You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by Paul Benedict <pb...@apache.org> on 2014/06/24 03:20:07 UTC
Do we still sign releases?
Back in the 1.x days, we signed releases (the jars, zips, etc.). I don't
know if we always did, but I did when I was release manager. Is that
practice still in force? ... And do we do that for Struts 2 as well?
Cheers,
Paul
Re: Do we still sign releases?
Posted by Lukasz Lenart <lu...@apache.org>.
2014-06-25 10:00 GMT+02:00 Christian Grobmeier <gr...@gmail.com>:
> On 25 Jun 2014, at 8:16, Paul Benedict wrote:
>
>> I am going to hit a speed bump here. I haven't signed anything in years
>> and
>> I don't have the time right now to re-learn what needs to be done. If I
>> stage the S1 artifacts, can another committer download them and sign them?
>> Then we can call a vote.
>
>
> The problem is that we cannot prove that whats being signed is whats being
> uploaded.
>
> Can you briefly tell how difficult it is to just stage S1? Maybe its
> possible
> to let another committer stage && sign the release, then you get it further
> from there
It's all supposed to be easy with Maven and struts-master parent pom.
https://github.com/apache/struts/blob/develop/pom.xml#L4
Regards
--
Ćukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: Do we still sign releases?
Posted by Christian Grobmeier <gr...@gmail.com>.
On 25 Jun 2014, at 8:16, Paul Benedict wrote:
> I am going to hit a speed bump here. I haven't signed anything in
> years and
> I don't have the time right now to re-learn what needs to be done. If
> I
> stage the S1 artifacts, can another committer download them and sign
> them?
> Then we can call a vote.
The problem is that we cannot prove that whats being signed is whats
being uploaded.
Can you briefly tell how difficult it is to just stage S1? Maybe its
possible
to let another committer stage && sign the release, then you get it
further from there
Cheers
>
>
> Cheers,
> Paul
>
>
> On Tue, Jun 24, 2014 at 8:55 AM, Paul Benedict <pb...@apache.org>
> wrote:
>
>> Thanks everyone. I am just breaking the rust off of my release
>> manager
>> skills. I'll see what I can do.
>>
>>
>> Cheers,
>> Paul
>>
>>
>> On Tue, Jun 24, 2014 at 8:52 AM, Christian Grobmeier
>> <gr...@gmail.com>
>> wrote:
>>
>>> Its actually even required by ASF policy to sign releases:
>>> http://apache.org/dev/release.html#what-must-every-release-contain
>>>
>>>
>>>
>>>
>>> On 24 Jun 2014, at 11:31, Rene Gielen wrote:
>>>
>>> Correct, unsigned releases won't make it to central.
>>>>
>>>> On 24. Juni 2014 07:06:46 MESZ, Lukasz Lenart
>>>> <lu...@apache.org>
>>>> wrote:
>>>>
>>>>> I think yes
>>>>> https://repository.apache.org/content/groups/public/org/
>>>>> apache/struts/struts2-core/2.3.16/
>>>>>
>>>>> and this is verified by Nexus during Closing repository (I think)
>>>>>
>>>>> 2014-06-24 3:20 GMT+02:00 Paul Benedict <pb...@apache.org>:
>>>>>
>>>>>> Back in the 1.x days, we signed releases (the jars, zips, etc.).
>>>>>> I
>>>>>>
>>>>> don't
>>>>>
>>>>>> know if we always did, but I did when I was release manager. Is
>>>>>> that
>>>>>> practice still in force? ... And do we do that for Struts 2 as
>>>>>> well?
>>>>>>
>>>>>> Cheers,
>>>>>> Paul
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>>
>>>>
>>>> --
>>>> Sent from my mobile phone
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>
>>>
>>
---
http://www.grobmeier.de
The Zen Programmer: http://bit.ly/12lC6DL
@grobmeier
GPG: 0xA5CC90DB
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: Do we still sign releases?
Posted by Paul Benedict <pb...@apache.org>.
I am going to hit a speed bump here. I haven't signed anything in years and
I don't have the time right now to re-learn what needs to be done. If I
stage the S1 artifacts, can another committer download them and sign them?
Then we can call a vote.
Cheers,
Paul
On Tue, Jun 24, 2014 at 8:55 AM, Paul Benedict <pb...@apache.org> wrote:
> Thanks everyone. I am just breaking the rust off of my release manager
> skills. I'll see what I can do.
>
>
> Cheers,
> Paul
>
>
> On Tue, Jun 24, 2014 at 8:52 AM, Christian Grobmeier <gr...@gmail.com>
> wrote:
>
>> Its actually even required by ASF policy to sign releases:
>> http://apache.org/dev/release.html#what-must-every-release-contain
>>
>>
>>
>>
>> On 24 Jun 2014, at 11:31, Rene Gielen wrote:
>>
>> Correct, unsigned releases won't make it to central.
