[CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

classic Classic list List threaded Threaded
19 messages Options
Reply | Threaded
Open this post in threaded view
|

[CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

garydgregory
[editing subject]

On Thu, Dec 1, 2016 at 9:14 AM, Gary Gregory <[hidden email]> wrote:

> I am canceling this VOTE to deal with the missing src files.
>
> Gary
>
> On Thu, Dec 1, 2016 at 3:26 AM, Stian Soiland-Reyes <[hidden email]>
> wrote:
>
>> I did "mvn clean install -Prelease" from SVN and got in target/:
>>
>> commons-parent-42-SNAPSHOT-src.tar.gz
>> commons-parent-42-SNAPSHOT-src.zip
>>
>> however they were not installed to the Maven repository, because the
>> pom says "<attach>false</attach>"
>>
>>
>>
>> On 30 November 2016 at 19:04, Gary Gregory <[hidden email]>
>> wrote:
>> > On Wed, Nov 30, 2016 at 1:34 AM, Stian Soiland-Reyes <[hidden email]>
>> > wrote:
>> >
>> >> Just a thing I noticed..
>> >>
>> >> In https://dist.apache.org/repos/dist/release/commons/commons-
>> >> parent/commons-parent-41/
>> >> and before we had a -src.tar.gz and -src.zip
>> >> (just like any other
>> >>
>> >> while your candidate in
>> >> https://dist.apache.org/repos/dist/dev/commons/commons-parent/42-RC1/
>> >>  is just the deployed pom file and so can't as easily be "built" or
>> >> installed.
>> >>
>> >> Not a blocker for me personally, but it would be good if we can keep
>> >> the parent similar to the other components, even if it doesn't have
>> >> any source code. For instance Debian packages Commons parent.
>> >>
>> >
>> > I looks like we started providing the src zip/gz with version 40 only.
>> Crud!
>> >
>> > I'm not sure why the assembly plugin did not kick in.
>> >
>> > Can someone take a look?
>> >
>> > Thank you,
>> > Gary
>> >
>> >
>> >>
>> >> On 30 November 2016 at 09:25, Stian Soiland-Reyes <[hidden email]>
>> >> wrote:
>> >> > +1
>> >> >
>> >> > Checked:
>> >> >
>> >> > +1 Signatures, hashes
>> >> > +1 tag matches repo matches dist
>> >> > +1 No binaries
>> >> > +1 Works with beanutils
>> >> >
>> >> > I got a bug when using it with Commons RDF for "mvn clean package
>> >> install",
>> >> > related to the updated site-plugin:
>> >> >
>> >> > [ERROR] Failed to execute goal
>> >> > org.apache.maven.plugins:maven-site-plugin:3.6:site (default-site)
>> on
>> >> > project commons-rdf-parent: Execution default-site of goal
>> >> > org.apache.maven.plugins:maven-site-plugin:3.6:site failed: A
>> required
>> >> class
>> >> > was missing while executing
>> >> > org.apache.maven.plugins:maven-site-plugin:3.6:site:
>> >> > org/apache/maven/doxia/sink/impl/XhtmlBaseSink
>> >> >
>> >> > This was fixed by updating its doxia-module-markdown dependency from
>> 1.6
>> >> to
>> >> > 1.7.
>> >> >
>> >> > With beanutils I tested the parent with "mvn clean install site" and
>> "mvn
>> >> > release:prepare".
>> >> >
>> >> > On 27 November 2016 at 08:21, Gary Gregory <[hidden email]>
>> wrote:
>> >> >> We have added some enhancements since Commons Parent POM 41 was
>> >> released,
>> >> >> so I would like to release Commons Parent POM 42.
>> >> >>
>> >> >> Commons Parent POM 42 RC1 is available for review here:
>> >> >> https://dist.apache.org/repos/dist/dev/commons/commons-paren
>> t/42-RC1/
>> >> >> (svn revision 17171)
>> >> >>
>> >> >> The tag is here:
>> >> >>
>> >> >>
>> >> >> http://svn.apache.org/repos/asf/commons/proper/commons-
>> >> parent/tags/commons-parent-42-RC1/
>> >> >> (svn revision 1771539)
>> >> >> N.B. the SVN revision is required because SVN tags are not
>> immutable.
>> >> >>
>> >> >> Maven artifacts are here:
>> >> >>
>> >> >>
>> >> >> https://repository.apache.org/content/repositories/
>> >> orgapachecommons-1221/org/apache/commons/commons-parent/42/
>> >> >>
>> >> >> These are the Maven artifacts and their hashes
>> >> >>
>> >> >> /org/apache/commons/commons-parent/42/commons-parent-42-site.xml
>> >> >> (SHA1: a76e03e9059f31abc5e3c22f4e857366e689068f)
>> >> >> /org/apache/commons/commons-parent/42/commons-parent-42-site
>> .xml.asc
>> >> >> (SHA1: 16b625891e404d95eb7688a99889dc499148d060)
>> >> >> /org/apache/commons/commons-parent/42/commons-parent-42.pom
>> >> >> (SHA1: b95e1096a4cf0d8bcd52740900a474b1e7f87dd1)
>> >> >> /org/apache/commons/commons-parent/42/commons-parent-42.pom.asc
>> >> >> (SHA1: 810728ac23f181f0f706ae0132bdb406288f5859)
>> >> >>
>> >> >> I built this with:
>> >> >>
>> >> >> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
>> >> >> 2015-11-10T08:41:47-08:00)
>> >> >> Maven home: E:\Java\apache-maven-3.3.9\bin\..
>> >> >> Java version: 1.8.0_112, vendor: Oracle Corporation
>> >> >> Java home: C:\Program Files\Java\jdk1.8.0_112\jre
>> >> >> Default locale: en_US, platform encoding: Cp1252
>> >> >> OS name: "windows 7", version: "6.1", arch: "amd64", family: "dos"
