You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Rob Tompkins <ch...@gmail.com> on 2019/04/06 16:41:55 UTC
[release-plugin] sha’s (Was: Re: [VOTE] Release Apache Commons Pool 2.6.2 based on RC1)
> On Apr 6, 2019, at 12:24 PM, Gary Gregory <ga...@gmail.com> wrote:
>
> Hi Sebb,
>
> Thank you for your review. Some comments below.
>
>> On Sat, Apr 6, 2019 at 5:00 AM sebb <se...@gmail.com> wrote:
>>
>>> On Sat, 6 Apr 2019 at 03:15, Gary Gregory <gg...@apache.org> wrote:
>>>
>>> We have fixed a few bugs since Apache Commons Pool 2.6.1 was released,
>> so I
>>> would like to release Apache Commons Pool 2.6.2.
>>>
>>> Apache Commons Pool 2.6.2 RC1 is available for review here:
>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1 (svn
>>> revision 33480)
>>>
>>> The Git tag commons-pool-2.6.2-RC1 commit for this RC is
>>> 06de412e2ce72007a6e43112164c371de4a66d3b which you can browse here:
>>>
>>>
>> https://gitbox.apache.org/repos/asf?p=commons-pool.git;a=commit;h=06de412e2ce72007a6e43112164c371de4a66d3b
>>> You may checkout this tag using:
>>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b
>>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1
>>>
>>> Maven artifacts are here:
>>>
>>>
>> https://repository.apache.org/content/repositories/orgapachecommons-1432/org/apache/commons/commons-pool2/2.6.2/
>>>
>>> These are the Maven artifacts and their hashes in Nexus:
>>>
>>> #Release SHA-512s
>>> #Fri Apr 05 21:23:42 EDT 2019
>>>
>> commons-pool2-2.6.2-test-sources-java-source=7494677ccb265bca20fa61fd143f8a5f2e518653926c9a8ca5b33a6b379f9c9c5c262613839ff722200c7053356cbf6fb3a436823c4d6bf504dce4782a206373
>>
>> What is commons-pool2-2.6.2-test-sources-java-source ?
>>
>
> Looks like a SNAFU in our release plugin; sorted, the entries should be:
That’s on me :-)
I used dashes in there for consistency in property naming, but in hindsight it’s more confusing. I’m planning on switching it to the file name verbatim.
Do we want to include the sha1’s of the nexus “convenience” artifacts? We can do this, but have hesitated to in the past.
-Rob
>
> commons-pool2-2.6.2-bin-tar.gz
> SHA512
> 8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e
>
> commons-pool2-2.6.2-bin.zip
> SHA512
> f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd
>
> commons-pool2-2.6.2-src-tar.gz
> SHA512
> a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336
>
> commons-pool2-2.6.2-src.zip
> SHA512
> 86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a
>
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar
> (SHA1: 16cea19174aa457aa254572b9a439926adc4f02a)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar
> (SHA1: df34b03e3af2183cce59faa892b2fbd6adacfea1)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar.asc
> (SHA1: 11e34225a509129a726781fb8f179d1c08f4f43f)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar.asc
> (SHA1: a80bf487ec6a5a5a40b8e0437ea3e27557a8002d)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar
> (SHA1: 5b9c9a358fe3d168e53640c324efe1e98acc5c2d)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom.asc
> (SHA1: 2e6509d0e77e52dd4cd466a4adf0b046525995ce)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar
> (SHA1: 775a8072995b29eafe8fb0a828a190589f71cede)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar.asc
> (SHA1: 82702906bd6c04e56f79fe78570ef090dd2c7680)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar
> (SHA1: 730e1f4e0af8513090412fbbfb8075e625770fc0)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar.asc
> (SHA1: 4fe9ab98ebc9ccc8362319260145b2450f6e94ef)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom
> (SHA1: 597c26594bbf7c24f41603c507fbfdae92cb567e)
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar.asc
> (SHA1: b691db5b596325e2cb2fca6c71a6d1b8b4bb71c6)
>
>
>>>
>> commons-pool2-2.6.2-src-zip=86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a
>>>
>> commons-pool2-2.6.2-sources-java-source=7984cabeda669cb84d54dc65cfe8992ee73bc87b9cb32853482649fe3bb09062f48ee3fe739ec141dad17c071853d6a8ef2ad4a738ceb532b71d49722fa914d0
>>
>> Ditto commons-pool2-2.6.2-sources-java-source ?
>>
>>>
>> commons-pool2-2.6.2-pom.asc=0c2aa02dbac198db0b13d928130c258f1cf9f1e6432a2aedb3639401fb15b332245378cf439b735da61b024d2032ca889133586062cd01c548adcae5c57c82fa
>>>
>> commons-pool2-2.6.2-tests-jar.asc=c4eab9e7200a9ef6577af29889982d60febf0534e7cddb57950049044ffaece22aacd1ced22aed0fc8c8a5236e5423afdfe445c0da517b9f5d6c33a4cc71e321
>>>
>> commons-pool2-2.6.2-bin-zip.asc=66c004f5805eecf897bdf007d746489e1eaf74d484d6136b72bcac0a5654f45be351b83fe6015880c1581a8b143f913b29aff07462c28371e5e6483bf28e1687
>>>
>> commons-pool2-2.6.2-src-tar.gz=a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336
>>>
>> commons-pool2-2.6.2-javadoc-jar.asc=97ab6e2ecf47ec356f8514d51325652468469e99d819769014dbbd1fe77830d27c4efbb4389116052369af5ccc18167a98a1dedda0243a2cf98942e98c05ba45
>>>
>> commons-pool2-2.6.2-test-sources-jar.asc=141122c4aebb25f72d91f208d9b6912c0ecc1b1dedc41972ee281bc6b54c6222ff4993d5c8ad6ab939e5154109f226f67206bb34bed913c6ee00a76c9ba21260
>>>
>> commons-pool2-2.6.2-bin-tar.gz.asc=67a787a210e787a1f74d0fa4af9c3708ed236c70aa4329e202d6bec0837b23a7779a72a358d02b7ee99d2a6d2eaaf8b01c0d7b2e404e742e9e8aca54bd0377fe
>>>
>> commons-pool2-2.6.2-sources-jar.asc=ec62de6a0c294687abffe56a5faea5725e704b792593e7ea3a12b7837cccf476f69c70fe7d8f19ef67a7f1a6bb5f28cbbc239e37cd396caf530bcca7acf6057a
>>>
>> commons-pool2-2.6.2-bin-tar.gz=8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e
>>>
>> commons-pool2-2.6.2-javadoc-javadoc=31504dce4d3e7ef638dcdec1bcbef15467837cf80c21c3fc9a89abcaf2e04de6b2a33165ea3ac809ba3fa27410d7dc6dbe7bb1773b73f9045c73a8081a1f9e17
>>
>> And javadoc-javadoc?
>>
>>>
>> commons-pool2-2.6.2-src-tar.gz.asc=61ae67fb0c9aa6e6760dfbe73c554642acace81a5f1cfa84cd5cdeab1ceb8fe122899514db185ef91920881a5ca9124e93c423f632bc02dd186705719a502eeb
>>>
>> commons-pool2-2.6.2-src-zip.asc=523227eca9aac3fbb2dc118e1a7cc62f79541bc29362c4d3c0923e4f19f4dcb1e2562422e849f90243d840b32ff9ce9787df0491753c7f6b3d0667d95d53e666
>>>
>> commons-pool2-2.6.2-tests-test-jar=c8f9df3a4b8c9eb291a173846cacbdf7d29aa0ba34936889ae825873d82cdfb25ed5e66f728260d1b64bee4d19e7256e3b0052eb099909a0baaa65027960ce81
>>>
>> commons-pool2-2.6.2-jar.asc=fe3b932a97ca44c4c2c7a41b015b184d9e8d21ba2197f1157ba71f60808b735ada20b6c1cfacc4f6fbc59ea5c0f0cbbe957c6ab2c16892f18b6f911497e795d8
>>>
>> commons-pool2-2.6.2-bin-zip=f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd
>>
>> The above are really difficult to read, it would be easier if the name
>> and hash were on subsequent lines
>>
>
> Yeah, that's just the contents of a property file generated by our release
> plugin, so we do not format it. We could...
>
>
>>> (no need for .asc hashes!)
>>
>> So why include them?
>>
>
> Mistake in the release plugin... Rob and I will look into it...
