is
> > done in a single-go once a vote has been approved; and you should not
> need
> > to host a temporary Maven repo to get a vote (for a release) passed
> (since
> > that repo will never be the final destination). My concerns are based on
> a
> > discussion at [1].
> >
> > [1] http://markmail.org/thread/n3z5kapk2fykn7rm
> >
> > Thanks,
> > Senaka.
> >
> > On Fri, Dec 24, 2010 at 10:13 PM, Ralph Goers <
> ralph.goers@dslextreme.com>
> > wrote:
> >>
> >> On Dec 24, 2010, at 7:31 AM, Senaka Fernando wrote:
> >>
> >> > Hi all,
> >> >
> >> > Normally, it has been a practice to sign release artifacts (binary,
> >> > source, and documentation downloads), to qualify a release vote. But
> >> > however, we have not been staging maven repositories (this only
> applies to
> >> > projects that use a Maven-based build system) with signed artifacts in
> order
> >> > to qualify a release vote in the past. So far, we only sign the
> artifacts on
> >> > the public maven repositories when those are deployed.
> >> >
> >> > But, has this practice changed over time, along with the recent
> changes
> >> > to the release process?
> >> >
> >> > Thanks,
> >> > Senaka.
> >>
> >> I'm not sure why this is on legal discuss, but I believe the release
> >> plugin signs the artifacts as it deploys them to the ASF staging
> repository.
> >>
> >> Ralph
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> >> For additional commands, e-mail: legal-discuss-help@apache.org
> >>
> >
> >
> >
> > --
> > Senaka Fernando
> > Member; Apache Software Foundation; http://apache.org
> >
> > Associate Technical Lead & Product Manager - WSO2 G-Reg;
> > WSO2, Inc.; http://wso2.com
> >
> > E-mail: senaka AT apache.org
> > P: +94 11 223 2481; M: +94 77 322 1818
> > Linked-In: http://www.linkedin.com/in/senakafernando
> > Blog: http://senakafdo.blogspot.com
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>


-- 
*Senaka Fernando*
Associate Technical Lead & Product Manager - WSO2 G-Reg;
WSO2, Inc.; http://wso2.com*
Member; Apache Software Foundation; http://apache.org

E-mail: senaka AT wso2.com
**P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
Linked-In: http://www.linkedin.com/in/senakafernando

*Lean . Enterprise . Middleware

Mime
View raw message