>> >> >>
>> >> >> The site was built with:
>> >> >>
>> >> >> Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1;
>> >> >> 2014-12-14T09:29:23-08:00)
>> >> >> Maven home: E:\Java\apache-maven-3.2.5
>> >> >> Java version: 1.7.0_79, vendor: Oracle Corporation
>> >> >> Java home: C:\Program Files\Java\jdk1.7.0_79\jre
>> >> >> Default locale: en_US, platform encoding: Cp1252
>> >> >> OS name: "windows 7", version: "6.1", arch: "amd64", family:
>> "windows"
>> >> >>
>> >> >> [because Maven 3.3.9 gets an exception due to a binary compatiblity
>> >> break
>> >> >> in Slf4j.)
>> >> >>
>> >> >> Details of changes since 41 are in the release notes:
>> >> >>
>> >> >>
>> >> >> https://dist.apache.org/repos/dist/dev/commons/commons-
>> >> parent/42-RC1/RELEASE-NOTES.txt
>> >> >>
>> >> >>
>> >> >> https://people.apache.org/~ggregory/commons-parent-42-
>> >> RC1/site/changes-report.html
>> >> >>
>> >> >> Site:
>> >> >> https://people.apache.org/~ggregory/commons-parent-42-RC1/site/
>> >> >> (note some *relative* links are broken and the 42 directories are
>> >> >> not yet created - these will be OK once the site is deployed)
>> >> >>
>> >> >> There is no Clirr Report (compared to 41) since there is no Java
>> code in
>> >> >> this project.
>> >> >>
>> >> >> RAT Report:
>> >> >>
>> >> >>
>> >> >> https://people.apache.org/~ggregory/commons-parent-42-
>> >> RC1/site/rat-report.html
>> >> >> KEYS:
>> >> >> https://www.apache.org/dist/commons/KEYS
>> >> >>
>> >> >> Please review the release candidate and vote.
>> >> >>
>> >> >> This lazy vote will close no sooner that 72 hours from now, i.e.
>> >> sometime
>> >> >> after 09:00 UTC 30-November 2016
>> >> >>
>> >> >> [ ] +1 Release these artifacts
>> >> >> [ ] +0 OK, but...
>> >> >> [ ] -0 OK, but really should fix...
>> >> >> [ ] -1 I oppose this release because...
>> >> >>
>> >> >> Thanks!
>> >> >>
>> >> >> Gary Gregory
>> >> >>
>> >> >> --
>> >> >> E-Mail: [hidden email] | [hidden email] <
>> >> [hidden email]>
>> >> >> Java Persistence with Hibernate, Second Edition
>> >> >>
>> >> >> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
>> >> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
>> >> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b
>> 1af9fe6a2b8>
>> >> >>
>> >> >>
>> >> >> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> >> am2&o=1&a=1617290459>
>> >> >> JUnit in Action, Second Edition
>> >> >>
>> >> >> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
>> >> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
>> >> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac
>> 902a24de418%22
>> >> >
>> >> >>
>> >> >>
>> >> >> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> >> am2&o=1&a=1935182021>
>> >> >> Spring Batch in Action
>> >> >>
>> >> >> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
>> >> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
>> >> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
>> >> 7Blink_id%7D%7D%22%3ESpring%20Batch%20in%20Action>
>> >> >>
>> >> >>
>> >> >> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> >> am2&o=1&a=1935182951>
>> >> >> Blog: http://garygregory.wordpress.com
>> >> >> Home: http://garygregory.com/
>> >> >> Tweet! http://twitter.com/GaryGregory
>> >> >
>> >> > --
>> >> > Stian Soiland-Reyes
>> >> > http://orcid.org/0000-0001-9842-9718
>> >>
>> >>
>> >>
>> >> --
>> >> Stian Soiland-Reyes
>> >> http://orcid.org/0000-0001-9842-9718
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [hidden email]
>> >> For additional commands, e-mail: [hidden email]
>> >>
>> >>
>> >
>> >
>> > --
>> > E-Mail: [hidden email] | [hidden email]
>> > Java Persistence with Hibernate, Second Edition
>> > <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>> >
>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> am2&o=1&a=1617290459>
>> > JUnit in Action, Second Edition
>> > <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>> >
>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> am2&o=1&a=1935182021>
>> > Spring Batch in Action
>> > <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> am2&o=1&a=1935182951>
>> > Blog: http://garygregory.wordpress.com
>> > Home: http://garygregory.com/
>> > Tweet! http://twitter.com/GaryGregory
>>
>>
>>
>> --
>> Stian Soiland-Reyes
>> http://orcid.org/0000-0001-9842-9718
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> --
> E-Mail: [hidden email] | [hidden email]
> Java Persistence with Hibernate, Second Edition
> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
> JUnit in Action, Second Edition
> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
> Spring Batch in Action
> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
> Blog: http://garygregory.wordpress.com
> Home: http://garygregory.com/
> Tweet! http://twitter.com/GaryGregory
>



