You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@toree.apache.org by Chip Senkbeil <ch...@gmail.com> on 2016/01/08 18:58:00 UTC
Publishing jar binaries to Maven Central
Currently, we do not publish any binaries to Maven Central. It would be
nice to take a look at doing this. There was an issue on Github to deal
with this. We can move the discussion here now.
We need to refactor the project's org to org.apache and the artifacts to
toree-<MODULE_NAME> instead of just <MODULE_NAME>. E.g. the communication
module needs to be renamed toree-communication such that we don't publish
org.apache communication as the org and artifact.
Also, a PGP key is needed for signing when publishing to Maven Central. Is
there a process in Apache for maintaining a common PGP key? Or is it that a
certain committer is a release manager as well and uses their PGP key? I've
got my own used previously for other projects, but don't know what policies
there are for this. Thinking of Apache Spark with Patrick Wendell during
releases.
Re: Publishing jar binaries to Maven Central
Posted by Gino Bustelo <gi...@bustelos.com>.
This is the issue where the vote is taking place
https://github.com/zeromq/jeromq/issues/327
On Mon, Feb 15, 2016 at 4:30 PM, Gino Bustelo <gi...@bustelos.com> wrote:
> I guess sometimes all you have to do is ask... cross fingers that it goes
> thru
>
> https://github.com/zeromq/jeromq/issues/326
>
> On Mon, Feb 15, 2016 at 3:13 PM, Luciano Resende <lu...@gmail.com>
> wrote:
>
>> On Mon, Feb 15, 2016 at 1:09 PM, Gino Bustelo <gi...@bustelos.com> wrote:
>>
>> > Luciano... I see you as our main advocate within Apache and I'm seeking
>> > your help as a mentor to make sure that we can put a release out as
>> soon as
>> > possible.
>> >
>> > You have indeed made very clear to us the rules about releases and that
>> is
>> > great. We got it. Only SNAPSHOT.
>> >
>> > Now I think is time to get some help on an official release.
>> >
>> >
>> Great, first thing we should look at is what we plan to do with ZeroMQ,
>> see
>> below the response from the VP of Legal.
>>
>>
>> http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201602.mbox/%3C2A8B931C-1AD6-4230-B2DE-0B33361B3A2B%40jaguNET.com%3E
>>
>>
>>
>> --
>> Luciano Resende
>> http://people.apache.org/~lresende
>> http://twitter.com/lresende1975
>> http://lresende.blogspot.com/
>>
>
>
Re: Publishing jar binaries to Maven Central
Posted by Luciano Resende <lu...@gmail.com>.
Good luck, this is exactly what Sam tried a few weeks back on their mailing
list...
http://lists.zeromq.org/pipermail/zeromq-dev/2016-January/030205.html
On Mon, Feb 15, 2016 at 2:30 PM, Gino Bustelo <gi...@bustelos.com> wrote:
> I guess sometimes all you have to do is ask... cross fingers that it goes
> thru
>
> https://github.com/zeromq/jeromq/issues/326
>
> On Mon, Feb 15, 2016 at 3:13 PM, Luciano Resende <lu...@gmail.com>
> wrote:
>
> > On Mon, Feb 15, 2016 at 1:09 PM, Gino Bustelo <gi...@bustelos.com> wrote:
> >
> > > Luciano... I see you as our main advocate within Apache and I'm seeking
> > > your help as a mentor to make sure that we can put a release out as
> soon
> > as
> > > possible.
> > >
> > > You have indeed made very clear to us the rules about releases and that
> > is
> > > great. We got it. Only SNAPSHOT.
> > >
> > > Now I think is time to get some help on an official release.
> > >
> > >
> > Great, first thing we should look at is what we plan to do with ZeroMQ,
> see
> > below the response from the VP of Legal.
> >
> >
> >
> http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201602.mbox/%3C2A8B931C-1AD6-4230-B2DE-0B33361B3A2B%40jaguNET.com%3E
> >
> >
> >
> > --
> > Luciano Resende
> > http://people.apache.org/~lresende
> > http://twitter.com/lresende1975
> > http://lresende.blogspot.com/
> >
>
--
Luciano Resende
http://people.apache.org/~lresende
http://twitter.com/lresende1975
http://lresende.blogspot.com/
Re: Publishing jar binaries to Maven Central
Posted by Gino Bustelo <gi...@bustelos.com>.
I guess sometimes all you have to do is ask... cross fingers that it goes
thru
https://github.com/zeromq/jeromq/issues/326
On Mon, Feb 15, 2016 at 3:13 PM, Luciano Resende <lu...@gmail.com>
wrote:
> On Mon, Feb 15, 2016 at 1:09 PM, Gino Bustelo <gi...@bustelos.com> wrote:
>
> > Luciano... I see you as our main advocate within Apache and I'm seeking
> > your help as a mentor to make sure that we can put a release out as soon
> as
> > possible.
