You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by Marcel Offermans <ma...@luminis.nl> on 2009/01/30 19:42:08 UTC
[VOTE] Release of the dependencymanager 2.0.0
Hello all,
I'm opening a new vote for the first release candidate for the
dependency manager and its optional shell command bundle. I've
compiled everything and put it up for testing and checking here:
http://people.apache.org/~marrs/dependencymanager-2.0.0/
The KEYS file for verifying the signature is also in this directory
and the checksum files should have the correct format.
The main reason for naming this release 2.0.0 is that there have been
many 1.x versions and snapshots out there, so to avoid any confusion
I'm starting with 2.0.0.
Please check the release and cast your votes, the vote will be open
for at least 72 hours:
[ ] +1 Approve the release
[ ] -1 Veto the release (please provide specific comments)
Greetings, Marcel
Re: [VOTE] Release of the dependencymanager 2.0.0
Posted by Toni Menzel <to...@okidokiteam.com>.
+1 (non binding vote)
On Fri, Jan 30, 2009 at 8:42 PM, Pierre De Rop <
pierre.de_rop@alcatel-lucent.fr> wrote:
> +1
>
> /pierre
>
>
> Marcel Offermans wrote:
>
>> Hello all,
>>
>> I'm opening a new vote for the first release candidate for the dependency
>> manager and its optional shell command bundle. I've compiled everything and
>> put it up for testing and checking here:
>>
>> http://people.apache.org/~marrs/dependencymanager-2.0.0/
>>
>> The KEYS file for verifying the signature is also in this directory and
>> the checksum files should have the correct format.
>>
>> The main reason for naming this release 2.0.0 is that there have been many
>> 1.x versions and snapshots out there, so to avoid any confusion I'm starting
>> with 2.0.0.
>>
>> Please check the release and cast your votes, the vote will be open for at
>> least 72 hours:
>>
>> [ ] +1 Approve the release
>> [ ] -1 Veto the release (please provide specific comments)
>>
>> Greetings, Marcel
>>
>>
>>
>
--
Toni Menzel
Software Developer
toni@okidokiteam.com
http://www.ops4j.org - New Energy for OSS Communities - Open
Participation Software.
Re: [VOTE] Release of the dependencymanager 2.0.0
Posted by Pierre De Rop <pi...@alcatel-lucent.fr>.
+1
/pierre
Marcel Offermans wrote:
> Hello all,
>
> I'm opening a new vote for the first release candidate for the
> dependency manager and its optional shell command bundle. I've
> compiled everything and put it up for testing and checking here:
>
> http://people.apache.org/~marrs/dependencymanager-2.0.0/
>
> The KEYS file for verifying the signature is also in this directory
> and the checksum files should have the correct format.
>
> The main reason for naming this release 2.0.0 is that there have been
> many 1.x versions and snapshots out there, so to avoid any confusion
> I'm starting with 2.0.0.
>
> Please check the release and cast your votes, the vote will be open
> for at least 72 hours:
>
> [ ] +1 Approve the release
> [ ] -1 Veto the release (please provide specific comments)
>
> Greetings, Marcel
>
>
Re: [VOTE] Release of the dependencymanager 2.0.0
Posted by Felix Meschberger <fm...@gmail.com>.
Thanks for restarting the vote.
Here is my +1
Two files (SerialExecutor, State) of the dependencymanager bundle have
missing license headers, this should be fixed for future releases.
Regards
Felix
Marcel Offermans schrieb:
> Hello all,
>
> I'm opening a new vote for the first release candidate for the
> dependency manager and its optional shell command bundle. I've compiled
> everything and put it up for testing and checking here:
>
> http://people.apache.org/~marrs/dependencymanager-2.0.0/
>
> The KEYS file for verifying the signature is also in this directory and
> the checksum files should have the correct format.
>
> The main reason for naming this release 2.0.0 is that there have been
> many 1.x versions and snapshots out there, so to avoid any confusion I'm
> starting with 2.0.0.
>
> Please check the release and cast your votes, the vote will be open for
> at least 72 hours:
>
> [ ] +1 Approve the release
> [ ] -1 Veto the release (please provide specific comments)
>
> Greetings, Marcel
>
>
Re: [VOTE] Release of the dependencymanager 2.0.0
Posted by Karl Pauls <ka...@gmail.com>.
On Sat, Jan 31, 2009 at 1:30 PM, Marcel Offermans
<ma...@luminis.nl> wrote:
> Hey Karl,
>
> Thanks for your help on this!
>
> On Jan 31, 2009, at 13:09 , Karl Pauls wrote:
>
>> Seriously, nobody did say its easy to do releases - I agree with
>> richard that it is more of a pain then it should be. Contributions to
>> make it easier by doing some maven magic or writing a check/built
>> script are more then welcome!