--
E-Mail: [hidden email] | [hidden email]
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
Reply | Threaded
Open this post in threaded view
|

Re: [CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

Charles Honton
Why do we expect the src zip to be present in the maven repository?  No other commons project pushes the src zip/gz to maven central.

If we want to supply src zip/gz as a convenience, why wouldn’t it be at http://commons.apache.org/proper/ <http://commons.apache.org/proper/> as all other components are?

thanks,
chas

> On Dec 1, 2016, at 9:15 AM, Gary Gregory <[hidden email]> wrote:
>
> [editing subject]
>
> On Thu, Dec 1, 2016 at 9:14 AM, Gary Gregory <[hidden email]> wrote:
>
>> I am canceling this VOTE to deal with the missing src files.
>>
>> Gary
>>
>> On Thu, Dec 1, 2016 at 3:26 AM, Stian Soiland-Reyes <[hidden email]>
>> wrote:
>>
>>> I did "mvn clean install -Prelease" from SVN and got in target/:
>>>
>>> commons-parent-42-SNAPSHOT-src.tar.gz
>>> commons-parent-42-SNAPSHOT-src.zip
>>>
>>> however they were not installed to the Maven repository, because the
>>> pom says "<attach>false</attach>"
>>>
>>>
>>>
>>> On 30 November 2016 at 19:04, Gary Gregory <[hidden email]>
>>> wrote:
>>>> On Wed, Nov 30, 2016 at 1:34 AM, Stian Soiland-Reyes <[hidden email]>
>>>> wrote:
>>>>
>>>>> Just a thing I noticed..
>>>>>
>>>>> In https://dist.apache.org/repos/dist/release/commons/commons-
>>>>> parent/commons-parent-41/
>>>>> and before we had a -src.tar.gz and -src.zip
>>>>> (just like any other
>>>>>
>>>>> while your candidate in
>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-parent/42-RC1/
>>>>> is just the deployed pom file and so can't as easily be "built" or
>>>>> installed.
>>>>>
>>>>> Not a blocker for me personally, but it would be good if we can keep
>>>>> the parent similar to the other components, even if it doesn't have
>>>>> any source code. For instance Debian packages Commons parent.
>>>>>
>>>>
>>>> I looks like we started providing the src zip/gz with version 40 only.
>>> Crud!
>>>>
>>>> I'm not sure why the assembly plugin did not kick in.
>>>>
>>>> Can someone take a look?
>>>>
>>>> Thank you,
>>>> Gary
>>>>
>>>>
>>>>>
>>>>> On 30 November 2016 at 09:25, Stian Soiland-Reyes <[hidden email]>
>>>>> wrote:
>>>>>> +1
>>>>>>
>>>>>> Checked:
>>>>>>
>>>>>> +1 Signatures, hashes
>>>>>> +1 tag matches repo matches dist
>>>>>> +1 No binaries
>>>>>> +1 Works with beanutils
>>>>>>
>>>>>> I got a bug when using it with Commons RDF for "mvn clean package
>>>>> install",
>>>>>> related to the updated site-plugin:
>>>>>>
>>>>>> [ERROR] Failed to execute goal
>>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site (default-site)
>>> on
>>>>>> project commons-rdf-parent: Execution default-site of goal
>>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site failed: A
>>> required
>>>>> class
>>>>>> was missing while executing
>>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site:
>>>>>> org/apache/maven/doxia/sink/impl/XhtmlBaseSink
>>>>>>
>>>>>> This was fixed by updating its doxia-module-markdown dependency from
>>> 1.6
>>>>> to
>>>>>> 1.7.
>>>>>>
>>>>>> With beanutils I tested the parent with "mvn clean install site" and
>>> "mvn
>>>>>> release:prepare".
>>>>>>
>>>>>> On 27 November 2016 at 08:21, Gary Gregory <[hidden email]>
>>> wrote:
>>>>>>> We have added some enhancements since Commons Parent POM 41 was
>>>>> released,
>>>>>>> so I would like to release Commons Parent POM 42.
>>>>>>>
>>>>>>> Commons Parent POM 42 RC1 is available for review here:
>>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
>>> t/42-RC1/
>>>>>>> (svn revision 17171)
>>>>>>>
>>>>>>> The tag is here:
>>>>>>>
>>>>>>>
>>>>>>> http://svn.apache.org/repos/asf/commons/proper/commons-
>>>>> parent/tags/commons-parent-42-RC1/
>>>>>>> (svn revision 1771539)
>>>>>>> N.B. the SVN revision is required because SVN tags are not
>>> immutable.
>>>>>>>
>>>>>>> Maven artifacts are here:
>>>>>>>
>>>>>>>
>>>>>>> https://repository.apache.org/content/repositories/
>>>>> orgapachecommons-1221/org/apache/commons/commons-parent/42/
>>>>>>>
>>>>>>> These are the Maven artifacts and their hashes
>>>>>>>
>>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site.xml
>>>>>>> (SHA1: a76e03e9059f31abc5e3c22f4e857366e689068f)
>>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site
>>> .xml.asc
>>>>>>> (SHA1: 16b625891e404d95eb7688a99889dc499148d060)
>>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom
>>>>>>> (SHA1: b95e1096a4cf0d8bcd52740900a474b1e7f87dd1)
>>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom.asc
>>>>>>> (SHA1: 810728ac23f181f0f706ae0132bdb406288f5859)
>>>>>>>
>>>>>>> I built this with:
>>>>>>>
>>>>>>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
>>>>>>> 2015-11-10T08:41:47-08:00)
>>>>>>> Maven home: E:\Java\apache-maven-3.3.9\bin\..
>>>>>>> Java version: 1.8.0_112, vendor: Oracle Corporation
>>>>>>> Java home: C:\Program Files\Java\jdk1.8.0_112\jre
>>>>>>> Default locale: en_US, platform encoding: Cp1252
>>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family: "dos"
>>>>>>>
>>>>>>> The site was built with:
>>>>>>>
>>>>>>> Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1;
>>>>>>> 2014-12-14T09:29:23-08:00)
>>>>>>> Maven home: E:\Java\apache-maven-3.2.5
>>>>>>> Java version: 1.7.0_79, vendor: Oracle Corporation
>>>>>>> Java home: C:\Program Files\Java\jdk1.7.0_79\jre
