You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Dan Diephouse <da...@envoisolutions.com> on 2006/12/08 00:00:28 UTC
Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
On 12/7/06, Daniel Kulp <da...@iona.com> wrote:
> I would say for now we just remove that jar if it's needed. However, how
> did
> the servicemix and other projects votes pass if it's a requirement? Is
> this
> another "new requirement in the middle of a vote" thing?
>
>
*wonders the same thing*
Additionally, I just realized there are some projects too that have been
publishing Maven builds that haven't been approved. Most recently Abdera did
this [1][2]. They voted for the release of their binaries, but not their
maven artifacts which they created/deployed post vote as I understand it
(sorry to cause trouble Abdera folks, I was the one pushing for those builds
too!).
- Dan
1.
http://mail-archives.apache.org/mod_mbox/incubator-general/200612.mbox/%3c45749D47.1010109@gmail.com%3e
2.
http://mail-archives.apache.org/mod_mbox/incubator-abdera-dev/200612.mbox/%3cb20ce4ed0612051532m33f1a5bfu66f25e72d3e50a7@mail.gmail.com%3e
--
Dan Diephouse
Envoi Solutions
http://envoisolutions.com | http://netzooid.com/blog
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by Daniel Kulp <da...@iona.com>.
On Thursday 07 December 2006 19:59, Roy T. Fielding wrote:
> On Dec 7, 2006, at 4:09 PM, Dan Diephouse wrote:
> > I must be missing something. If they aren't voted on, how do you know
> > if they're valid and meet release requirements?
>
> It is impossible to verify that in a binary. We have to trust the
> person building it to do so according to an approved script. If people
> want to push a given set of binaries through a QA process and vote on
> the results, more power to 'em -- anything posted to our webservers is
> subject to voting if desired. However, they are just fooling themselves
> if they think testing the binary is sufficient to verify that the binary
> actually matches the source version.
>
> "Real" open source developers build their own. ;-)
So by this theory, we could have just called a vote on the source/binary
distributions in which case the javadoc issue would not have appeared at all.
(that javadoc jar doesn't appear there) Correct? Thus, if the vote passed
on that, we could then proceed to "mvn deploy" which would have resulted in
the javadoc jar without the notice/license in it being put in the Maven
repository for the world to use.
I'm just trying to clarify this for future reference. I personally think
that's a bad practice, but if that's OK for Apache, fine. We'll keep that
in mind for the future.
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by Daniel Kulp <da...@iona.com>.
On Thursday 07 December 2006 19:59, Roy T. Fielding wrote:
> On Dec 7, 2006, at 4:09 PM, Dan Diephouse wrote:
> > I must be missing something. If they aren't voted on, how do you know
> > if they're valid and meet release requirements?
>
> It is impossible to verify that in a binary. We have to trust the
> person building it to do so according to an approved script. If people
> want to push a given set of binaries through a QA process and vote on
> the results, more power to 'em -- anything posted to our webservers is
> subject to voting if desired. However, they are just fooling themselves
> if they think testing the binary is sufficient to verify that the binary
> actually matches the source version.
>
> "Real" open source developers build their own. ;-)
So by this theory, we could have just called a vote on the source/binary
distributions in which case the javadoc issue would not have appeared at all.
(that javadoc jar doesn't appear there) Correct? Thus, if the vote passed
on that, we could then proceed to "mvn deploy" which would have resulted in
the javadoc jar without the notice/license in it being put in the Maven
repository for the world to use.
I'm just trying to clarify this for future reference. I personally think
that's a bad practice, but if that's OK for Apache, fine. We'll keep that
in mind for the future.
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by Daniel Kulp <da...@iona.com>.
On Thursday 07 December 2006 19:59, Roy T. Fielding wrote:
> On Dec 7, 2006, at 4:09 PM, Dan Diephouse wrote:
> > I must be missing something. If they aren't voted on, how do you know
> > if they're valid and meet release requirements?
>
> It is impossible to verify that in a binary. We have to trust the
> person building it to do so according to an approved script. If people
> want to push a given set of binaries through a QA process and vote on
> the results, more power to 'em -- anything posted to our webservers is
> subject to voting if desired. However, they are just fooling themselves
> if they think testing the binary is sufficient to verify that the binary
> actually matches the source version.
>
> "Real" open source developers build their own. ;-)
So by this theory, we could have just called a vote on the source/binary
distributions in which case the javadoc issue would not have appeared at all.
(that javadoc jar doesn't appear there) Correct? Thus, if the vote passed
on that, we could then proceed to "mvn deploy" which would have resulted in
the javadoc jar without the notice/license in it being put in the Maven
repository for the world to use.