>
> I'll definitely add to the release page as I learn more.
Great!
>>> For the signing process, I also followed the procedure. Can anyone tell
>>> me
>>> what went wrong there? Karl?
>>
>> I think you already figured it out. You need to have a LICENSE and
>> NOTICE file in the root of your projects. Additionally, depending on
>> your set-up you might need an
>>
>> <Include-Resource>META-INF/LICENSE=LICENSE,META-INF/NOTICE=NOTICE</Include-Resrouce>
>> instruction in your poms to make them end-up in the jar artifacts.
>
> Ok, I seem to have to add that.
>
>> I guess the next step is to clean-up the release tags in svn and
>> downgrade your version in trunk manually. Then you can redo the
>> release. Ping me when you need more help.
>
> I'm a bit puzzled about that downgrading message. You mean I can still try
> to fix 2.0.0 and re-open the vote? I did remove the release tags for now.
Well, i don't think that there is a clear rule on this one. If you
want to follow the process as we did it most of the times then you
wouldn't need to downgrade and do a new release with a higher version
number (maybe 3.0 if you want a major release). In any case, the
release tags need to be removed.
>>>>> p.s.: Additionally, I don't think the key that was used for signing is
>>>>> in the KEYS file.
>
> Could you please explain this, as I did add my key to the KEYS file. Also,
> when I verify the signature on one of the release files it says:
How did you add it and to which file. I see a key at the end of the
file but it doesn't have a header (i.e., your name doesn't appear).
Maybe you did forget a --armor or something just went wrong? Also, it
might be just me and my set-up - could somebody else try whether the
KEYS file works and let us know for sure?
> $ gpg org.apache.felix.dependencymanager-2.0.0.jar.asc
> gpg: Signature made Wed Jan 28 22:29:37 2009 CET using DSA key ID C5E9604F
> gpg: Good signature from "Marcel Offermans (CODE SIGNING KEY)
> <ma...@apache.org>"
Yes, but that would be running against your local keyring which
contains your key already....
regards,
Karl
> Greetings, Marcel
>
>
--
Karl Pauls
karlpauls@gmail.com
Re: [VOTE] Release of the dependencymanager 2.0.0
Posted by "Richard S. Hall" <he...@ungoverned.org>.
Marcel Offermans wrote:
> On Jan 31, 2009, at 13:09 , Karl Pauls wrote:
>
>> I think you already figured it out. You need to have a LICENSE and
>> NOTICE file in the root of your projects. Additionally, depending on
>> your set-up you might need an
>> <Include-Resource>META-INF/LICENSE=LICENSE,META-INF/NOTICE=NOTICE</Include-Resrouce>
>>
>> instruction in your poms to make them end-up in the jar artifacts.
>
> Ok, I seem to have to add that.
The NOTICE file is trickier (but still fairly simple). You need to
declare your "used" versus "included" dependencies, i.e., "external
dependencies" vs "external dependencies embedded in your JAR". Just look
at other subprojects for examples and if you want verify your NOTICE
file, just send it to the list.
-> richard
>
>> I guess the next step is to clean-up the release tags in svn and
>> downgrade your version in trunk manually. Then you can redo the
>> release. Ping me when you need more help.
>
> I'm a bit puzzled about that downgrading message. You mean I can still
> try to fix 2.0.0 and re-open the vote? I did remove the release tags
> for now.
>
>>>>> p.s.: Additionally, I don't think the key that was used for
>>>>> signing is
>>>>> in the KEYS file.
>
> Could you please explain this, as I did add my key to the KEYS file.
> Also, when I verify the signature on one of the release files it says:
>
> $ gpg org.apache.felix.dependencymanager-2.0.0.jar.asc
> gpg: Signature made Wed Jan 28 22:29:37 2009 CET using DSA key ID
> C5E9604F
> gpg: Good signature from "Marcel Offermans (CODE SIGNING KEY)
> <ma...@apache.org>"
>
> Greetings, Marcel
>
Re: [VOTE] Release of the dependencymanager 2.0.0
Posted by Marcel Offermans <ma...@luminis.nl>.
Hey Karl,
Thanks for your help on this!
On Jan 31, 2009, at 13:09 , Karl Pauls wrote:
> Seriously, nobody did say its easy to do releases - I agree with
> richard that it is more of a pain then it should be. Contributions to
> make it easier by doing some maven magic or writing a check/built
> script are more then welcome!
I'll definitely add to the release page as I learn more.
>> For the signing process, I also followed the procedure. Can anyone
>> tell me
>> what went wrong there? Karl?