>>>>>>> Default locale: en_US, platform encoding: Cp1252
>>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
>>> "windows"
>>>>>>>
>>>>>>> [because Maven 3.3.9 gets an exception due to a binary compatiblity
>>>>> break
>>>>>>> in Slf4j.)
>>>>>>>
>>>>>>> Details of changes since 41 are in the release notes:
>>>>>>>
>>>>>>>
>>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-
>>>>> parent/42-RC1/RELEASE-NOTES.txt
>>>>>>>
>>>>>>>
>>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
>>>>> RC1/site/changes-report.html
>>>>>>>
>>>>>>> Site:
>>>>>>> https://people.apache.org/~ggregory/commons-parent-42-RC1/site/
>>>>>>> (note some *relative* links are broken and the 42 directories are
>>>>>>> not yet created - these will be OK once the site is deployed)
>>>>>>>
>>>>>>> There is no Clirr Report (compared to 41) since there is no Java
>>> code in
>>>>>>> this project.
>>>>>>>
>>>>>>> RAT Report:
>>>>>>>
>>>>>>>
>>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
>>>>> RC1/site/rat-report.html
>>>>>>> KEYS:
>>>>>>> https://www.apache.org/dist/commons/KEYS
>>>>>>>
>>>>>>> Please review the release candidate and vote.
>>>>>>>
>>>>>>> This lazy vote will close no sooner that 72 hours from now, i.e.
>>>>> sometime
>>>>>>> after 09:00 UTC 30-November 2016
>>>>>>>
>>>>>>> [ ] +1 Release these artifacts
>>>>>>> [ ] +0 OK, but...
>>>>>>> [ ] -0 OK, but really should fix...
>>>>>>> [ ] -1 I oppose this release because...
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> Gary Gregory
>>>>>>>
>>>>>>> --
>>>>>>> E-Mail: [hidden email] | [hidden email] <
>>>>> [hidden email]>
>>>>>>> Java Persistence with Hibernate, Second Edition
>>>>>>>
>>>>>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
>>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
>>>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b
>>> 1af9fe6a2b8>
>>>>>>>
>>>>>>>
>>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>>>> am2&o=1&a=1617290459>
>>>>>>> JUnit in Action, Second Edition
>>>>>>>
>>>>>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
>>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
>>>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac
>>> 902a24de418%22
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>>>> am2&o=1&a=1935182021>
>>>>>>> Spring Batch in Action
>>>>>>>
>>>>>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
>>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
>>>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
>>>>> 7Blink_id%7D%7D%22%3ESpring%20Batch%20in%20Action>
>>>>>>>
>>>>>>>
>>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>>>> am2&o=1&a=1935182951>
>>>>>>> Blog: http://garygregory.wordpress.com
>>>>>>> Home: http://garygregory.com/
>>>>>>> Tweet! http://twitter.com/GaryGregory
>>>>>>
>>>>>> --
>>>>>> Stian Soiland-Reyes
>>>>>> http://orcid.org/0000-0001-9842-9718
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Stian Soiland-Reyes
>>>>> http://orcid.org/0000-0001-9842-9718
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: [hidden email]
>>>>> For additional commands, e-mail: [hidden email]
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> E-Mail: [hidden email] | [hidden email]
>>>> Java Persistence with Hibernate, Second Edition
>>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
>>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
>>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>>>>
>>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> am2&o=1&a=1617290459>
>>>> JUnit in Action, Second Edition
>>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
>>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
>>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>>>>
>>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> am2&o=1&a=1935182021>
>>>> Spring Batch in Action
>>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
>>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
>>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
>>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
>>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> am2&o=1&a=1935182951>
>>>> Blog: http://garygregory.wordpress.com
>>>> Home: http://garygregory.com/
>>>> Tweet! http://twitter.com/GaryGregory
>>>
>>>
>>>
>>> --
>>> Stian Soiland-Reyes
>>> http://orcid.org/0000-0001-9842-9718
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>>>
>>>
>>
>>
>> --
>> E-Mail: [hidden email] | [hidden email]
>> Java Persistence with Hibernate, Second Edition
>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>>
>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
>> JUnit in Action, Second Edition
>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>>
>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
>> Spring Batch in Action
>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
>> Blog: http://garygregory.wordpress.com
>> Home: http://garygregory.com/
>> Tweet! http://twitter.com/GaryGregory
>>
>
>
>
> --
> E-Mail: [hidden email] | [hidden email]
> Java Persistence with Hibernate, Second Edition
> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
> JUnit in Action, Second Edition
> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
> Spring Batch in Action
> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
> Blog: http://garygregory.wordpress.com
> Home: http://garygregory.com/
> Tweet! http://twitter.com/GaryGregory