>
> Gary
>
>>
>>> I have tested this with 'clean package site' using:
>>>
>>> Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3;
>>> 2018-10-24T14:41:47-04:00)
>>> Maven home: C:\Java\apache-maven-3.6.0\bin\..
>>> Java version: 1.8.0_202, vendor: Oracle Corporation, runtime: C:\Program
>>> Files\Java\jdk1.8.0_202\jre
>>> Default locale: en_US, platform encoding: Cp1252
>>> OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
>>> Microsoft Windows [Version 10.0.16299.967]
>>>
>>> Details of changes since 2.6.1 are in the release notes:
>>>
>>>
>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/RELEASE-NOTES.txt
>>>
>>>
>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/changes-report.html
>>>
>>> Site:
>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site
>>> (note some *relative* links are broken and the 2.6.2 directories are
>>> not yet created - these will be OK once the site is deployed.)
>>>
>>> CLIRR Report (compared to 2.6.1):
>>>
>>>
>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/clirr-report.html
>>>
>>> JApiCmp Report (compared to 2.6.1):
>>>
>>>
>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/japicmp.html
>>>
>>> RAT Report:
>>>
>>>
>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/rat-report.html
>>>
>>> KEYS:
>>> https://www.apache.org/dist/commons/KEYS
>>>
>>> Please review the release candidate and vote.
>>> This vote will close no sooner that 72 hours from now.
>>>
>>> [ ] +1 Release these artifacts
>>> [ ] +0 OK, but...
>>> [ ] -0 OK, but really should fix...
>>> [ ] -1 I oppose this release because...
>>>
>>> Thank you,
>>>
>>> Gary Gregory,
>>> Release Manager (using key 86fdc7e2a11262cb)
>>>
>>> For following is intended as a helper and refresher for reviewers.
>>>
>>> Validating a release candidate
>>> ==============================
>>>
>>> These guidelines are NOT complete.
>>>
>>> Requirements: Git, Java, Maven.
>>>
>>> You can validate a release from a release candidate (RC) tag as follows.
>>>
>>> 1) Clone and checkout the RC:
>>>
>>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b
>>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1
>>> cd commons-pool-2.6.2-RC1
>>>
>>> 2) Check Apache licenses:
>>>
>>> mvn apache-rat:check
>>>
>>> 3) Build the package:
>>>
>>> mvn -V clean package
>>>
>>> You can record the Maven and Java version produced by -V in your VOTE
>> reply.
>>>
>>> 4) Build the site for a single module project:
>>>
>>> mvn site
>>> Check the site reports in:
>>> target\site\index.html
>>
>> [Windows only path]
>>
>
> I added a Linux version in git master.
>
>
>>
>>> 4) Build the site for a multi-module project:
>>>
>>> mvn site
>>> mvn site:stage
>>> Check the site reports in:
>>> target\site\index.html
>>
>> [Windows only]
>>
>>
> I added a Linux version in git master.
>
> Gary
>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [release-plugin] sha’s (Was: Re: [VOTE] Release Apache Commons Pool 2.6.2 based on RC1)
Posted by sebb <se...@gmail.com>.
On Sun, 7 Apr 2019 at 11:25, Rob Tompkins <ch...@gmail.com> wrote:
>
>
>
> > On Apr 7, 2019, at 5:52 AM, sebb <se...@gmail.com> wrote:
> >
> >> On Sat, 6 Apr 2019 at 17:59, Gary Gregory <ga...@gmail.com> wrote:
> >>
> >>> On Sat, Apr 6, 2019 at 12:48 PM Rob Tompkins <ch...@gmail.com> wrote:
> >>>
> >>>
> >>>
> >>>> On Apr 6, 2019, at 12:24 PM, Gary Gregory <ga...@gmail.com> wrote:
> >>>>
> >>>> Hi Sebb,
> >>>>
> >>>> Thank you for your review. Some comments below.
> >>>>
> >>>>>> On Sat, Apr 6, 2019 at 5:00 AM sebb <se...@gmail.com> wrote:
> >>>>>>
> >>>>>> On Sat, 6 Apr 2019 at 03:15, Gary Gregory <gg...@apache.org> wrote:
> >>>>>>
> >>>>>> We have fixed a few bugs since Apache Commons Pool 2.6.1 was released,
> >>>>> so I
> >>>>>> would like to release Apache Commons Pool 2.6.2.
> >>>>>>
> >>>>>> Apache Commons Pool 2.6.2 RC1 is available for review here:
> >>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1 (svn
> >>>>>> revision 33480)
> >>>>>>
> >>>>>> The Git tag commons-pool-2.6.2-RC1 commit for this RC is
> >>>>>> 06de412e2ce72007a6e43112164c371de4a66d3b which you can browse here:
> >>>>>>
> >>>>>>
> >>>>> https://gitbox.apache.org/repos/asf?p=commons-pool.git;a=commit;h=06de412e2ce72007a6e43112164c371de4a66d3b
> >>>>>> You may checkout this tag using:
> >>>>>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b
> >>>>>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1
> >>>>>>
> >>>>>> Maven artifacts are here:
> >>>>>>
> >>>>>>
> >>>>> https://repository.apache.org/content/repositories/orgapachecommons-1432/org/apache/commons/commons-pool2/2.6.2/
> >>>>>>
> >>>>>> These are the Maven artifacts and their hashes in Nexus:
> >>>>>>
> >>>>>> #Release SHA-512s
> >>>>>> #Fri Apr 05 21:23:42 EDT 2019
> >>>>>>
> >>>>> commons-pool2-2.6.2-test-sources-java-source=7494677ccb265bca20fa61fd143f8a5f2e518653926c9a8ca5b33a6b379f9c9c5c262613839ff722200c7053356cbf6fb3a436823c4d6bf504dce4782a206373
> >>>>>
> >>>>> What is commons-pool2-2.6.2-test-sources-java-source ?
> >>>>>
> >>>>
> >>>> Looks like a SNAFU in our release plugin; sorted, the entries should be:
> >>>
> >>> That’s on me :-)
> >>>
> >>> I used dashes in there for consistency in property naming, but in hindsight it’s more confusing. I’m planning on switching it to the file name verbatim.
> >>>
> >>> Do we want to include the sha1’s of the nexus “convenience” artifacts? We can do this, but have hesitated to in the past.
> >>
> >>
> >> On our page http://commons.apache.org/releases/prepare.html I read: "Also the revisions for the various tags, and hashes for the release artifacts", which I interpret as having the vote email contain the hashes of any files we release on Nexus and Dist folders.
> >>
> >> @Sebastian Bazley WDYT?
> >
> > The intention of the hash is to tie the published artifacts back to the VOTE.
> >
> > So I thjnk we need hashes of all the artifacts that are listed in the VOTE.
> > This includes the convenience artifacts as they should be checked too.
> > e.g. they can be checked for valid N&L files and spurious content
> >
>
> Cool. Do we want the hashes to be those that nexus stores, namely the sha1’s, or do we think they need to be the more secure sha512?
I think they need to agree with the ones in the dist.a.o repo, because
those are the primary release artifacts.
SHA1 is no longer used there.
[I suspect that SHA1 will be dropped from Nexus at some point anyway]
> -Rob
>
>
> >> Gary
> >>
> >>>
> >>> -Rob
> >>>
> >>>>
> >>>> commons-pool2-2.6.2-bin-tar.gz
> >>>> SHA512
> >>>> 8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e
> >>>>
> >>>> commons-pool2-2.6.2-bin.zip
> >>>> SHA512
> >>>> f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd
> >>>>
> >>>> commons-pool2-2.6.2-src-tar.gz
> >>>> SHA512
> >>>> a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336
> >>>>
> >>>> commons-pool2-2.6.2-src.zip
> >>>> SHA512
> >>>> 86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a
> >>>>
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar
> >>>> (SHA1: 16cea19174aa457aa254572b9a439926adc4f02a)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar
> >>>> (SHA1: df34b03e3af2183cce59faa892b2fbd6adacfea1)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar.asc
> >>>> (SHA1: 11e34225a509129a726781fb8f179d1c08f4f43f)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar.asc
> >>>> (SHA1: a80bf487ec6a5a5a40b8e0437ea3e27557a8002d)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar
> >>>> (SHA1: 5b9c9a358fe3d168e53640c324efe1e98acc5c2d)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom.asc
> >>>> (SHA1: 2e6509d0e77e52dd4cd466a4adf0b046525995ce)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar
> >>>> (SHA1: 775a8072995b29eafe8fb0a828a190589f71cede)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar.asc
> >>>> (SHA1: 82702906bd6c04e56f79fe78570ef090dd2c7680)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar
> >>>> (SHA1: 730e1f4e0af8513090412fbbfb8075e625770fc0)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar.asc
> >>>> (SHA1: 4fe9ab98ebc9ccc8362319260145b2450f6e94ef)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom
> >>>> (SHA1: 597c26594bbf7c24f41603c507fbfdae92cb567e)
> >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar.asc
> >>>> (SHA1: b691db5b596325e2cb2fca6c71a6d1b8b4bb71c6)
> >>>>
> >>>>
> >>>>>>
> >>>>> commons-pool2-2.6.2-src-zip=86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a
> >>>>>>
> >>>>> commons-pool2-2.6.2-sources-java-source=7984cabeda669cb84d54dc65cfe8992ee73bc87b9cb32853482649fe3bb09062f48ee3fe739ec141dad17c071853d6a8ef2ad4a738ceb532b71d49722fa914d0
> >>>>>
> >>>>> Ditto commons-pool2-2.6.2-sources-java-source ?