> >
> > You have indeed made very clear to us the rules about releases and that
> is
> > great. We got it. Only SNAPSHOT.
> >
> > Now I think is time to get some help on an official release.
> >
> >
> Great, first thing we should look at is what we plan to do with ZeroMQ, see
> below the response from the VP of Legal.
>
>
> http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201602.mbox/%3C2A8B931C-1AD6-4230-B2DE-0B33361B3A2B%40jaguNET.com%3E
>
>
>
> --
> Luciano Resende
> http://people.apache.org/~lresende
> http://twitter.com/lresende1975
> http://lresende.blogspot.com/
>
Re: Publishing jar binaries to Maven Central
Posted by Luciano Resende <lu...@gmail.com>.
On Mon, Feb 15, 2016 at 1:09 PM, Gino Bustelo <gi...@bustelos.com> wrote:
> Luciano... I see you as our main advocate within Apache and I'm seeking
> your help as a mentor to make sure that we can put a release out as soon as
> possible.
>
> You have indeed made very clear to us the rules about releases and that is
> great. We got it. Only SNAPSHOT.
>
> Now I think is time to get some help on an official release.
>
>
Great, first thing we should look at is what we plan to do with ZeroMQ, see
below the response from the VP of Legal.
http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201602.mbox/%3C2A8B931C-1AD6-4230-B2DE-0B33361B3A2B%40jaguNET.com%3E
--
Luciano Resende
http://people.apache.org/~lresende
http://twitter.com/lresende1975
http://lresende.blogspot.com/
Re: Publishing jar binaries to Maven Central
Posted by Gino Bustelo <gi...@bustelos.com>.
Luciano... I see you as our main advocate within Apache and I'm seeking
your help as a mentor to make sure that we can put a release out as soon as
possible.
You have indeed made very clear to us the rules about releases and that is
great. We got it. Only SNAPSHOT.
Now I think is time to get some help on an official release.
On Fri, Feb 12, 2016 at 8:47 PM, Luciano Resende <lu...@gmail.com>
wrote:
> On Fri, Feb 12, 2016 at 5:59 PM, Gino Bustelo <lb...@gmail.com> wrote:
>
> > Once we can do the publishing of the different artifacts, we would be
> > ready for a 0.1.0 release.
> >
> > Gino B.
> >
>
> Just to make sure, you MUST not "release" any artifacts without a proper
> vote from the PPMC and approval from IPMC. Developer SNAPSHOT should be ok.
>
> Also, you will have a hard time getting approval for a release with LPGL
> dependencies on ZeroMQ.
>
Re: Publishing jar binaries to Maven Central
Posted by Luciano Resende <lu...@gmail.com>.
On Fri, Feb 12, 2016 at 5:59 PM, Gino Bustelo <lb...@gmail.com> wrote:
> Once we can do the publishing of the different artifacts, we would be
> ready for a 0.1.0 release.
>
> Gino B.
>
Just to make sure, you MUST not "release" any artifacts without a proper
vote from the PPMC and approval from IPMC. Developer SNAPSHOT should be ok.
Also, you will have a hard time getting approval for a release with LPGL
dependencies on ZeroMQ.
Re: Publishing jar binaries to Maven Central
Posted by Gino Bustelo <lb...@gmail.com>.
Once we can do the publishing of the different artifacts, we would be ready for a 0.1.0 release.
Gino B.
> On Feb 11, 2016, at 4:50 PM, Luciano Resende <lu...@gmail.com> wrote:
>
> On Thu, Feb 11, 2016 at 9:21 AM, Chip Senkbeil <ch...@gmail.com>
> wrote:
>
>> So, looking into publishing snapshots to Apache's maven repository. Already
>> got it cleared through infrastructure JIRA. I was trying to see if we could
>> use sbt to publish to staging and release (and sign our binaries). I've
>> used it for Maven Central. However, there are additional requirements
>> like NOTICE and LICENSE files should be present in the META-INF directory
>> within the jar.
> I believe sbt is capable of doing it all. Are you guys preparing to work on
> a release anytime soon ?
>
>
> --
> Luciano Resende
> http://people.apache.org/~lresende
> http://twitter.com/lresende1975
> http://lresende.blogspot.com/
Re: Publishing jar binaries to Maven Central
Posted by Luciano Resende <lu...@gmail.com>.
On Thu, Feb 11, 2016 at 9:21 AM, Chip Senkbeil <ch...@gmail.com>
wrote:
> So, looking into publishing snapshots to Apache's maven repository. Already
> got it cleared through infrastructure JIRA. I was trying to see if we could
> use sbt to publish to staging and release (and sign our binaries). I've
> used it for Maven Central. However, there are additional requirements
> like NOTICE and LICENSE files should be present in the META-INF directory
> within the jar.
>
>
I believe sbt is capable of doing it all. Are you guys preparing to work on
a release anytime soon ?