Reply | Threaded
Open this post in threaded view
|

Re: [CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

garydgregory
The answer is, as usual, "it depends".

For Apache Commons Daemon, I would like to have the bin-zip in Maven
Central or each DLLs in Maven Central.

But for the general case, you are right, we do not need them.

I wonder if I can just put the src-zip to
https://dist.apache.org/repos/dist/dev/commons/commons-parent/42-RC1/ and
let the VOTE go longer...

Gary

On Thu, Dec 1, 2016 at 6:07 PM, Charles Honton <[hidden email]> wrote:

> Why do we expect the src zip to be present in the maven repository?  No
> other commons project pushes the src zip/gz to maven central.
>
> If we want to supply src zip/gz as a convenience, why wouldn’t it be at
> http://commons.apache.org/proper/ <http://commons.apache.org/proper/> as
> all other components are?
>
> thanks,
> chas
>
> > On Dec 1, 2016, at 9:15 AM, Gary Gregory <[hidden email]> wrote:
> >
> > [editing subject]
> >
> > On Thu, Dec 1, 2016 at 9:14 AM, Gary Gregory <[hidden email]>
> wrote:
> >
> >> I am canceling this VOTE to deal with the missing src files.
> >>
> >> Gary
> >>
> >> On Thu, Dec 1, 2016 at 3:26 AM, Stian Soiland-Reyes <[hidden email]>
> >> wrote:
> >>
> >>> I did "mvn clean install -Prelease" from SVN and got in target/:
> >>>
> >>> commons-parent-42-SNAPSHOT-src.tar.gz
> >>> commons-parent-42-SNAPSHOT-src.zip
> >>>
> >>> however they were not installed to the Maven repository, because the
> >>> pom says "<attach>false</attach>"
> >>>
> >>>
> >>>
> >>> On 30 November 2016 at 19:04, Gary Gregory <[hidden email]>
> >>> wrote:
> >>>> On Wed, Nov 30, 2016 at 1:34 AM, Stian Soiland-Reyes <
> [hidden email]>
> >>>> wrote:
> >>>>
> >>>>> Just a thing I noticed..
> >>>>>
> >>>>> In https://dist.apache.org/repos/dist/release/commons/commons-
> >>>>> parent/commons-parent-41/
> >>>>> and before we had a -src.tar.gz and -src.zip
> >>>>> (just like any other
> >>>>>
> >>>>> while your candidate in
> >>>>> https://dist.apache.org/repos/dist/dev/commons/commons-
> parent/42-RC1/
> >>>>> is just the deployed pom file and so can't as easily be "built" or
> >>>>> installed.
> >>>>>
> >>>>> Not a blocker for me personally, but it would be good if we can keep
> >>>>> the parent similar to the other components, even if it doesn't have
> >>>>> any source code. For instance Debian packages Commons parent.
> >>>>>
> >>>>
> >>>> I looks like we started providing the src zip/gz with version 40 only.
> >>> Crud!
> >>>>
> >>>> I'm not sure why the assembly plugin did not kick in.
> >>>>
> >>>> Can someone take a look?
> >>>>
> >>>> Thank you,
> >>>> Gary
> >>>>
> >>>>
> >>>>>
> >>>>> On 30 November 2016 at 09:25, Stian Soiland-Reyes <[hidden email]>
> >>>>> wrote:
> >>>>>> +1
> >>>>>>
> >>>>>> Checked:
> >>>>>>
> >>>>>> +1 Signatures, hashes
> >>>>>> +1 tag matches repo matches dist
> >>>>>> +1 No binaries
> >>>>>> +1 Works with beanutils
> >>>>>>
> >>>>>> I got a bug when using it with Commons RDF for "mvn clean package
> >>>>> install",
> >>>>>> related to the updated site-plugin:
> >>>>>>
> >>>>>> [ERROR] Failed to execute goal
> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site (default-site)
> >>> on
> >>>>>> project commons-rdf-parent: Execution default-site of goal
> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site failed: A
> >>> required
> >>>>> class
> >>>>>> was missing while executing
> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site:
> >>>>>> org/apache/maven/doxia/sink/impl/XhtmlBaseSink
> >>>>>>
> >>>>>> This was fixed by updating its doxia-module-markdown dependency from
> >>> 1.6
> >>>>> to
> >>>>>> 1.7.
> >>>>>>
> >>>>>> With beanutils I tested the parent with "mvn clean install site" and
> >>> "mvn
> >>>>>> release:prepare".
> >>>>>>
> >>>>>> On 27 November 2016 at 08:21, Gary Gregory <[hidden email]>