> >>>>>
> >>>>>>
> >>>>> commons-pool2-2.6.2-pom.asc=0c2aa02dbac198db0b13d928130c258f1cf9f1e6432a2aedb3639401fb15b332245378cf439b735da61b024d2032ca889133586062cd01c548adcae5c57c82fa
> >>>>>>
> >>>>> commons-pool2-2.6.2-tests-jar.asc=c4eab9e7200a9ef6577af29889982d60febf0534e7cddb57950049044ffaece22aacd1ced22aed0fc8c8a5236e5423afdfe445c0da517b9f5d6c33a4cc71e321
> >>>>>>
> >>>>> commons-pool2-2.6.2-bin-zip.asc=66c004f5805eecf897bdf007d746489e1eaf74d484d6136b72bcac0a5654f45be351b83fe6015880c1581a8b143f913b29aff07462c28371e5e6483bf28e1687
> >>>>>>
> >>>>> commons-pool2-2.6.2-src-tar.gz=a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336
> >>>>>>
> >>>>> commons-pool2-2.6.2-javadoc-jar.asc=97ab6e2ecf47ec356f8514d51325652468469e99d819769014dbbd1fe77830d27c4efbb4389116052369af5ccc18167a98a1dedda0243a2cf98942e98c05ba45
> >>>>>>
> >>>>> commons-pool2-2.6.2-test-sources-jar.asc=141122c4aebb25f72d91f208d9b6912c0ecc1b1dedc41972ee281bc6b54c6222ff4993d5c8ad6ab939e5154109f226f67206bb34bed913c6ee00a76c9ba21260
> >>>>>>
> >>>>> commons-pool2-2.6.2-bin-tar.gz.asc=67a787a210e787a1f74d0fa4af9c3708ed236c70aa4329e202d6bec0837b23a7779a72a358d02b7ee99d2a6d2eaaf8b01c0d7b2e404e742e9e8aca54bd0377fe
> >>>>>>
> >>>>> commons-pool2-2.6.2-sources-jar.asc=ec62de6a0c294687abffe56a5faea5725e704b792593e7ea3a12b7837cccf476f69c70fe7d8f19ef67a7f1a6bb5f28cbbc239e37cd396caf530bcca7acf6057a
> >>>>>>
> >>>>> commons-pool2-2.6.2-bin-tar.gz=8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e
> >>>>>>
> >>>>> commons-pool2-2.6.2-javadoc-javadoc=31504dce4d3e7ef638dcdec1bcbef15467837cf80c21c3fc9a89abcaf2e04de6b2a33165ea3ac809ba3fa27410d7dc6dbe7bb1773b73f9045c73a8081a1f9e17
> >>>>>
> >>>>> And javadoc-javadoc?
> >>>>>
> >>>>>>
> >>>>> commons-pool2-2.6.2-src-tar.gz.asc=61ae67fb0c9aa6e6760dfbe73c554642acace81a5f1cfa84cd5cdeab1ceb8fe122899514db185ef91920881a5ca9124e93c423f632bc02dd186705719a502eeb
> >>>>>>
> >>>>> commons-pool2-2.6.2-src-zip.asc=523227eca9aac3fbb2dc118e1a7cc62f79541bc29362c4d3c0923e4f19f4dcb1e2562422e849f90243d840b32ff9ce9787df0491753c7f6b3d0667d95d53e666
> >>>>>>
> >>>>> commons-pool2-2.6.2-tests-test-jar=c8f9df3a4b8c9eb291a173846cacbdf7d29aa0ba34936889ae825873d82cdfb25ed5e66f728260d1b64bee4d19e7256e3b0052eb099909a0baaa65027960ce81
> >>>>>>
> >>>>> commons-pool2-2.6.2-jar.asc=fe3b932a97ca44c4c2c7a41b015b184d9e8d21ba2197f1157ba71f60808b735ada20b6c1cfacc4f6fbc59ea5c0f0cbbe957c6ab2c16892f18b6f911497e795d8
> >>>>>>
> >>>>> commons-pool2-2.6.2-bin-zip=f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd
> >>>>>
> >>>>> The above are really difficult to read, it would be easier if the name
> >>>>> and hash were on subsequent lines
> >>>>>
> >>>>
> >>>> Yeah, that's just the contents of a property file generated by our release
> >>>> plugin, so we do not format it. We could...
> >>>>
> >>>>
> >>>>>> (no need for .asc hashes!)
> >>>>>
> >>>>> So why include them?
> >>>>>
> >>>>
> >>>> Mistake in the release plugin... Rob and I will look into it...
> >>>>
> >>>> Gary
> >>>>
> >>>>>
> >>>>>> I have tested this with 'clean package site' using:
> >>>>>>
> >>>>>> Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3;
> >>>>>> 2018-10-24T14:41:47-04:00)
> >>>>>> Maven home: C:\Java\apache-maven-3.6.0\bin\..
> >>>>>> Java version: 1.8.0_202, vendor: Oracle Corporation, runtime: C:\Program
> >>>>>> Files\Java\jdk1.8.0_202\jre
> >>>>>> Default locale: en_US, platform encoding: Cp1252
> >>>>>> OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
> >>>>>> Microsoft Windows [Version 10.0.16299.967]
> >>>>>>
> >>>>>> Details of changes since 2.6.1 are in the release notes:
> >>>>>>
> >>>>>>
> >>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/RELEASE-NOTES.txt
> >>>>>>
> >>>>>>
> >>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/changes-report.html
> >>>>>>
> >>>>>> Site:
> >>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site
> >>>>>> (note some *relative* links are broken and the 2.6.2 directories are
> >>>>>> not yet created - these will be OK once the site is deployed.)
> >>>>>>
> >>>>>> CLIRR Report (compared to 2.6.1):
> >>>>>>
> >>>>>>
> >>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/clirr-report.html
> >>>>>>
> >>>>>> JApiCmp Report (compared to 2.6.1):
> >>>>>>
> >>>>>>
> >>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/japicmp.html
> >>>>>>
> >>>>>> RAT Report:
> >>>>>>
> >>>>>>
> >>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/rat-report.html
> >>>>>>
> >>>>>> KEYS:
> >>>>>> https://www.apache.org/dist/commons/KEYS
> >>>>>>
> >>>>>> Please review the release candidate and vote.
> >>>>>> This vote will close no sooner that 72 hours from now.
> >>>>>>
> >>>>>> [ ] +1 Release these artifacts
> >>>>>> [ ] +0 OK, but...
> >>>>>> [ ] -0 OK, but really should fix...
> >>>>>> [ ] -1 I oppose this release because...
> >>>>>>
> >>>>>> Thank you,
> >>>>>>
> >>>>>> Gary Gregory,
> >>>>>> Release Manager (using key 86fdc7e2a11262cb)
> >>>>>>
> >>>>>> For following is intended as a helper and refresher for reviewers.
> >>>>>>
> >>>>>> Validating a release candidate
> >>>>>> ==============================
> >>>>>>
> >>>>>> These guidelines are NOT complete.
> >>>>>>
> >>>>>> Requirements: Git, Java, Maven.
> >>>>>>
> >>>>>> You can validate a release from a release candidate (RC) tag as follows.
