You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mahout.apache.org by Grant Ingersoll <gs...@apache.org> on 2009/10/18 01:09:59 UTC
Re: [jira] Commented: (MAHOUT-114) Release Process Needs to sign published dependencies such as Hadoop, etc.
On Oct 17, 2009, at 8:46 AM, Sean Owen wrote:
> I committed something that in theory generates signatures for all
> artifacts.
> I confess I am not sure yet how to verify it works short of
> deploying which
> I will begin Monday.
With Maven, you should be able to deploy locally.
>
> It sounds like this issue is soon to be moot anyway. If for some
> reason I
> can't figure out how the heck to do it, I am not going to let it
> block.
It is a blocker until we can link to the Hadoop pubs. So, we might
just as well fix it.
http://repository.apache.org/snapshots/org/apache/hadoop/hadoop-core/
has SNAPSHOTs, but that isn't good enough.
>
> Sean
>
> On Oct 17, 2009 12:23 PM, "Grant Ingersoll (JIRA)" <ji...@apache.org>
> wrote:
>
>
> [
> https://issues.apache.org/jira/browse/MAHOUT-114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12766884#action_12766884]
>
> Grant Ingersoll commented on MAHOUT-114:
> ----------------------------------------
> Yeah, they are, to some extent our artifacts. It's really not a big
> deal.
> All the signature really does is allow someone to verify that what
> they
> downloaded is the thing that we uploaded.
>
>> Release Process Needs to sign published dependencies such as
>> Hadoop, etc.
>> ---------------------...