www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Yandell" <flame...@gmail.com>
Subject Summary
Date Wed, 01 Mar 2006 07:59:21 GMT
Things seem quite quiet here. This is what I understand by reading the
various emails and wiki pages (Brett/Robert); and hassling Brett
mercilessly on IRC (sorry Brett):

There are four repositories:

/www/www.apache.org/dist/java-repository  - ibiblio-sync m1 repo
/www/www.apache.org/dist/maven-repository  - ibiblio sync m2 repo
/www/cvs.apache.org/dist/maven-snapshot-repository  - snapshot m2 repo
/www/cvs.apache.org/dist/repository  - snapshot m1 repo

The aim being to kill the m1 repo's and replace them with the m2
repo's at some point soon.

There are various rules:

* jars must be: md5'd, sha1'd, pgp (.asc'd).
* only asf artifacts should be present
* SNAPSHOTs must not appear in the ibiblio-sync repos
* md5 files have a specified format

There are various issues:

* unknown releases have been done (velocity-dvsl)
* jars have been overwritten (commons-cli)
* unknown projects have been released (commons-grafolia?
commons-jdbc2pool? magicGball?)
* oversight is therefore non-existent
* structure is sloppy in the m1 repos (tbh, it's sloppy in the m2 repos too)
* non-asf artifacts are there

There's history:

* This list was created with lofty goals - and various build system
involvement to create a repository structure of use to as many people
as possible (the success of the maven repository having driven a
desire to include all and not just maven)
* Now it's really just a place for managing the maven repository -
which the three main build systems in Java can all easily use (ant,
maven1, maven2)
* The wiki is mostly a result of the former character; mostly water
under the bridge now.

There's a plan for needed docs from Brett:

We need:

- how to upload releases to the repository manually (ant users, etc)
- how to automate with Maven 1.x
- how to automate with Maven 2.x

There's docs from Robert:


Reading the old emails; I appear to be a terrible release manager who
has caused much pain. :)


I presume I've missed lots?


Here's some thoughts:

* The repository needs to be sliced into TLP structure. Things will
move when TLPs move; user's will have to deal. Authentication needs to
be in place so that TLPs have access only to their part of the
structure - this will do a good job of lessening the ability to push
out non-asf things.

* We need to be monitoring things as they get added. Ideally, an email
to repository@ whenever a file is added. Bigger emails when a file is

* We need to enforce that the correct amount of files are added.
Personally I think we should be enforcing that src and javadoc are
also added; along with the jar, pom and various auth files.

* We should be prepared for user accounts to the machine to go away.

* PMCs have to be responsible for deploys - snapshot or full. We
absolutely have to know who added what.

* The m2 repo needs cleaning ASAP (why is there anything in those two
repos top dirs except 'org'? We then need to be very firm on keeping
it clean and migrate the relevant parts of the m1 repo across - or
maybe ask the pmcs to do so. Finally we need to rm -r the m1 repo.

* We might want to have repository@ members performing reviews on new additions.

[* I believe SVN can give us much of this for little cost ]


View raw message