> >>> wrote:
> >>>>>>> We have added some enhancements since Commons Parent POM 41 was
> >>>>> released,
> >>>>>>> so I would like to release Commons Parent POM 42.
> >>>>>>>
> >>>>>>> Commons Parent POM 42 RC1 is available for review here:
> >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
> >>> t/42-RC1/
> >>>>>>> (svn revision 17171)
> >>>>>>>
> >>>>>>> The tag is here:
> >>>>>>>
> >>>>>>>
> >>>>>>> http://svn.apache.org/repos/asf/commons/proper/commons-
> >>>>> parent/tags/commons-parent-42-RC1/
> >>>>>>> (svn revision 1771539)
> >>>>>>> N.B. the SVN revision is required because SVN tags are not
> >>> immutable.
> >>>>>>>
> >>>>>>> Maven artifacts are here:
> >>>>>>>
> >>>>>>>
> >>>>>>> https://repository.apache.org/content/repositories/
> >>>>> orgapachecommons-1221/org/apache/commons/commons-parent/42/
> >>>>>>>
> >>>>>>> These are the Maven artifacts and their hashes
> >>>>>>>
> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site.xml
> >>>>>>> (SHA1: a76e03e9059f31abc5e3c22f4e857366e689068f)
> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site
> >>> .xml.asc
> >>>>>>> (SHA1: 16b625891e404d95eb7688a99889dc499148d060)
> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom
> >>>>>>> (SHA1: b95e1096a4cf0d8bcd52740900a474b1e7f87dd1)
> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom.asc
> >>>>>>> (SHA1: 810728ac23f181f0f706ae0132bdb406288f5859)
> >>>>>>>
> >>>>>>> I built this with:
> >>>>>>>
> >>>>>>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
> >>>>>>> 2015-11-10T08:41:47-08:00)
> >>>>>>> Maven home: E:\Java\apache-maven-3.3.9\bin\..
> >>>>>>> Java version: 1.8.0_112, vendor: Oracle Corporation
> >>>>>>> Java home: C:\Program Files\Java\jdk1.8.0_112\jre
> >>>>>>> Default locale: en_US, platform encoding: Cp1252
> >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family: "dos"
> >>>>>>>
> >>>>>>> The site was built with:
> >>>>>>>
> >>>>>>> Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1;
> >>>>>>> 2014-12-14T09:29:23-08:00)
> >>>>>>> Maven home: E:\Java\apache-maven-3.2.5
> >>>>>>> Java version: 1.7.0_79, vendor: Oracle Corporation
> >>>>>>> Java home: C:\Program Files\Java\jdk1.7.0_79\jre
> >>>>>>> Default locale: en_US, platform encoding: Cp1252
> >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
> >>> "windows"
> >>>>>>>
> >>>>>>> [because Maven 3.3.9 gets an exception due to a binary compatiblity
> >>>>> break
> >>>>>>> in Slf4j.)
> >>>>>>>
> >>>>>>> Details of changes since 41 are in the release notes:
> >>>>>>>
> >>>>>>>
> >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-
> >>>>> parent/42-RC1/RELEASE-NOTES.txt
> >>>>>>>
> >>>>>>>
> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
> >>>>> RC1/site/changes-report.html
> >>>>>>>
> >>>>>>> Site:
> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-RC1/site/
> >>>>>>> (note some *relative* links are broken and the 42 directories are
> >>>>>>> not yet created - these will be OK once the site is deployed)
> >>>>>>>
> >>>>>>> There is no Clirr Report (compared to 41) since there is no Java
> >>> code in
> >>>>>>> this project.
> >>>>>>>
> >>>>>>> RAT Report:
> >>>>>>>
> >>>>>>>
> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
> >>>>> RC1/site/rat-report.html
> >>>>>>> KEYS:
> >>>>>>> https://www.apache.org/dist/commons/KEYS
> >>>>>>>
> >>>>>>> Please review the release candidate and vote.
> >>>>>>>
> >>>>>>> This lazy vote will close no sooner that 72 hours from now, i.e.
> >>>>> sometime
> >>>>>>> after 09:00 UTC 30-November 2016
> >>>>>>>
> >>>>>>> [ ] +1 Release these artifacts
> >>>>>>> [ ] +0 OK, but...
> >>>>>>> [ ] -0 OK, but really should fix...
> >>>>>>> [ ] -1 I oppose this release because...
> >>>>>>>
> >>>>>>> Thanks!
> >>>>>>>
> >>>>>>> Gary Gregory
> >>>>>>>
> >>>>>>> --
> >>>>>>> E-Mail: [hidden email] | [hidden email] <
> >>>>> [hidden email]>