>
> I think you already figured it out. You need to have a LICENSE and
> NOTICE file in the root of your projects. Additionally, depending on
> your set-up you might need an
> <Include-Resource>META-INF/LICENSE=LICENSE,META-INF/NOTICE=NOTICE</
> Include-Resrouce>
> instruction in your poms to make them end-up in the jar artifacts.
Ok, I seem to have to add that.
> I guess the next step is to clean-up the release tags in svn and
> downgrade your version in trunk manually. Then you can redo the
> release. Ping me when you need more help.
I'm a bit puzzled about that downgrading message. You mean I can still
try to fix 2.0.0 and re-open the vote? I did remove the release tags
for now.
>>>> p.s.: Additionally, I don't think the key that was used for
>>>> signing is
>>>> in the KEYS file.
Could you please explain this, as I did add my key to the KEYS file.
Also, when I verify the signature on one of the release files it says:
$ gpg org.apache.felix.dependencymanager-2.0.0.jar.asc
gpg: Signature made Wed Jan 28 22:29:37 2009 CET using DSA key ID
C5E9604F
gpg: Good signature from "Marcel Offermans (CODE SIGNING KEY) <marrs@apache.org
>"
Greetings, Marcel
Re: [VOTE] Release of the dependencymanager 2.0.0
Posted by Karl Pauls <ka...@gmail.com>.
On Sat, Jan 31, 2009 at 10:50 AM, Marcel Offermans
<ma...@luminis.nl> wrote:
> Okay, let's see, I followed the release procedure on our site to the letter
> on this one, that does not mention anything about LICENSE or NOTICE files.
> Where should I copy them from (and why does maven not do that for you when
> preparing a release)?
Because its maven :-)
Seriously, nobody did say its easy to do releases - I agree with
richard that it is more of a pain then it should be. Contributions to
make it easier by doing some maven magic or writing a check/built
script are more then welcome!
> For the signing process, I also followed the procedure. Can anyone tell me
> what went wrong there? Karl?
I think you already figured it out. You need to have a LICENSE and
NOTICE file in the root of your projects. Additionally, depending on
your set-up you might need an
<Include-Resource>META-INF/LICENSE=LICENSE,META-INF/NOTICE=NOTICE</Include-Resrouce>
instruction in your poms to make them end-up in the jar artifacts.
I guess the next step is to clean-up the release tags in svn and
downgrade your version in trunk manually. Then you can redo the
release. Ping me when you need more help.
regards,
Karl
> Greetings, Marcel
> On Jan 31, 2009, at 1:54 , Richard S. Hall wrote:
>
>> Yes, I +1 the -1...
>>
>> I know the release process is a pain, but we need to re-do this one.
>> Luckily, the fixes are easy.
>>
>> -> richard
>>
>>
>> Karl Pauls wrote:
>>>
>>> -1
>>>
>>> None of the artifacts (.jar, -project, -bin) contain any LICENSE nor
>>> NOTICE files. Furthermore, as mentioned by Felix Meschberger at least
>>> two files have missing license headers (which I consider a blocker as
>>> well).
>>>
>>> regards,
>>>
>>> Karl
>>>
>>> p.s.: Additionally, I don't think the key that was used for signing is
>>> in the KEYS file.
>>>
>>> On Fri, Jan 30, 2009 at 7:42 PM, Marcel Offermans
>>> <ma...@luminis.nl> wrote:
>>>
>>>> Hello all,
>>>>
>>>> I'm opening a new vote for the first release candidate for the
>>>> dependency
>>>> manager and its optional shell command bundle. I've compiled everything
>>>> and
>>>> put it up for testing and checking here:
>>>>
>>>> http://people.apache.org/~marrs/dependencymanager-2.0.0/
>>>>
>>>> The KEYS file for verifying the signature is also in this directory and
>>>> the
>>>> checksum files should have the correct format.
>>>>
>>>> The main reason for naming this release 2.0.0 is that there have been
>>>> many
>>>> 1.x versions and snapshots out there, so to avoid any confusion I'm
>>>> starting
>>>> with 2.0.0.
>>>>
>>>> Please check the release and cast your votes, the vote will be open for
>>>> at
>>>> least 72 hours:
>>>>
>>>> [ ] +1 Approve the release
>>>> [ ] -1 Veto the release (please provide specific comments)
>>>>
>>>> Greetings, Marcel
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>
>
--
Karl Pauls
karlpauls@gmail.com
Re: [VOTE] Release of the dependencymanager 2.0.0
Posted by Marcel Offermans <ma...@luminis.nl>.
Okay, let's see, I followed the release procedure on our site to the
letter on this one, that does not mention anything about LICENSE or
NOTICE files. Where should I copy them from (and why does maven not do
that for you when preparing a release)?
For the signing process, I also followed the procedure. Can anyone
tell me what went wrong there? Karl?