> >>>>>>
> >>>>>> 1) Clone and checkout the RC:
> >>>>>>
> >>>>>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b
> >>>>>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1
> >>>>>> cd commons-pool-2.6.2-RC1
> >>>>>>
> >>>>>> 2) Check Apache licenses:
> >>>>>>
> >>>>>> mvn apache-rat:check
> >>>>>>
> >>>>>> 3) Build the package:
> >>>>>>
> >>>>>> mvn -V clean package
> >>>>>>
> >>>>>> You can record the Maven and Java version produced by -V in your VOTE
> >>>>> reply.
> >>>>>>
> >>>>>> 4) Build the site for a single module project:
> >>>>>>
> >>>>>> mvn site
> >>>>>> Check the site reports in:
> >>>>>> target\site\index.html
> >>>>>
> >>>>> [Windows only path]
> >>>>>
> >>>>
> >>>> I added a Linux version in git master.
> >>>>
> >>>>
> >>>>>
> >>>>>> 4) Build the site for a multi-module project:
> >>>>>>
> >>>>>> mvn site
> >>>>>> mvn site:stage
> >>>>>> Check the site reports in:
> >>>>>> target\site\index.html
> >>>>>
> >>>>> [Windows only]
> >>>>>
> >>>>>
> >>>> I added a Linux version in git master.
> >>>>
> >>>> Gary
> >>>>
> >>>>> ---------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >>>>> For additional commands, e-mail: dev-help@commons.apache.org
> >>>>>
> >>>>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >>> For additional commands, e-mail: dev-help@commons.apache.org
> >>>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [release-plugin] sha’s (Was: Re: [VOTE] Release Apache Commons Pool 2.6.2 based on RC1)
Posted by Rob Tompkins <ch...@gmail.com>.
> On Apr 7, 2019, at 5:52 AM, sebb <se...@gmail.com> wrote:
>
>> On Sat, 6 Apr 2019 at 17:59, Gary Gregory <ga...@gmail.com> wrote:
>>
>>> On Sat, Apr 6, 2019 at 12:48 PM Rob Tompkins <ch...@gmail.com> wrote:
>>>
>>>
>>>
>>>> On Apr 6, 2019, at 12:24 PM, Gary Gregory <ga...@gmail.com> wrote:
>>>>
>>>> Hi Sebb,
>>>>
>>>> Thank you for your review. Some comments below.
>>>>
>>>>>> On Sat, Apr 6, 2019 at 5:00 AM sebb <se...@gmail.com> wrote:
>>>>>>
>>>>>> On Sat, 6 Apr 2019 at 03:15, Gary Gregory <gg...@apache.org> wrote:
>>>>>>
>>>>>> We have fixed a few bugs since Apache Commons Pool 2.6.1 was released,
>>>>> so I
>>>>>> would like to release Apache Commons Pool 2.6.2.
>>>>>>
>>>>>> Apache Commons Pool 2.6.2 RC1 is available for review here:
>>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1 (svn
>>>>>> revision 33480)
>>>>>>
>>>>>> The Git tag commons-pool-2.6.2-RC1 commit for this RC is
>>>>>> 06de412e2ce72007a6e43112164c371de4a66d3b which you can browse here:
>>>>>>
>>>>>>
>>>>> https://gitbox.apache.org/repos/asf?p=commons-pool.git;a=commit;h=06de412e2ce72007a6e43112164c371de4a66d3b
>>>>>> You may checkout this tag using:
>>>>>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b
>>>>>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1
>>>>>>
>>>>>> Maven artifacts are here:
>>>>>>
>>>>>>
>>>>> https://repository.apache.org/content/repositories/orgapachecommons-1432/org/apache/commons/commons-pool2/2.6.2/
>>>>>>
>>>>>> These are the Maven artifacts and their hashes in Nexus:
>>>>>>
>>>>>> #Release SHA-512s
>>>>>> #Fri Apr 05 21:23:42 EDT 2019
>>>>>>
>>>>> commons-pool2-2.6.2-test-sources-java-source=7494677ccb265bca20fa61fd143f8a5f2e518653926c9a8ca5b33a6b379f9c9c5c262613839ff722200c7053356cbf6fb3a436823c4d6bf504dce4782a206373
>>>>>
>>>>> What is commons-pool2-2.6.2-test-sources-java-source ?
>>>>>
>>>>
>>>> Looks like a SNAFU in our release plugin; sorted, the entries should be:
>>>
>>> That’s on me :-)
>>>
>>> I used dashes in there for consistency in property naming, but in hindsight it’s more confusing. I’m planning on switching it to the file name verbatim.
>>>
>>> Do we want to include the sha1’s of the nexus “convenience” artifacts? We can do this, but have hesitated to in the past.
>>
>>
>> On our page http://commons.apache.org/releases/prepare.html I read: "Also the revisions for the various tags, and hashes for the release artifacts", which I interpret as having the vote email contain the hashes of any files we release on Nexus and Dist folders.
>>
>> @Sebastian Bazley WDYT?
>
> The intention of the hash is to tie the published artifacts back to the VOTE.
>
> So I thjnk we need hashes of all the artifacts that are listed in the VOTE.
> This includes the convenience artifacts as they should be checked too.
> e.g. they can be checked for valid N&L files and spurious content
>
Cool. Do we want the hashes to be those that nexus stores, namely the sha1’s, or do we think they need to be the more secure sha512?
-Rob
>> Gary
>>
>>>
>>> -Rob
>>>
>>>>
>>>> commons-pool2-2.6.2-bin-tar.gz
>>>> SHA512
>>>> 8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e
>>>>
>>>> commons-pool2-2.6.2-bin.zip
>>>> SHA512
>>>> f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd
>>>>
>>>> commons-pool2-2.6.2-src-tar.gz
>>>> SHA512
>>>> a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336
>>>>
>>>> commons-pool2-2.6.2-src.zip
>>>> SHA512
>>>> 86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a
>>>>
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar
>>>> (SHA1: 16cea19174aa457aa254572b9a439926adc4f02a)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar
>>>> (SHA1: df34b03e3af2183cce59faa892b2fbd6adacfea1)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar.asc
>>>> (SHA1: 11e34225a509129a726781fb8f179d1c08f4f43f)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar.asc
>>>> (SHA1: a80bf487ec6a5a5a40b8e0437ea3e27557a8002d)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar
>>>> (SHA1: 5b9c9a358fe3d168e53640c324efe1e98acc5c2d)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom.asc
>>>> (SHA1: 2e6509d0e77e52dd4cd466a4adf0b046525995ce)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar
>>>> (SHA1: 775a8072995b29eafe8fb0a828a190589f71cede)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar.asc
>>>> (SHA1: 82702906bd6c04e56f79fe78570ef090dd2c7680)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar
>>>> (SHA1: 730e1f4e0af8513090412fbbfb8075e625770fc0)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar.asc
>>>> (SHA1: 4fe9ab98ebc9ccc8362319260145b2450f6e94ef)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom
>>>> (SHA1: 597c26594bbf7c24f41603c507fbfdae92cb567e)
>>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar.asc
>>>> (SHA1: b691db5b596325e2cb2fca6c71a6d1b8b4bb71c6)
>>>>
>>>>
>>>>>>
>>>>> commons-pool2-2.6.2-src-zip=86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a
>>>>>>
>>>>> commons-pool2-2.6.2-sources-java-source=7984cabeda669cb84d54dc65cfe8992ee73bc87b9cb32853482649fe3bb09062f48ee3fe739ec141dad17c071853d6a8ef2ad4a738ceb532b71d49722fa914d0
>>>>>
>>>>> Ditto commons-pool2-2.6.2-sources-java-source ?
