You are viewing a plain text version of this content. The canonical link for it is here.

Posted to repository@apache.org by "Henk P. Penning" <he...@cs.uu.nl> on 2008/09/04 17:59:32 UTC

missing sigs in maven repo

Donald Woods,

   in the maven repo, you own 24 unsigned artifacts ;
   please supply the missing sigs ; for details, see

     http://people.apache.org/~henkp/repo/

   Regards,

   Henk Penning -- apache.org infrastructure

----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 253 2804 \_/ \_/
http://people.cs.uu.nl/henkp/                 M penning@cs.uu.nl  \_/

Re: missing sigs in maven repo

Posted by Donald Woods <dw...@apache.org>.

I misread our release steps, in that it said to delete *.asc.* and I 
took that to mean all asc files.  I've added a note to our release 
process page and am uploading the missing files right now.


Thanks for catching this.
-Donald


Henk P. Penning wrote:
> On Thu, 4 Sep 2008, Donald Woods wrote:
> 
>> Date: Thu, 04 Sep 2008 21:49:57 -0400
>> From: Donald Woods <dw...@apache.org>
>> To: Henk P. Penning <he...@cs.uu.nl>
>> Subject: Re: missing sigs in maven repo
> 
> Donald,
> 
>> Do you mean the .asc files?
> 
>   yes.
> 
>>                              Our Geronimo release process is to delete 
>> those before publishing.
> 
>   That is strange ... the ASF requires PGP sigs for all published 
> artifacts.
>   See for instance
> 
>     http://www.apache.org/dev/release-signing.html#policy
> 
>   In the repo, 1283 out of 1339 artifacts have sigs.
>   So, sigs realy should be there.
> 
>   Can you change the Geronimo release process, or see to it that is 
> changed ?
> 
>> -Donald
> 
>   Regards,
> 
>   HPP
> 
>> Henk P. Penning wrote:
>>> Donald Woods,
>>>
>>>   in the maven repo, you own 24 unsigned artifacts ;
>>>   please supply the missing sigs ; for details, see
>>>
>>>     http://people.apache.org/~henkp/repo/
>>>
>>>   Regards,
>>>
>>>   Henk Penning -- apache.org infrastructure
>>>
>>> ----------------------------------------------------------------   _
>>> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
>>> Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
>>> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 253 2804 \_/ \_/
>>> http://people.cs.uu.nl/henkp/                 M penning@cs.uu.nl  \_/
>>>
>>
> 
> ----------------------------------------------------------------   _
> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
> Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 253 2804 \_/ \_/
> http://people.cs.uu.nl/henkp/                 M penning@cs.uu.nl  \_/
>

Re: missing sigs in maven repo

Posted by Jason Dillon <ja...@gmail.com>.

I don't recall the G release policy stating to delete sigs... if it  
does then its wrong.

--jason


On Sep 5, 2008, at 1:14 PM, Henk P. Penning wrote:

> On Thu, 4 Sep 2008, Donald Woods wrote:
>
>> Date: Thu, 04 Sep 2008 21:49:57 -0400
>> From: Donald Woods <dw...@apache.org>
>> To: Henk P. Penning <he...@cs.uu.nl>
>> Subject: Re: missing sigs in maven repo
>
> Donald,
>
>> Do you mean the .asc files?
>
>  yes.
>
>>                             Our Geronimo release process is to  
>> delete those before publishing.
>
>  That is strange ... the ASF requires PGP sigs for all published  
> artifacts.
>  See for instance
>
>    http://www.apache.org/dev/release-signing.html#policy
>
>  In the repo, 1283 out of 1339 artifacts have sigs.
>  So, sigs realy should be there.
>
>  Can you change the Geronimo release process, or see to it that is  
> changed ?
>
>> -Donald
>
>  Regards,
>
>  HPP
>
>> Henk P. Penning wrote:
>>> Donald Woods,
>>>
>>>  in the maven repo, you own 24 unsigned artifacts ;
>>>  please supply the missing sigs ; for details, see
>>>
>>>    http://people.apache.org/~henkp/repo/
>>>
>>>  Regards,
>>>
>>>  Henk Penning -- apache.org infrastructure
>>> ----------------------------------------------------------------   _
>>> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232   
>>> _/ \_
>>> Dept of Computer Science, Utrecht University  T +31 30 253 4106 /  
>>> \_/ \
>>> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 253 2804  
>>> \_/ \_/
>>> http://people.cs.uu.nl/henkp/                 M penning@cs.uu.nl   
>>> \_/
>>
>
> ----------------------------------------------------------------   _
> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
> Dept of Computer Science, Utrecht University  T +31 30 253 4106 /  
> \_/ \
> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 253 2804 \_/  
> \_/
> http://people.cs.uu.nl/henkp/                 M penning@cs.uu.nl  \_/

Re: missing sigs in maven repo

Posted by "Henk P. Penning" <he...@cs.uu.nl>.

On Thu, 4 Sep 2008, Donald Woods wrote:

> Date: Thu, 04 Sep 2008 21:49:57 -0400
> From: Donald Woods <dw...@apache.org>
> To: Henk P. Penning <he...@cs.uu.nl>
> Subject: Re: missing sigs in maven repo

Donald,

> Do you mean the .asc files?

   yes.

>                              Our Geronimo release process is to delete those 
> before publishing.

   That is strange ... the ASF requires PGP sigs for all published artifacts.
   See for instance

     http://www.apache.org/dev/release-signing.html#policy

   In the repo, 1283 out of 1339 artifacts have sigs.
   So, sigs realy should be there.

   Can you change the Geronimo release process, or see to it that is changed ?

> -Donald

   Regards,

   HPP

> Henk P. Penning wrote:
>> Donald Woods,
>>
>>   in the maven repo, you own 24 unsigned artifacts ;
>>   please supply the missing sigs ; for details, see
>>
>>     http://people.apache.org/~henkp/repo/
>>
>>   Regards,
>>
>>   Henk Penning -- apache.org infrastructure
>> 
>> ----------------------------------------------------------------   _
>> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
>> Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
>> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 253 2804 \_/ \_/
>> http://people.cs.uu.nl/henkp/                 M penning@cs.uu.nl  \_/
>> 
>

----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 253 2804 \_/ \_/
http://people.cs.uu.nl/henkp/                 M penning@cs.uu.nl  \_/