Greetings, Marcel
On Jan 31, 2009, at 1:54 , Richard S. Hall wrote:
> Yes, I +1 the -1...
>
> I know the release process is a pain, but we need to re-do this one.
> Luckily, the fixes are easy.
>
> -> richard
>
>
> Karl Pauls wrote:
>> -1
>>
>> None of the artifacts (.jar, -project, -bin) contain any LICENSE nor
>> NOTICE files. Furthermore, as mentioned by Felix Meschberger at least
>> two files have missing license headers (which I consider a blocker as
>> well).
>>
>> regards,
>>
>> Karl
>>
>> p.s.: Additionally, I don't think the key that was used for signing
>> is
>> in the KEYS file.
>>
>> On Fri, Jan 30, 2009 at 7:42 PM, Marcel Offermans
>> <ma...@luminis.nl> wrote:
>>
>>> Hello all,
>>>
>>> I'm opening a new vote for the first release candidate for the
>>> dependency
>>> manager and its optional shell command bundle. I've compiled
>>> everything and
>>> put it up for testing and checking here:
>>>
>>> http://people.apache.org/~marrs/dependencymanager-2.0.0/
>>>
>>> The KEYS file for verifying the signature is also in this
>>> directory and the
>>> checksum files should have the correct format.
>>>
>>> The main reason for naming this release 2.0.0 is that there have
>>> been many
>>> 1.x versions and snapshots out there, so to avoid any confusion
>>> I'm starting
>>> with 2.0.0.
>>>
>>> Please check the release and cast your votes, the vote will be
>>> open for at
>>> least 72 hours:
>>>
>>> [ ] +1 Approve the release
>>> [ ] -1 Veto the release (please provide specific comments)
>>>
>>> Greetings, Marcel
>>>
>>>
>>>
>>
>>
>>
>>
Re: [VOTE] Release of the dependencymanager 2.0.0
Posted by "Richard S. Hall" <he...@ungoverned.org>.
Yes, I +1 the -1...
I know the release process is a pain, but we need to re-do this one.
Luckily, the fixes are easy.
-> richard
Karl Pauls wrote:
> -1
>
> None of the artifacts (.jar, -project, -bin) contain any LICENSE nor
> NOTICE files. Furthermore, as mentioned by Felix Meschberger at least
> two files have missing license headers (which I consider a blocker as
> well).
>
> regards,
>
> Karl
>
> p.s.: Additionally, I don't think the key that was used for signing is
> in the KEYS file.
>
> On Fri, Jan 30, 2009 at 7:42 PM, Marcel Offermans
> <ma...@luminis.nl> wrote:
>
>> Hello all,
>>
>> I'm opening a new vote for the first release candidate for the dependency
>> manager and its optional shell command bundle. I've compiled everything and
>> put it up for testing and checking here:
>>
>> http://people.apache.org/~marrs/dependencymanager-2.0.0/
>>
>> The KEYS file for verifying the signature is also in this directory and the
>> checksum files should have the correct format.
>>
>> The main reason for naming this release 2.0.0 is that there have been many
>> 1.x versions and snapshots out there, so to avoid any confusion I'm starting
>> with 2.0.0.
>>
>> Please check the release and cast your votes, the vote will be open for at
>> least 72 hours:
>>
>> [ ] +1 Approve the release
>> [ ] -1 Veto the release (please provide specific comments)
>>
>> Greetings, Marcel
>>
>>
>>
>
>
>
>
Re: [VOTE] Release of the dependencymanager 2.0.0
Posted by Karl Pauls <ka...@gmail.com>.
-1
None of the artifacts (.jar, -project, -bin) contain any LICENSE nor
NOTICE files. Furthermore, as mentioned by Felix Meschberger at least
two files have missing license headers (which I consider a blocker as
well).
regards,
Karl
p.s.: Additionally, I don't think the key that was used for signing is
in the KEYS file.
On Fri, Jan 30, 2009 at 7:42 PM, Marcel Offermans
<ma...@luminis.nl> wrote:
> Hello all,
>
> I'm opening a new vote for the first release candidate for the dependency
> manager and its optional shell command bundle. I've compiled everything and
> put it up for testing and checking here:
>
> http://people.apache.org/~marrs/dependencymanager-2.0.0/
>
> The KEYS file for verifying the signature is also in this directory and the
> checksum files should have the correct format.
>
> The main reason for naming this release 2.0.0 is that there have been many
> 1.x versions and snapshots out there, so to avoid any confusion I'm starting
> with 2.0.0.
>
> Please check the release and cast your votes, the vote will be open for at
> least 72 hours:
>
> [ ] +1 Approve the release
> [ ] -1 Veto the release (please provide specific comments)
>
> Greetings, Marcel
>
>
--
Karl Pauls
karlpauls@gmail.com