You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@river.apache.org by Peter Firmstone <pe...@zeus.net.au> on 2016/09/01 11:57:06 UTC
release artifacts
Getting another set of release artifacts 4 River3 ready and have run all tests again, need to generate pgp signatures on weekend.
Decided not to use X500 release cert to sign jar files this release to prevent holding up progress, since I haven't worked out how others can verify release artifacts as the pgp signatures will be different when comparing artifacts containing signed jars with those that don't, then there's the issue of how to integrate it into the build process.
Regards,
Peter.
Sent from my Samsung device.
Re: release artifacts
Posted by Patricia Shanahan <pa...@acm.org>.
Thanks. I'll go ahead with my own build and test.
On 9/4/2016 6:27 AM, Bryan Thompson wrote:
> I can do this.
>
> Bryan
>
> On Thu, Sep 1, 2016 at 8:52 AM, Patricia Shanahan <pa...@acm.org> wrote:
>
>> My reason for asking this is to make sure there are at least three of us.
>> If Peter and I both build and test the release, it won't be enough to make
>> it an official Apache release. We will need a third PMC member who is
>> active enough to do it.
>>
>> On 9/1/2016 6:31 AM, Patricia Shanahan wrote:
>>
>>> How many PMC members are ready and willing to build and test, so that
>>> they can upvote the release?
>>>
>>> Peter: Why jar files in the release? Isn't it supposed to be source code?
>>>
>>> On 9/1/2016 4:57 AM, Peter Firmstone wrote:
>>>
>>>> Getting another set of release artifacts 4 River3 ready and have run
>>>> all tests again, need to generate pgp signatures on weekend.
>>>>
>>>> Decided not to use X500 release cert to sign jar files this release to
>>>> prevent holding up progress, since I haven't worked out how others can
>>>> verify release artifacts as the pgp signatures will be different when
>>>> comparing artifacts containing signed jars with those that don't, then
>>>> there's the issue of how to integrate it into the build process.
>>>>
>>>> Regards,
>>>>
>>>> Peter.
>>>>
>>>> Sent from my Samsung device.
>>>>
>>>>
>>>>
>
Re: release artifacts
Posted by Bryan Thompson <br...@blazegraph.com>.
I can do this.
Bryan
On Thu, Sep 1, 2016 at 8:52 AM, Patricia Shanahan <pa...@acm.org> wrote:
> My reason for asking this is to make sure there are at least three of us.
> If Peter and I both build and test the release, it won't be enough to make
> it an official Apache release. We will need a third PMC member who is
> active enough to do it.
>
> On 9/1/2016 6:31 AM, Patricia Shanahan wrote:
>
>> How many PMC members are ready and willing to build and test, so that
>> they can upvote the release?
>>
>> Peter: Why jar files in the release? Isn't it supposed to be source code?
>>
>> On 9/1/2016 4:57 AM, Peter Firmstone wrote:
>>
>>> Getting another set of release artifacts 4 River3 ready and have run
>>> all tests again, need to generate pgp signatures on weekend.
>>>
>>> Decided not to use X500 release cert to sign jar files this release to
>>> prevent holding up progress, since I haven't worked out how others can
>>> verify release artifacts as the pgp signatures will be different when
>>> comparing artifacts containing signed jars with those that don't, then
>>> there's the issue of how to integrate it into the build process.
>>>
>>> Regards,
>>>
>>> Peter.
>>>
>>> Sent from my Samsung device.
>>>
>>>
>>>
Re: release artifacts
Posted by Patricia Shanahan <pa...@acm.org>.
My reason for asking this is to make sure there are at least three of
us. If Peter and I both build and test the release, it won't be enough
to make it an official Apache release. We will need a third PMC member
who is active enough to do it.
On 9/1/2016 6:31 AM, Patricia Shanahan wrote:
> How many PMC members are ready and willing to build and test, so that
> they can upvote the release?
>
> Peter: Why jar files in the release? Isn't it supposed to be source code?
>
> On 9/1/2016 4:57 AM, Peter Firmstone wrote:
>> Getting another set of release artifacts 4 River3 ready and have run
>> all tests again, need to generate pgp signatures on weekend.
>>
>> Decided not to use X500 release cert to sign jar files this release to
>> prevent holding up progress, since I haven't worked out how others can
>> verify release artifacts as the pgp signatures will be different when
>> comparing artifacts containing signed jars with those that don't, then
>> there's the issue of how to integrate it into the build process.
>>
>> Regards,
>>
>> Peter.
>>
>> Sent from my Samsung device.
>>
>>
Re: release artifacts
Posted by Patricia Shanahan <pa...@acm.org>.
How many PMC members are ready and willing to build and test, so that
they can upvote the release?
Peter: Why jar files in the release? Isn't it supposed to be source code?
On 9/1/2016 4:57 AM, Peter Firmstone wrote:
> Getting another set of release artifacts 4 River3 ready and have run all tests again, need to generate pgp signatures on weekend.
>
> Decided not to use X500 release cert to sign jar files this release to prevent holding up progress, since I haven't worked out how others can verify release artifacts as the pgp signatures will be different when comparing artifacts containing signed jars with those that don't, then there's the issue of how to integrate it into the build process.
>
> Regards,
>
> Peter.
>
> Sent from my Samsung device.
>
>