You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by ct...@apache.org on 2019/04/06 01:40:26 UTC
[accumulo] branch 1.9 updated: Improve sig/checksum wording on rc
template
This is an automated email from the ASF dual-hosted git repository.
ctubbsii pushed a commit to branch 1.9
in repository https://gitbox.apache.org/repos/asf/accumulo.git
The following commit(s) were added to refs/heads/1.9 by this push:
new bded593 Improve sig/checksum wording on rc template
bded593 is described below
commit bded59340e716806695b60482ea3c11b47d02465
Author: Christopher Tubbs <ct...@apache.org>
AuthorDate: Fri Apr 5 21:36:47 2019 -0400
Improve sig/checksum wording on rc template
Update the release candidate build script to improve the phrasing in the
release candidate email regarding cryptographic signatures and
references to checksums for Maven/Nexus tooling.
The intent is to make it more clear what purpose the sha1/md5 files
serve, and to more prominently highlight the cryptographic pieces that
are significantly more relevant to release prep and voting, but without
being excessively verbose.
---
assemble/build.sh | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/assemble/build.sh b/assemble/build.sh
index a5251a3..d1810f9 100755
--- a/assemble/build.sh
+++ b/assemble/build.sh
@@ -132,18 +132,21 @@ If this vote passes, a gpg-signed tag will be created using:
Staging repo: $(green "$stagingRepoPrefix-$stagingrepo")
Source (official release artifact): $(green "$stagingRepoPrefix-$stagingrepo/org/apache/$tlpName/$projName/$ver/$projName-$ver-$srcQualifier.tar.gz")
Binary: $(green "$stagingRepoPrefix-$stagingrepo/org/apache/$tlpName/$projName/$ver/$projName-$ver-bin.tar.gz")
-(Append ".sha1", ".md5", or ".asc" to download the signature/hash for a given artifact.)
-In addition to the tarballs, and their signatures, the following checksum
+Append ".asc" to download the cryptographic signature for a given artifact.
+(You can also append ".sha1" or ".md5" instead in order to verify the checksums
+generated by Maven to verify the integrity of the Nexus repository staging area.)
+
+Signing keys are available at https://www.apache.org/dist/$tlpName/KEYS
+(Expected fingerprint: $(green "$fingerprint"))
+
+In addition to the tarballs and their signatures, the following checksum
files will be added to the dist/release SVN area after release:
$(yellow "$projName-$ver-$srcQualifier.tar.gz.sha512") will contain:
SHA512 ($(green "$projName-$ver-$srcQualifier.tar.gz")) = $(yellow "$srcSha")
$(yellow "$projName-$ver-bin.tar.gz.sha512") will contain:
SHA512 ($(green "$projName-$ver-bin.tar.gz")) = $(yellow "$binSha")
-Signing keys are available at https://www.apache.org/dist/$tlpName/KEYS
-(Expected fingerprint: $(green "$fingerprint"))
-
Release notes (in progress) can be found at: $(green "https://$tlpName.apache.org/release/$projName-$ver/")
Release testing instructions: $relTestingUrl