You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mahout.apache.org by Grant Ingersoll <gs...@apache.org> on 2009/10/18 01:09:59 UTC

Re: [jira] Commented: (MAHOUT-114) Release Process Needs to sign published dependencies such as Hadoop, etc.

On Oct 17, 2009, at 8:46 AM, Sean Owen wrote:

> I committed something that in theory generates signatures for all  
> artifacts.
> I confess I am not sure yet how to verify it works short of  
> deploying which
> I will begin Monday.

With Maven, you should be able to deploy locally.

>
> It sounds like this issue is soon to be moot anyway. If for some  
> reason I
> can't figure out how the heck to do it, I am not going to let it  
> block.

It is a blocker until we can link to the Hadoop pubs.  So, we might  
just as well fix it.

http://repository.apache.org/snapshots/org/apache/hadoop/hadoop-core/  
has SNAPSHOTs, but that isn't good enough.

>
> Sean
>
> On Oct 17, 2009 12:23 PM, "Grant Ingersoll (JIRA)" <ji...@apache.org>  
> wrote:
>
>
>   [
> https://issues.apache.org/jira/browse/MAHOUT-114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12766884#action_12766884]
>
> Grant Ingersoll commented on MAHOUT-114:
> ----------------------------------------
> Yeah, they are, to some extent our artifacts.  It's really not a big  
> deal.
> All the signature really does is allow someone to verify that what  
> they
> downloaded is the thing that we uploaded.
>
>> Release Process Needs to sign published dependencies such as  
>> Hadoop, etc.
>> ---------------------...