>>>>>
>>>>>>
>>>>> commons-pool2-2.6.2-pom.asc=0c2aa02dbac198db0b13d928130c258f1cf9f1e6432a2aedb3639401fb15b332245378cf439b735da61b024d2032ca889133586062cd01c548adcae5c57c82fa
>>>>>>
>>>>> commons-pool2-2.6.2-tests-jar.asc=c4eab9e7200a9ef6577af29889982d60febf0534e7cddb57950049044ffaece22aacd1ced22aed0fc8c8a5236e5423afdfe445c0da517b9f5d6c33a4cc71e321
>>>>>>
>>>>> commons-pool2-2.6.2-bin-zip.asc=66c004f5805eecf897bdf007d746489e1eaf74d484d6136b72bcac0a5654f45be351b83fe6015880c1581a8b143f913b29aff07462c28371e5e6483bf28e1687
>>>>>>
>>>>> commons-pool2-2.6.2-src-tar.gz=a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336
>>>>>>
>>>>> commons-pool2-2.6.2-javadoc-jar.asc=97ab6e2ecf47ec356f8514d51325652468469e99d819769014dbbd1fe77830d27c4efbb4389116052369af5ccc18167a98a1dedda0243a2cf98942e98c05ba45
>>>>>>
>>>>> commons-pool2-2.6.2-test-sources-jar.asc=141122c4aebb25f72d91f208d9b6912c0ecc1b1dedc41972ee281bc6b54c6222ff4993d5c8ad6ab939e5154109f226f67206bb34bed913c6ee00a76c9ba21260
>>>>>>
>>>>> commons-pool2-2.6.2-bin-tar.gz.asc=67a787a210e787a1f74d0fa4af9c3708ed236c70aa4329e202d6bec0837b23a7779a72a358d02b7ee99d2a6d2eaaf8b01c0d7b2e404e742e9e8aca54bd0377fe
>>>>>>
>>>>> commons-pool2-2.6.2-sources-jar.asc=ec62de6a0c294687abffe56a5faea5725e704b792593e7ea3a12b7837cccf476f69c70fe7d8f19ef67a7f1a6bb5f28cbbc239e37cd396caf530bcca7acf6057a
>>>>>>
>>>>> commons-pool2-2.6.2-bin-tar.gz=8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e
>>>>>>
>>>>> commons-pool2-2.6.2-javadoc-javadoc=31504dce4d3e7ef638dcdec1bcbef15467837cf80c21c3fc9a89abcaf2e04de6b2a33165ea3ac809ba3fa27410d7dc6dbe7bb1773b73f9045c73a8081a1f9e17
>>>>>
>>>>> And javadoc-javadoc?
>>>>>
>>>>>>
>>>>> commons-pool2-2.6.2-src-tar.gz.asc=61ae67fb0c9aa6e6760dfbe73c554642acace81a5f1cfa84cd5cdeab1ceb8fe122899514db185ef91920881a5ca9124e93c423f632bc02dd186705719a502eeb
>>>>>>
>>>>> commons-pool2-2.6.2-src-zip.asc=523227eca9aac3fbb2dc118e1a7cc62f79541bc29362c4d3c0923e4f19f4dcb1e2562422e849f90243d840b32ff9ce9787df0491753c7f6b3d0667d95d53e666
>>>>>>
>>>>> commons-pool2-2.6.2-tests-test-jar=c8f9df3a4b8c9eb291a173846cacbdf7d29aa0ba34936889ae825873d82cdfb25ed5e66f728260d1b64bee4d19e7256e3b0052eb099909a0baaa65027960ce81
>>>>>>
>>>>> commons-pool2-2.6.2-jar.asc=fe3b932a97ca44c4c2c7a41b015b184d9e8d21ba2197f1157ba71f60808b735ada20b6c1cfacc4f6fbc59ea5c0f0cbbe957c6ab2c16892f18b6f911497e795d8
>>>>>>
>>>>> commons-pool2-2.6.2-bin-zip=f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd
>>>>>
>>>>> The above are really difficult to read, it would be easier if the name
>>>>> and hash were on subsequent lines
>>>>>
>>>>
>>>> Yeah, that's just the contents of a property file generated by our release
>>>> plugin, so we do not format it. We could...
>>>>
>>>>
>>>>>> (no need for .asc hashes!)
>>>>>
>>>>> So why include them?
>>>>>
>>>>
>>>> Mistake in the release plugin... Rob and I will look into it...
>>>>
>>>> Gary
>>>>
>>>>>
>>>>>> I have tested this with 'clean package site' using:
>>>>>>
>>>>>> Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3;
>>>>>> 2018-10-24T14:41:47-04:00)
>>>>>> Maven home: C:\Java\apache-maven-3.6.0\bin\..
>>>>>> Java version: 1.8.0_202, vendor: Oracle Corporation, runtime: C:\Program
>>>>>> Files\Java\jdk1.8.0_202\jre
>>>>>> Default locale: en_US, platform encoding: Cp1252
>>>>>> OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
>>>>>> Microsoft Windows [Version 10.0.16299.967]
>>>>>>
>>>>>> Details of changes since 2.6.1 are in the release notes:
>>>>>>
>>>>>>
>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/RELEASE-NOTES.txt
>>>>>>
>>>>>>
>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/changes-report.html
>>>>>>
>>>>>> Site:
>>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site
>>>>>> (note some *relative* links are broken and the 2.6.2 directories are
>>>>>> not yet created - these will be OK once the site is deployed.)
>>>>>>
>>>>>> CLIRR Report (compared to 2.6.1):
>>>>>>
>>>>>>
>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/clirr-report.html
>>>>>>
>>>>>> JApiCmp Report (compared to 2.6.1):
>>>>>>
>>>>>>
>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/japicmp.html
>>>>>>
>>>>>> RAT Report:
>>>>>>
>>>>>>
>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/rat-report.html
>>>>>>
>>>>>> KEYS:
>>>>>> https://www.apache.org/dist/commons/KEYS
>>>>>>
>>>>>> Please review the release candidate and vote.
>>>>>> This vote will close no sooner that 72 hours from now.
>>>>>>
>>>>>> [ ] +1 Release these artifacts
>>>>>> [ ] +0 OK, but...
>>>>>> [ ] -0 OK, but really should fix...
>>>>>> [ ] -1 I oppose this release because...
>>>>>>
>>>>>> Thank you,
>>>>>>
>>>>>> Gary Gregory,
>>>>>> Release Manager (using key 86fdc7e2a11262cb)
>>>>>>
>>>>>> For following is intended as a helper and refresher for reviewers.
>>>>>>
>>>>>> Validating a release candidate
>>>>>> ==============================
>>>>>>
>>>>>> These guidelines are NOT complete.
>>>>>>
>>>>>> Requirements: Git, Java, Maven.
>>>>>>
>>>>>> You can validate a release from a release candidate (RC) tag as follows.
>>>>>>
>>>>>> 1) Clone and checkout the RC:
>>>>>>
>>>>>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b
>>>>>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1
>>>>>> cd commons-pool-2.6.2-RC1
>>>>>>
>>>>>> 2) Check Apache licenses:
>>>>>>
>>>>>> mvn apache-rat:check
>>>>>>
>>>>>> 3) Build the package:
>>>>>>
>>>>>> mvn -V clean package
>>>>>>
>>>>>> You can record the Maven and Java version produced by -V in your VOTE
>>>>> reply.
>>>>>>
>>>>>> 4) Build the site for a single module project:
>>>>>>
>>>>>> mvn site
>>>>>> Check the site reports in:
>>>>>> target\site\index.html
>>>>>
>>>>> [Windows only path]
>>>>>
>>>>
>>>> I added a Linux version in git master.
>>>>
>>>>
>>>>>
>>>>>> 4) Build the site for a multi-module project:
>>>>>>
>>>>>> mvn site
>>>>>> mvn site:stage
>>>>>> Check the site reports in:
>>>>>> target\site\index.html
>>>>>
>>>>> [Windows only]
>>>>>
>>>>>
>>>> I added a Linux version in git master.
>>>>
>>>> Gary
>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>>>>> For additional commands, e-mail: dev-help@commons.apache.org
>>>>>
>>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>>> For additional commands, e-mail: dev-help@commons.apache.org
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [release-plugin] sha’s (Was: Re: [VOTE] Release Apache Commons Pool 2.6.2 based on RC1)
Posted by sebb <se...@gmail.com>.
On Sat, 6 Apr 2019 at 17:59, Gary Gregory <ga...@gmail.com> wrote:
>
> On Sat, Apr 6, 2019 at 12:48 PM Rob Tompkins <ch...@gmail.com> wrote:
>>
>>
>>
>> > On Apr 6, 2019, at 12:24 PM, Gary Gregory <ga...@gmail.com> wrote:
>> >
>> > Hi Sebb,
>> >
>> > Thank you for your review. Some comments below.
>> >
>> >> On Sat, Apr 6, 2019 at 5:00 AM sebb <se...@gmail.com> wrote:
>> >>
>> >>> On Sat, 6 Apr 2019 at 03:15, Gary Gregory <gg...@apache.org> wrote:
>> >>>
>> >>> We have fixed a few bugs since Apache Commons Pool 2.6.1 was released,
>> >> so I
>> >>> would like to release Apache Commons Pool 2.6.2.