> >>>>>>> Java Persistence with Hibernate, Second Edition
> >>>>>>>
> >>>>>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> >>>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b
> >>> 1af9fe6a2b8>
> >>>>>>>
> >>>>>>>
> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>>>> am2&o=1&a=1617290459>
> >>>>>>> JUnit in Action, Second Edition
> >>>>>>>
> >>>>>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> >>>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac
> >>> 902a24de418%22
> >>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>>>> am2&o=1&a=1935182021>
> >>>>>>> Spring Batch in Action
> >>>>>>>
> >>>>>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> >>>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> >>>>> 7Blink_id%7D%7D%22%3ESpring%20Batch%20in%20Action>
> >>>>>>>
> >>>>>>>
> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>>>> am2&o=1&a=1935182951>
> >>>>>>> Blog: http://garygregory.wordpress.com
> >>>>>>> Home: http://garygregory.com/
> >>>>>>> Tweet! http://twitter.com/GaryGregory
> >>>>>>
> >>>>>> --
> >>>>>> Stian Soiland-Reyes
> >>>>>> http://orcid.org/0000-0001-9842-9718
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Stian Soiland-Reyes
> >>>>> http://orcid.org/0000-0001-9842-9718
> >>>>>
> >>>>> ------------------------------------------------------------
> ---------
> >>>>> To unsubscribe, e-mail: [hidden email]
> >>>>> For additional commands, e-mail: [hidden email]
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>> --
> >>>> E-Mail: [hidden email] | [hidden email]
> >>>> Java Persistence with Hibernate, Second Edition
> >>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
> >>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> >>>>
> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1617290459>
> >>>> JUnit in Action, Second Edition
> >>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
> >>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> 18%22>
> >>>>
> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1935182021>
> >>>> Spring Batch in Action
> >>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
> >>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
> >>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1935182951>
> >>>> Blog: http://garygregory.wordpress.com
> >>>> Home: http://garygregory.com/
> >>>> Tweet! http://twitter.com/GaryGregory
> >>>
> >>>
> >>>
> >>> --
> >>> Stian Soiland-Reyes
> >>> http://orcid.org/0000-0001-9842-9718
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: [hidden email]
> >>> For additional commands, e-mail: [hidden email]
> >>>
> >>>
> >>
> >>
> >> --
> >> E-Mail: [hidden email] | [hidden email]
> >> Java Persistence with Hibernate, Second Edition
> >> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> >>
> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1617290459>
> >> JUnit in Action, Second Edition
> >> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22
> >
> >>
> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182021>
> >> Spring Batch in Action
> >> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182951>
> >> Blog: http://garygregory.wordpress.com
> >> Home: http://garygregory.com/
> >> Tweet! http://twitter.com/GaryGregory
> >>
> >
> >
> >
> > --
> > E-Mail: [hidden email] | [hidden email]
> > Java Persistence with Hibernate, Second Edition
> > <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> >
> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1617290459>
> > JUnit in Action, Second Edition
> > <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22
> >
> >
> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182021>
> > Spring Batch in Action
> > <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182951>
> > Blog: http://garygregory.wordpress.com
> > Home: http://garygregory.com/
> > Tweet! http://twitter.com/GaryGregory
>
>