I'm just trying to clarify this for future reference. I personally think
that's a bad practice, but if that's OK for Apache, fine. We'll keep that
in mind for the future.
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Dec 7, 2006, at 4:09 PM, Dan Diephouse wrote:
> I must be missing something. If they aren't voted on, how do you know
> if they're valid and meet release requirements?
It is impossible to verify that in a binary. We have to trust the
person building it to do so according to an approved script. If people
want to push a given set of binaries through a QA process and vote on
the results, more power to 'em -- anything posted to our webservers is
subject to voting if desired. However, they are just fooling themselves
if they think testing the binary is sufficient to verify that the binary
actually matches the source version.
"Real" open source developers build their own. ;-)
....Roy
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Dec 7, 2006, at 4:09 PM, Dan Diephouse wrote:
> I must be missing something. If they aren't voted on, how do you know
> if they're valid and meet release requirements?
It is impossible to verify that in a binary. We have to trust the
person building it to do so according to an approved script. If people
want to push a given set of binaries through a QA process and vote on
the results, more power to 'em -- anything posted to our webservers is
subject to voting if desired. However, they are just fooling themselves
if they think testing the binary is sufficient to verify that the binary
actually matches the source version.
"Real" open source developers build their own. ;-)
....Roy
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by Dan Diephouse <da...@envoisolutions.com>.
I must be missing something. If they aren't voted on, how do you know
if they're valid and meet release requirements?
On 12/7/06, Roy T. Fielding <fi...@gbiv.com> wrote:
> On Dec 7, 2006, at 3:00 PM, Dan Diephouse wrote:
>
> > On 12/7/06, Daniel Kulp <da...@iona.com> wrote:
> >
> >> I would say for now we just remove that jar if it's needed.
> >> However, how
> >> did
> >> the servicemix and other projects votes pass if it's a
> >> requirement? Is
> >> this
> >> another "new requirement in the middle of a vote" thing?
> >>
> >>
> > *wonders the same thing*
> >
> > Additionally, I just realized there are some projects too that have
> > been
> > publishing Maven builds that haven't been approved. Most recently
> > Abdera did
> > this [1][2]. They voted for the release of their binaries, but not
> > their
> > maven artifacts which they created/deployed post vote as I
> > understand it
> > (sorry to cause trouble Abdera folks, I was the one pushing for
> > those builds
> > too!).
>
> FYI, traditionally, all release votes are for the source code package
> and
> only that package. Once the source code version is set in stone,
> binaries
> and assorted other release artifacts can be generated by individual
> committers without a vote if the group trusts them to do so and they
> have a signed key. Some groups might require a vote on binaries as
> well,
> but the ASF only requires a vote on the source.
>
> ....Roy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
--
Dan Diephouse
Envoi Solutions
http://envoisolutions.com | http://netzooid.com/blog
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by Dan Diephouse <da...@envoisolutions.com>.
I must be missing something. If they aren't voted on, how do you know
if they're valid and meet release requirements?
On 12/7/06, Roy T. Fielding <fi...@gbiv.com> wrote:
> On Dec 7, 2006, at 3:00 PM, Dan Diephouse wrote:
>
> > On 12/7/06, Daniel Kulp <da...@iona.com> wrote:
> >
> >> I would say for now we just remove that jar if it's needed.
> >> However, how
> >> did
> >> the servicemix and other projects votes pass if it's a
> >> requirement? Is
> >> this
> >> another "new requirement in the middle of a vote" thing?
> >>
> >>
> > *wonders the same thing*
> >
> > Additionally, I just realized there are some projects too that have
> > been
> > publishing Maven builds that haven't been approved. Most recently
> > Abdera did
> > this [1][2]. They voted for the release of their binaries, but not
> > their
> > maven artifacts which they created/deployed post vote as I
> > understand it
> > (sorry to cause trouble Abdera folks, I was the one pushing for
> > those builds
> > too!).
>
> FYI, traditionally, all release votes are for the source code package
> and
> only that package. Once the source code version is set in stone,
> binaries
> and assorted other release artifacts can be generated by individual
> committers without a vote if the group trusts them to do so and they
> have a signed key. Some groups might require a vote on binaries as
> well,
> but the ASF only requires a vote on the source.
>
> ....Roy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
--
Dan Diephouse
Envoi Solutions
http://envoisolutions.com | http://netzooid.com/blog
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by Dan Diephouse <da...@envoisolutions.com>.
I must be missing something. If they aren't voted on, how do you know
if they're valid and meet release requirements?
On 12/7/06, Roy T. Fielding <fi...@gbiv.com> wrote:
> On Dec 7, 2006, at 3:00 PM, Dan Diephouse wrote:
>
> > On 12/7/06, Daniel Kulp <da...@iona.com> wrote:
> >
> >> I would say for now we just remove that jar if it's needed.