>> >>>
>> >>> Apache Commons Pool 2.6.2 RC1 is available for review here:
>> >>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1 (svn
>> >>> revision 33480)
>> >>>
>> >>> The Git tag commons-pool-2.6.2-RC1 commit for this RC is
>> >>> 06de412e2ce72007a6e43112164c371de4a66d3b which you can browse here:
>> >>>
>> >>>
>> >> https://gitbox.apache.org/repos/asf?p=commons-pool.git;a=commit;h=06de412e2ce72007a6e43112164c371de4a66d3b
>> >>> You may checkout this tag using:
>> >>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b
>> >>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1
>> >>>
>> >>> Maven artifacts are here:
>> >>>
>> >>>
>> >> https://repository.apache.org/content/repositories/orgapachecommons-1432/org/apache/commons/commons-pool2/2.6.2/
>> >>>
>> >>> These are the Maven artifacts and their hashes in Nexus:
>> >>>
>> >>> #Release SHA-512s
>> >>> #Fri Apr 05 21:23:42 EDT 2019
>> >>>
>> >> commons-pool2-2.6.2-test-sources-java-source=7494677ccb265bca20fa61fd143f8a5f2e518653926c9a8ca5b33a6b379f9c9c5c262613839ff722200c7053356cbf6fb3a436823c4d6bf504dce4782a206373
>> >>
>> >> What is commons-pool2-2.6.2-test-sources-java-source ?
>> >>
>> >
>> > Looks like a SNAFU in our release plugin; sorted, the entries should be:
>>
>> That’s on me :-)
>>
>> I used dashes in there for consistency in property naming, but in hindsight it’s more confusing. I’m planning on switching it to the file name verbatim.
>>
>> Do we want to include the sha1’s of the nexus “convenience” artifacts? We can do this, but have hesitated to in the past.
>
>
> On our page http://commons.apache.org/releases/prepare.html I read: "Also the revisions for the various tags, and hashes for the release artifacts", which I interpret as having the vote email contain the hashes of any files we release on Nexus and Dist folders.
>
> @Sebastian Bazley WDYT?
The intention of the hash is to tie the published artifacts back to the VOTE.
So I thjnk we need hashes of all the artifacts that are listed in the VOTE.
This includes the convenience artifacts as they should be checked too.
e.g. they can be checked for valid N&L files and spurious content
> Gary
>
>>
>> -Rob
>>
>> >
>> > commons-pool2-2.6.2-bin-tar.gz
>> > SHA512
>> > 8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e
>> >
>> > commons-pool2-2.6.2-bin.zip
>> > SHA512
>> > f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd
>> >
>> > commons-pool2-2.6.2-src-tar.gz
>> > SHA512
>> > a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336
>> >
>> > commons-pool2-2.6.2-src.zip
>> > SHA512
>> > 86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a
>> >
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar
>> > (SHA1: 16cea19174aa457aa254572b9a439926adc4f02a)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar
>> > (SHA1: df34b03e3af2183cce59faa892b2fbd6adacfea1)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar.asc
>> > (SHA1: 11e34225a509129a726781fb8f179d1c08f4f43f)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar.asc
>> > (SHA1: a80bf487ec6a5a5a40b8e0437ea3e27557a8002d)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar
>> > (SHA1: 5b9c9a358fe3d168e53640c324efe1e98acc5c2d)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom.asc
>> > (SHA1: 2e6509d0e77e52dd4cd466a4adf0b046525995ce)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar
>> > (SHA1: 775a8072995b29eafe8fb0a828a190589f71cede)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar.asc
>> > (SHA1: 82702906bd6c04e56f79fe78570ef090dd2c7680)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar
>> > (SHA1: 730e1f4e0af8513090412fbbfb8075e625770fc0)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar.asc
>> > (SHA1: 4fe9ab98ebc9ccc8362319260145b2450f6e94ef)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom
>> > (SHA1: 597c26594bbf7c24f41603c507fbfdae92cb567e)
>> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar.asc
>> > (SHA1: b691db5b596325e2cb2fca6c71a6d1b8b4bb71c6)
>> >
>> >
>> >>>
>> >> commons-pool2-2.6.2-src-zip=86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a
>> >>>
>> >> commons-pool2-2.6.2-sources-java-source=7984cabeda669cb84d54dc65cfe8992ee73bc87b9cb32853482649fe3bb09062f48ee3fe739ec141dad17c071853d6a8ef2ad4a738ceb532b71d49722fa914d0
>> >>
>> >> Ditto commons-pool2-2.6.2-sources-java-source ?
>> >>
>> >>>
>> >> commons-pool2-2.6.2-pom.asc=0c2aa02dbac198db0b13d928130c258f1cf9f1e6432a2aedb3639401fb15b332245378cf439b735da61b024d2032ca889133586062cd01c548adcae5c57c82fa
>> >>>
>> >> commons-pool2-2.6.2-tests-jar.asc=c4eab9e7200a9ef6577af29889982d60febf0534e7cddb57950049044ffaece22aacd1ced22aed0fc8c8a5236e5423afdfe445c0da517b9f5d6c33a4cc71e321
>> >>>
>> >> commons-pool2-2.6.2-bin-zip.asc=66c004f5805eecf897bdf007d746489e1eaf74d484d6136b72bcac0a5654f45be351b83fe6015880c1581a8b143f913b29aff07462c28371e5e6483bf28e1687
>> >>>
>> >> commons-pool2-2.6.2-src-tar.gz=a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336
>> >>>
>> >> commons-pool2-2.6.2-javadoc-jar.asc=97ab6e2ecf47ec356f8514d51325652468469e99d819769014dbbd1fe77830d27c4efbb4389116052369af5ccc18167a98a1dedda0243a2cf98942e98c05ba45
>> >>>
>> >> commons-pool2-2.6.2-test-sources-jar.asc=141122c4aebb25f72d91f208d9b6912c0ecc1b1dedc41972ee281bc6b54c6222ff4993d5c8ad6ab939e5154109f226f67206bb34bed913c6ee00a76c9ba21260
>> >>>
>> >> commons-pool2-2.6.2-bin-tar.gz.asc=67a787a210e787a1f74d0fa4af9c3708ed236c70aa4329e202d6bec0837b23a7779a72a358d02b7ee99d2a6d2eaaf8b01c0d7b2e404e742e9e8aca54bd0377fe
>> >>>
>> >> commons-pool2-2.6.2-sources-jar.asc=ec62de6a0c294687abffe56a5faea5725e704b792593e7ea3a12b7837cccf476f69c70fe7d8f19ef67a7f1a6bb5f28cbbc239e37cd396caf530bcca7acf6057a
>> >>>
>> >> commons-pool2-2.6.2-bin-tar.gz=8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e
>> >>>
>> >> commons-pool2-2.6.2-javadoc-javadoc=31504dce4d3e7ef638dcdec1bcbef15467837cf80c21c3fc9a89abcaf2e04de6b2a33165ea3ac809ba3fa27410d7dc6dbe7bb1773b73f9045c73a8081a1f9e17
>> >>
>> >> And javadoc-javadoc?
>> >>
>> >>>
>> >> commons-pool2-2.6.2-src-tar.gz.asc=61ae67fb0c9aa6e6760dfbe73c554642acace81a5f1cfa84cd5cdeab1ceb8fe122899514db185ef91920881a5ca9124e93c423f632bc02dd186705719a502eeb
>> >>>
>> >> commons-pool2-2.6.2-src-zip.asc=523227eca9aac3fbb2dc118e1a7cc62f79541bc29362c4d3c0923e4f19f4dcb1e2562422e849f90243d840b32ff9ce9787df0491753c7f6b3d0667d95d53e666
>> >>>
>> >> commons-pool2-2.6.2-tests-test-jar=c8f9df3a4b8c9eb291a173846cacbdf7d29aa0ba34936889ae825873d82cdfb25ed5e66f728260d1b64bee4d19e7256e3b0052eb099909a0baaa65027960ce81
>> >>>
>> >> commons-pool2-2.6.2-jar.asc=fe3b932a97ca44c4c2c7a41b015b184d9e8d21ba2197f1157ba71f60808b735ada20b6c1cfacc4f6fbc59ea5c0f0cbbe957c6ab2c16892f18b6f911497e795d8
>> >>>
>> >> commons-pool2-2.6.2-bin-zip=f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd
>> >>
>> >> The above are really difficult to read, it would be easier if the name
>> >> and hash were on subsequent lines
>> >>
>> >
>> > Yeah, that's just the contents of a property file generated by our release
>> > plugin, so we do not format it. We could...