--
Luciano Resende
http://people.apache.org/~lresende
http://twitter.com/lresende1975
http://lresende.blogspot.com/
Re: Publishing jar binaries to Maven Central
Posted by Chip Senkbeil <ch...@gmail.com>.
So, looking into publishing snapshots to Apache's maven repository. Already
got it cleared through infrastructure JIRA. I was trying to see if we could
use sbt to publish to staging and release (and sign our binaries). I've
used it for Maven Central. However, there are additional requirements
like NOTICE and LICENSE files should be present in the META-INF directory
within the jar.
Does anyone have experience using sbt to publish to Apache's maven
repository? Is it doable? Or do we have to incorporate Maven into the mix?
I could throw in sbt-release to make the process streamlined once I figure
out if we can do everything through sbt. Seems like a lot of steps, though.
On Mon, Jan 11, 2016 at 12:17 PM Luciano Resende <lu...@gmail.com>
wrote:
> On Fri, Jan 8, 2016 at 9:58 AM, Chip Senkbeil <ch...@gmail.com>
> wrote:
>
> > Currently, we do not publish any binaries to Maven Central. It would be
> > nice to take a look at doing this. There was an issue on Github to deal
> > with this. We can move the discussion here now.
> >
> >
> +1
>
>
> > We need to refactor the project's org to org.apache and the artifacts to
> > toree-<MODULE_NAME> instead of just <MODULE_NAME>. E.g. the communication
> > module needs to be renamed toree-communication such that we don't publish
> > org.apache communication as the org and artifact.
> >
> >
> Yes, we will need to do a lot of cleanup before we can do our first Apache
> release.
>
>
>
> > Also, a PGP key is needed for signing when publishing to Maven Central.
> Is
> > there a process in Apache for maintaining a common PGP key? Or is it
> that a
> > certain committer is a release manager as well and uses their PGP key?
> I've
> > got my own used previously for other projects, but don't know what
> policies
> > there are for this. Thinking of Apache Spark with Patrick Wendell during
> > releases.
> >
>
> Usually the release manager will use his key to sign, there was an effort
> for having a single signing mechanism particularly for projects like open
> office, etc, but I don't believe we need any of those.
>
> --
> Luciano Resende
> http://people.apache.org/~lresende
> http://twitter.com/lresende1975
> http://lresende.blogspot.com/
>
Re: Publishing jar binaries to Maven Central
Posted by Luciano Resende <lu...@gmail.com>.
On Fri, Jan 8, 2016 at 9:58 AM, Chip Senkbeil <ch...@gmail.com>
wrote:
> Currently, we do not publish any binaries to Maven Central. It would be
> nice to take a look at doing this. There was an issue on Github to deal
> with this. We can move the discussion here now.
>
>
+1
> We need to refactor the project's org to org.apache and the artifacts to
> toree-<MODULE_NAME> instead of just <MODULE_NAME>. E.g. the communication
> module needs to be renamed toree-communication such that we don't publish
> org.apache communication as the org and artifact.
>
>
Yes, we will need to do a lot of cleanup before we can do our first Apache
release.
> Also, a PGP key is needed for signing when publishing to Maven Central. Is
> there a process in Apache for maintaining a common PGP key? Or is it that a
> certain committer is a release manager as well and uses their PGP key? I've
> got my own used previously for other projects, but don't know what policies
> there are for this. Thinking of Apache Spark with Patrick Wendell during
> releases.
>
Usually the release manager will use his key to sign, there was an effort
for having a single signing mechanism particularly for projects like open
office, etc, but I don't believe we need any of those.
--
Luciano Resende
http://people.apache.org/~lresende
http://twitter.com/lresende1975
http://lresende.blogspot.com/
Re: Publishing jar binaries to Maven Central
Posted by Julien Le Dem <ju...@ledem.net>.
The release is signed by a committer:
http://www.apache.org/info/verification.html <http://www.apache.org/info/verification.html>
To verify the key typically it can be posted on the apache domain:
http://www.apache.org/dev/release-signing.html#keys-policy <http://www.apache.org/dev/release-signing.html#keys-policy>
> On Jan 8, 2016, at 9:58 AM, Chip Senkbeil <ch...@gmail.com> wrote:
>
> Currently, we do not publish any binaries to Maven Central. It would be
> nice to take a look at doing this. There was an issue on Github to deal
> with this. We can move the discussion here now.
>
> We need to refactor the project's org to org.apache and the artifacts to
> toree-<MODULE_NAME> instead of just <MODULE_NAME>. E.g. the communication
> module needs to be renamed toree-communication such that we don't publish
> org.apache communication as the org and artifact.
>
> Also, a PGP key is needed for signing when publishing to Maven Central. Is
> there a process in Apache for maintaining a common PGP key? Or is it that a
> certain committer is a release manager as well and uses their PGP key? I've
> got my own used previously for other projects, but don't know what policies
> there are for this. Thinking of Apache Spark with Patrick Wendell during
> releases.