> >> However, how
> >> did
> >> the servicemix and other projects votes pass if it's a
> >> requirement? Is
> >> this
> >> another "new requirement in the middle of a vote" thing?
> >>
> >>
> > *wonders the same thing*
> >
> > Additionally, I just realized there are some projects too that have
> > been
> > publishing Maven builds that haven't been approved. Most recently
> > Abdera did
> > this [1][2]. They voted for the release of their binaries, but not
> > their
> > maven artifacts which they created/deployed post vote as I
> > understand it
> > (sorry to cause trouble Abdera folks, I was the one pushing for
> > those builds
> > too!).
>
> FYI, traditionally, all release votes are for the source code package
> and
> only that package. Once the source code version is set in stone,
> binaries
> and assorted other release artifacts can be generated by individual
> committers without a vote if the group trusts them to do so and they
> have a signed key. Some groups might require a vote on binaries as
> well,
> but the ASF only requires a vote on the source.
>
> ....Roy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
--
Dan Diephouse
Envoi Solutions
http://envoisolutions.com | http://netzooid.com/blog
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Dec 7, 2006, at 3:00 PM, Dan Diephouse wrote:
> On 12/7/06, Daniel Kulp <da...@iona.com> wrote:
>
>> I would say for now we just remove that jar if it's needed.
>> However, how
>> did
>> the servicemix and other projects votes pass if it's a
>> requirement? Is
>> this
>> another "new requirement in the middle of a vote" thing?
>>
>>
> *wonders the same thing*
>
> Additionally, I just realized there are some projects too that have
> been
> publishing Maven builds that haven't been approved. Most recently
> Abdera did
> this [1][2]. They voted for the release of their binaries, but not
> their
> maven artifacts which they created/deployed post vote as I
> understand it
> (sorry to cause trouble Abdera folks, I was the one pushing for
> those builds
> too!).
FYI, traditionally, all release votes are for the source code package
and
only that package. Once the source code version is set in stone,
binaries
and assorted other release artifacts can be generated by individual
committers without a vote if the group trusts them to do so and they
have a signed key. Some groups might require a vote on binaries as
well,
but the ASF only requires a vote on the source.
....Roy
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Dec 7, 2006, at 3:00 PM, Dan Diephouse wrote:
> On 12/7/06, Daniel Kulp <da...@iona.com> wrote:
>
>> I would say for now we just remove that jar if it's needed.
>> However, how
>> did
>> the servicemix and other projects votes pass if it's a
>> requirement? Is
>> this
>> another "new requirement in the middle of a vote" thing?
>>
>>
> *wonders the same thing*
>
> Additionally, I just realized there are some projects too that have
> been
> publishing Maven builds that haven't been approved. Most recently
> Abdera did
> this [1][2]. They voted for the release of their binaries, but not
> their
> maven artifacts which they created/deployed post vote as I
> understand it
> (sorry to cause trouble Abdera folks, I was the one pushing for
> those builds
> too!).
FYI, traditionally, all release votes are for the source code package
and
only that package. Once the source code version is set in stone,
binaries
and assorted other release artifacts can be generated by individual
committers without a vote if the group trusts them to do so and they
have a signed key. Some groups might require a vote on binaries as
well,
but the ASF only requires a vote on the source.
....Roy
Re: Deploying Incubator Maven Artifacts [was Re: [VOTE] Apache Incubator CXF 2.0-M1 Release (RC 3)]
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Dec 7, 2006, at 3:00 PM, Dan Diephouse wrote:
> On 12/7/06, Daniel Kulp <da...@iona.com> wrote:
>
>> I would say for now we just remove that jar if it's needed.
>> However, how
>> did
>> the servicemix and other projects votes pass if it's a
>> requirement? Is
>> this
>> another "new requirement in the middle of a vote" thing?
>>
>>
> *wonders the same thing*
>
> Additionally, I just realized there are some projects too that have
> been
> publishing Maven builds that haven't been approved. Most recently
> Abdera did
> this [1][2]. They voted for the release of their binaries, but not
> their
> maven artifacts which they created/deployed post vote as I
> understand it
> (sorry to cause trouble Abdera folks, I was the one pushing for
> those builds
> too!).
FYI, traditionally, all release votes are for the source code package
and
only that package. Once the source code version is set in stone,
binaries
and assorted other release artifacts can be generated by individual
committers without a vote if the group trusts them to do so and they
have a signed key. Some groups might require a vote on binaries as
well,
but the ASF only requires a vote on the source.
....Roy
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org