>> >
>> >
>> >>> (no need for .asc hashes!)
>> >>
>> >> So why include them?
>> >>
>> >
>> > Mistake in the release plugin... Rob and I will look into it...
>> >
>> > Gary
>> >
>> >>
>> >>> I have tested this with 'clean package site' using:
>> >>>
>> >>> Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3;
>> >>> 2018-10-24T14:41:47-04:00)
>> >>> Maven home: C:\Java\apache-maven-3.6.0\bin\..
>> >>> Java version: 1.8.0_202, vendor: Oracle Corporation, runtime: C:\Program
>> >>> Files\Java\jdk1.8.0_202\jre
>> >>> Default locale: en_US, platform encoding: Cp1252
>> >>> OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
>> >>> Microsoft Windows [Version 10.0.16299.967]
>> >>>
>> >>> Details of changes since 2.6.1 are in the release notes:
>> >>>
>> >>>
>> >> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/RELEASE-NOTES.txt
>> >>>
>> >>>
>> >> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/changes-report.html
>> >>>
>> >>> Site:
>> >>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site
>> >>> (note some *relative* links are broken and the 2.6.2 directories are
>> >>> not yet created - these will be OK once the site is deployed.)
>> >>>
>> >>> CLIRR Report (compared to 2.6.1):
>> >>>
>> >>>
>> >> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/clirr-report.html
>> >>>
>> >>> JApiCmp Report (compared to 2.6.1):
>> >>>
>> >>>
>> >> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/japicmp.html
>> >>>
>> >>> RAT Report:
>> >>>
>> >>>
>> >> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/rat-report.html
>> >>>
>> >>> KEYS:
>> >>> https://www.apache.org/dist/commons/KEYS
>> >>>
>> >>> Please review the release candidate and vote.
>> >>> This vote will close no sooner that 72 hours from now.
>> >>>
>> >>> [ ] +1 Release these artifacts
>> >>> [ ] +0 OK, but...
>> >>> [ ] -0 OK, but really should fix...
>> >>> [ ] -1 I oppose this release because...
>> >>>
>> >>> Thank you,
>> >>>
>> >>> Gary Gregory,
>> >>> Release Manager (using key 86fdc7e2a11262cb)
>> >>>
>> >>> For following is intended as a helper and refresher for reviewers.
>> >>>
>> >>> Validating a release candidate
>> >>> ==============================
>> >>>
>> >>> These guidelines are NOT complete.
>> >>>
>> >>> Requirements: Git, Java, Maven.
>> >>>
>> >>> You can validate a release from a release candidate (RC) tag as follows.
>> >>>
>> >>> 1) Clone and checkout the RC:
>> >>>
>> >>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b
>> >>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1
>> >>> cd commons-pool-2.6.2-RC1
>> >>>
>> >>> 2) Check Apache licenses:
>> >>>
>> >>> mvn apache-rat:check
>> >>>
>> >>> 3) Build the package:
>> >>>
>> >>> mvn -V clean package
>> >>>
>> >>> You can record the Maven and Java version produced by -V in your VOTE
>> >> reply.
>> >>>
>> >>> 4) Build the site for a single module project:
>> >>>
>> >>> mvn site
>> >>> Check the site reports in:
>> >>> target\site\index.html
>> >>
>> >> [Windows only path]
>> >>
>> >
>> > I added a Linux version in git master.
>> >
>> >
>> >>
>> >>> 4) Build the site for a multi-module project:
>> >>>
>> >>> mvn site
>> >>> mvn site:stage
>> >>> Check the site reports in:
>> >>> target\site\index.html
>> >>
>> >> [Windows only]
>> >>
>> >>
>> > I added a Linux version in git master.
>> >
>> > Gary
>> >
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> >> For additional commands, e-mail: dev-help@commons.apache.org
>> >>
>> >>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [release-plugin] sha’s (Was: Re: [VOTE] Release Apache Commons Pool 2.6.2 based on RC1)
Posted by Gary Gregory <ga...@gmail.com>.
On Sat, Apr 6, 2019 at 12:48 PM Rob Tompkins <ch...@gmail.com> wrote:
>
>
> > On Apr 6, 2019, at 12:24 PM, Gary Gregory <ga...@gmail.com>
> wrote:
> >
> > Hi Sebb,
> >
> > Thank you for your review. Some comments below.
> >
> >> On Sat, Apr 6, 2019 at 5:00 AM sebb <se...@gmail.com> wrote:
> >>
> >>> On Sat, 6 Apr 2019 at 03:15, Gary Gregory <gg...@apache.org> wrote:
> >>>
> >>> We have fixed a few bugs since Apache Commons Pool 2.6.1 was released,
> >> so I
> >>> would like to release Apache Commons Pool 2.6.2.
> >>>
> >>> Apache Commons Pool 2.6.2 RC1 is available for review here:
> >>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1 (svn
> >>> revision 33480)
> >>>
> >>> The Git tag commons-pool-2.6.2-RC1 commit for this RC is
> >>> 06de412e2ce72007a6e43112164c371de4a66d3b which you can browse here:
> >>>
> >>>
> >>
> https://gitbox.apache.org/repos/asf?p=commons-pool.git;a=commit;h=06de412e2ce72007a6e43112164c371de4a66d3b
> >>> You may checkout this tag using:
> >>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b
> >>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1
> >>>
> >>> Maven artifacts are here:
> >>>
> >>>
> >>
> https://repository.apache.org/content/repositories/orgapachecommons-1432/org/apache/commons/commons-pool2/2.6.2/
> >>>
> >>> These are the Maven artifacts and their hashes in Nexus:
> >>>
> >>> #Release SHA-512s
> >>> #Fri Apr 05 21:23:42 EDT 2019
> >>>
> >>
> commons-pool2-2.6.2-test-sources-java-source=7494677ccb265bca20fa61fd143f8a5f2e518653926c9a8ca5b33a6b379f9c9c5c262613839ff722200c7053356cbf6fb3a436823c4d6bf504dce4782a206373
> >>
> >> What is commons-pool2-2.6.2-test-sources-java-source ?
> >>
> >
> > Looks like a SNAFU in our release plugin; sorted, the entries should be:
>
> That’s on me :-)
>
> I used dashes in there for consistency in property naming, but in
> hindsight it’s more confusing. I’m planning on switching it to the file
> name verbatim.
>
> Do we want to include the sha1’s of the nexus “convenience” artifacts? We
> can do this, but have hesitated to in the past.
>
On our page http://commons.apache.org/releases/prepare.html I read: "Also
the revisions for the various tags, and hashes for the release artifacts",
which I interpret as having the vote email contain the hashes of any files
we release on Nexus and Dist folders.
@Sebastian Bazley <se...@gmail.com> WDYT?
Gary
> -Rob
>
> >
> > commons-pool2-2.6.2-bin-tar.gz
> > SHA512
> >
> 8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e
> >
> > commons-pool2-2.6.2-bin.zip
> > SHA512
> >
> f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd
> >
> > commons-pool2-2.6.2-src-tar.gz
> > SHA512
> >
> a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336
> >
> > commons-pool2-2.6.2-src.zip
> > SHA512
> >
> 86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a
> >
> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar
> > (SHA1: 16cea19174aa457aa254572b9a439926adc4f02a)
> >
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar
> > (SHA1: df34b03e3af2183cce59faa892b2fbd6adacfea1)
> >
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar.asc
> > (SHA1: 11e34225a509129a726781fb8f179d1c08f4f43f)
> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar.asc
> > (SHA1: a80bf487ec6a5a5a40b8e0437ea3e27557a8002d)
> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar
> > (SHA1: 5b9c9a358fe3d168e53640c324efe1e98acc5c2d)
> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom.asc
> > (SHA1: 2e6509d0e77e52dd4cd466a4adf0b046525995ce)
> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar
> > (SHA1: 775a8072995b29eafe8fb0a828a190589f71cede)
> >
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar.asc
> > (SHA1: 82702906bd6c04e56f79fe78570ef090dd2c7680)
> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar
> > (SHA1: 730e1f4e0af8513090412fbbfb8075e625770fc0)
> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar.asc
> > (SHA1: 4fe9ab98ebc9ccc8362319260145b2450f6e94ef)
> > /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom
> > (SHA1: 597c26594bbf7c24f41603c507fbfdae92cb567e)
> >
> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar.asc
> > (SHA1: b691db5b596325e2cb2fca6c71a6d1b8b4bb71c6)
> >
> >
> >>>
> >>
> commons-pool2-2.6.2-src-zip=86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a
> >>>
> >>
> commons-pool2-2.6.2-sources-java-source=7984cabeda669cb84d54dc65cfe8992ee73bc87b9cb32853482649fe3bb09062f48ee3fe739ec141dad17c071853d6a8ef2ad4a738ceb532b71d49722fa914d0
> >>
> >> Ditto commons-pool2-2.6.2-sources-java-source ?