>>>
>>> On 24. Juni 2014 07:06:46 MESZ, Lukasz Lenart <lu...@apache.org>
>>> wrote:
>>>
>>>> I think yes
>>>> https://repository.apache.org/content/groups/public/org/
>>>> apache/struts/struts2-core/2.3.16/
>>>>
>>>> and this is verified by Nexus during Closing repository (I think)
>>>>
>>>> 2014-06-24 3:20 GMT+02:00 Paul Benedict <pb...@apache.org>:
>>>>
>>>>> Back in the 1.x days, we signed releases (the jars, zips, etc.). I
>>>>>
>>>> don't
>>>>
>>>>> know if we always did, but I did when I was release manager. Is that
>>>>> practice still in force? ... And do we do that for Struts 2 as well?
>>>>>
>>>>> Cheers,
>>>>> Paul
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>
>>>
>>> --
>>> Sent from my mobile phone
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
>>
>
Re: Do we still sign releases?
Posted by Paul Benedict <pb...@apache.org>.
Thanks everyone. I am just breaking the rust off of my release manager
skills. I'll see what I can do.
Cheers,
Paul
On Tue, Jun 24, 2014 at 8:52 AM, Christian Grobmeier <gr...@gmail.com>
wrote:
> Its actually even required by ASF policy to sign releases:
> http://apache.org/dev/release.html#what-must-every-release-contain
>
>
>
>
> On 24 Jun 2014, at 11:31, Rene Gielen wrote:
>
> Correct, unsigned releases won't make it to central.
>>
>> On 24. Juni 2014 07:06:46 MESZ, Lukasz Lenart <lu...@apache.org>
>> wrote:
>>
>>> I think yes
>>> https://repository.apache.org/content/groups/public/org/
>>> apache/struts/struts2-core/2.3.16/
>>>
>>> and this is verified by Nexus during Closing repository (I think)
>>>
>>> 2014-06-24 3:20 GMT+02:00 Paul Benedict <pb...@apache.org>:
>>>
>>>> Back in the 1.x days, we signed releases (the jars, zips, etc.). I
>>>>
>>> don't
>>>
>>>> know if we always did, but I did when I was release manager. Is that
>>>> practice still in force? ... And do we do that for Struts 2 as well?
>>>>
>>>> Cheers,
>>>> Paul
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>
>>
>> --
>> Sent from my mobile phone
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>
Re: Do we still sign releases?
Posted by Christian Grobmeier <gr...@gmail.com>.
Its actually even required by ASF policy to sign releases:
http://apache.org/dev/release.html#what-must-every-release-contain
On 24 Jun 2014, at 11:31, Rene Gielen wrote:
> Correct, unsigned releases won't make it to central.
>
> On 24. Juni 2014 07:06:46 MESZ, Lukasz Lenart
> <lu...@apache.org> wrote:
>> I think yes
>> https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/2.3.16/
>>
>> and this is verified by Nexus during Closing repository (I think)
>>
>> 2014-06-24 3:20 GMT+02:00 Paul Benedict <pb...@apache.org>:
>>> Back in the 1.x days, we signed releases (the jars, zips, etc.). I
>> don't
>>> know if we always did, but I did when I was release manager. Is that
>>> practice still in force? ... And do we do that for Struts 2 as well?
>>>
>>> Cheers,
>>> Paul
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>
> --
> Sent from my mobile phone
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: Do we still sign releases?
Posted by Rene Gielen <gi...@it-neering.net>.
Correct, unsigned releases won't make it to central.
On 24. Juni 2014 07:06:46 MESZ, Lukasz Lenart <lu...@apache.org> wrote:
>I think yes
>https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/2.3.16/
>
>and this is verified by Nexus during Closing repository (I think)
>
>2014-06-24 3:20 GMT+02:00 Paul Benedict <pb...@apache.org>:
>> Back in the 1.x days, we signed releases (the jars, zips, etc.). I
>don't
>> know if we always did, but I did when I was release manager. Is that
>> practice still in force? ... And do we do that for Struts 2 as well?
>>
>> Cheers,
>> Paul
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>For additional commands, e-mail: dev-help@struts.apache.org
--
Sent from my mobile phone
Re: Do we still sign releases?
Posted by Lukasz Lenart <lu...@apache.org>.
I think yes
https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/2.3.16/
and this is verified by Nexus during Closing repository (I think)
2014-06-24 3:20 GMT+02:00 Paul Benedict <pb...@apache.org>:
> Back in the 1.x days, we signed releases (the jars, zips, etc.). I don't
> know if we always did, but I did when I was release manager. Is that
> practice still in force? ... And do we do that for Struts 2 as well?
>
> Cheers,
> Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org