> >>
> >>>
> >>
> commons-pool2-2.6.2-pom.asc=0c2aa02dbac198db0b13d928130c258f1cf9f1e6432a2aedb3639401fb15b332245378cf439b735da61b024d2032ca889133586062cd01c548adcae5c57c82fa
> >>>
> >>
> commons-pool2-2.6.2-tests-jar.asc=c4eab9e7200a9ef6577af29889982d60febf0534e7cddb57950049044ffaece22aacd1ced22aed0fc8c8a5236e5423afdfe445c0da517b9f5d6c33a4cc71e321
> >>>
> >>
> commons-pool2-2.6.2-bin-zip.asc=66c004f5805eecf897bdf007d746489e1eaf74d484d6136b72bcac0a5654f45be351b83fe6015880c1581a8b143f913b29aff07462c28371e5e6483bf28e1687
> >>>
> >>
> commons-pool2-2.6.2-src-tar.gz=a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336
> >>>
> >>
> commons-pool2-2.6.2-javadoc-jar.asc=97ab6e2ecf47ec356f8514d51325652468469e99d819769014dbbd1fe77830d27c4efbb4389116052369af5ccc18167a98a1dedda0243a2cf98942e98c05ba45
> >>>
> >>
> commons-pool2-2.6.2-test-sources-jar.asc=141122c4aebb25f72d91f208d9b6912c0ecc1b1dedc41972ee281bc6b54c6222ff4993d5c8ad6ab939e5154109f226f67206bb34bed913c6ee00a76c9ba21260
> >>>
> >>
> commons-pool2-2.6.2-bin-tar.gz.asc=67a787a210e787a1f74d0fa4af9c3708ed236c70aa4329e202d6bec0837b23a7779a72a358d02b7ee99d2a6d2eaaf8b01c0d7b2e404e742e9e8aca54bd0377fe
> >>>
> >>
> commons-pool2-2.6.2-sources-jar.asc=ec62de6a0c294687abffe56a5faea5725e704b792593e7ea3a12b7837cccf476f69c70fe7d8f19ef67a7f1a6bb5f28cbbc239e37cd396caf530bcca7acf6057a
> >>>
> >>
> commons-pool2-2.6.2-bin-tar.gz=8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e
> >>>
> >>
> commons-pool2-2.6.2-javadoc-javadoc=31504dce4d3e7ef638dcdec1bcbef15467837cf80c21c3fc9a89abcaf2e04de6b2a33165ea3ac809ba3fa27410d7dc6dbe7bb1773b73f9045c73a8081a1f9e17
> >>
> >> And javadoc-javadoc?
> >>
> >>>
> >>
> commons-pool2-2.6.2-src-tar.gz.asc=61ae67fb0c9aa6e6760dfbe73c554642acace81a5f1cfa84cd5cdeab1ceb8fe122899514db185ef91920881a5ca9124e93c423f632bc02dd186705719a502eeb
> >>>
> >>
> commons-pool2-2.6.2-src-zip.asc=523227eca9aac3fbb2dc118e1a7cc62f79541bc29362c4d3c0923e4f19f4dcb1e2562422e849f90243d840b32ff9ce9787df0491753c7f6b3d0667d95d53e666
> >>>
> >>
> commons-pool2-2.6.2-tests-test-jar=c8f9df3a4b8c9eb291a173846cacbdf7d29aa0ba34936889ae825873d82cdfb25ed5e66f728260d1b64bee4d19e7256e3b0052eb099909a0baaa65027960ce81
> >>>
> >>
> commons-pool2-2.6.2-jar.asc=fe3b932a97ca44c4c2c7a41b015b184d9e8d21ba2197f1157ba71f60808b735ada20b6c1cfacc4f6fbc59ea5c0f0cbbe957c6ab2c16892f18b6f911497e795d8
> >>>
> >>
> commons-pool2-2.6.2-bin-zip=f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd
> >>
> >> The above are really difficult to read, it would be easier if the name
> >> and hash were on subsequent lines
> >>
> >
> > Yeah, that's just the contents of a property file generated by our
> release
> > plugin, so we do not format it. We could...
> >
> >
> >>> (no need for .asc hashes!)
> >>
> >> So why include them?
> >>
> >
> > Mistake in the release plugin... Rob and I will look into it...
> >
> > Gary
> >
> >>
> >>> I have tested this with 'clean package site' using:
> >>>
> >>> Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3;
> >>> 2018-10-24T14:41:47-04:00)
> >>> Maven home: C:\Java\apache-maven-3.6.0\bin\..
> >>> Java version: 1.8.0_202, vendor: Oracle Corporation, runtime:
> C:\Program
> >>> Files\Java\jdk1.8.0_202\jre
> >>> Default locale: en_US, platform encoding: Cp1252
> >>> OS name: "windows 10", version: "10.0", arch: "amd64", family:
> "windows"
> >>> Microsoft Windows [Version 10.0.16299.967]
> >>>
> >>> Details of changes since 2.6.1 are in the release notes:
> >>>
> >>>
> >>
> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/RELEASE-NOTES.txt
> >>>
> >>>
> >>
> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/changes-report.html
> >>>
> >>> Site:
> >>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site
> >>> (note some *relative* links are broken and the 2.6.2 directories are
> >>> not yet created - these will be OK once the site is deployed.)
> >>>
> >>> CLIRR Report (compared to 2.6.1):
> >>>
> >>>
> >>
> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/clirr-report.html
> >>>
> >>> JApiCmp Report (compared to 2.6.1):
> >>>
> >>>
> >>
> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/japicmp.html
> >>>
> >>> RAT Report:
> >>>
> >>>
> >>
> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/rat-report.html
> >>>
> >>> KEYS:
> >>> https://www.apache.org/dist/commons/KEYS
> >>>
> >>> Please review the release candidate and vote.
> >>> This vote will close no sooner that 72 hours from now.
> >>>
> >>> [ ] +1 Release these artifacts
> >>> [ ] +0 OK, but...
> >>> [ ] -0 OK, but really should fix...
> >>> [ ] -1 I oppose this release because...
> >>>
> >>> Thank you,
> >>>
> >>> Gary Gregory,
> >>> Release Manager (using key 86fdc7e2a11262cb)
> >>>
> >>> For following is intended as a helper and refresher for reviewers.
> >>>
> >>> Validating a release candidate
> >>> ==============================
> >>>
> >>> These guidelines are NOT complete.
> >>>
> >>> Requirements: Git, Java, Maven.
> >>>
> >>> You can validate a release from a release candidate (RC) tag as
> follows.
> >>>
> >>> 1) Clone and checkout the RC:
> >>>
> >>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b
> >>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1
> >>> cd commons-pool-2.6.2-RC1
> >>>
> >>> 2) Check Apache licenses:
> >>>
> >>> mvn apache-rat:check
> >>>
> >>> 3) Build the package:
> >>>
> >>> mvn -V clean package
> >>>
> >>> You can record the Maven and Java version produced by -V in your VOTE
> >> reply.
> >>>
> >>> 4) Build the site for a single module project:
> >>>
> >>> mvn site
> >>> Check the site reports in:
> >>> target\site\index.html
> >>
> >> [Windows only path]
> >>
> >
> > I added a Linux version in git master.
> >
> >
> >>
> >>> 4) Build the site for a multi-module project:
> >>>
> >>> mvn site
> >>> mvn site:stage
> >>> Check the site reports in:
> >>> target\site\index.html
> >>
> >> [Windows only]
> >>
> >>
> > I added a Linux version in git master.
> >
> > Gary
> >
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >> For additional commands, e-mail: dev-help@commons.apache.org
> >>
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>