--
E-Mail: [hidden email] | [hidden email]
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
Reply | Threaded
Open this post in threaded view
|

Re: [CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

garydgregory
On Thu, Dec 1, 2016 at 6:12 PM, Gary Gregory <[hidden email]> wrote:

> The answer is, as usual, "it depends".
>
> For Apache Commons Daemon, I would like to have the bin-zip in Maven
> Central or each DLLs in Maven Central.
>
> But for the general case, you are right, we do not need them.
>
> I wonder if I can just put the src-zip to https://dist.apache.org/
> repos/dist/dev/commons/commons-parent/42-RC1/ and let the VOTE go
> longer...
>

Ah, crud, no because the VOTE lists the revision number and if I add the
src zip/gz files, then the revision will be incorrect. I need an RC2 after
all. Sorry about that.

Gary

>
> Gary
>
> On Thu, Dec 1, 2016 at 6:07 PM, Charles Honton <[hidden email]> wrote:
>
>> Why do we expect the src zip to be present in the maven repository?  No
>> other commons project pushes the src zip/gz to maven central.
>>
>> If we want to supply src zip/gz as a convenience, why wouldn’t it be at
>> http://commons.apache.org/proper/ <http://commons.apache.org/proper/> as
>> all other components are?
>>
>> thanks,
>> chas
>>
>> > On Dec 1, 2016, at 9:15 AM, Gary Gregory <[hidden email]>
>> wrote:
>> >
>> > [editing subject]
>> >
>> > On Thu, Dec 1, 2016 at 9:14 AM, Gary Gregory <[hidden email]>
>> wrote:
>> >
>> >> I am canceling this VOTE to deal with the missing src files.
>> >>
>> >> Gary
>> >>
>> >> On Thu, Dec 1, 2016 at 3:26 AM, Stian Soiland-Reyes <[hidden email]>
>> >> wrote:
>> >>
>> >>> I did "mvn clean install -Prelease" from SVN and got in target/:
>> >>>
>> >>> commons-parent-42-SNAPSHOT-src.tar.gz
>> >>> commons-parent-42-SNAPSHOT-src.zip
>> >>>
>> >>> however they were not installed to the Maven repository, because the
>> >>> pom says "<attach>false</attach>"
>> >>>
>> >>>
>> >>>
>> >>> On 30 November 2016 at 19:04, Gary Gregory <[hidden email]>
>> >>> wrote:
>> >>>> On Wed, Nov 30, 2016 at 1:34 AM, Stian Soiland-Reyes <
>> [hidden email]>
>> >>>> wrote:
>> >>>>
>> >>>>> Just a thing I noticed..
>> >>>>>
>> >>>>> In https://dist.apache.org/repos/dist/release/commons/commons-
>> >>>>> parent/commons-parent-41/
>> >>>>> and before we had a -src.tar.gz and -src.zip
>> >>>>> (just like any other
>> >>>>>
>> >>>>> while your candidate in
>> >>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
>> t/42-RC1/
>> >>>>> is just the deployed pom file and so can't as easily be "built" or
>> >>>>> installed.
>> >>>>>
>> >>>>> Not a blocker for me personally, but it would be good if we can keep
>> >>>>> the parent similar to the other components, even if it doesn't have
>> >>>>> any source code. For instance Debian packages Commons parent.
>> >>>>>
>> >>>>
>> >>>> I looks like we started providing the src zip/gz with version 40
>> only.
>> >>> Crud!
>> >>>>
>> >>>> I'm not sure why the assembly plugin did not kick in.
>> >>>>
>> >>>> Can someone take a look?
>> >>>>
>> >>>> Thank you,
>> >>>> Gary
>> >>>>
>> >>>>
>> >>>>>
>> >>>>> On 30 November 2016 at 09:25, Stian Soiland-Reyes <[hidden email]
>> >
>> >>>>> wrote:
>> >>>>>> +1
>> >>>>>>
>> >>>>>> Checked:
>> >>>>>>
>> >>>>>> +1 Signatures, hashes
>> >>>>>> +1 tag matches repo matches dist
>> >>>>>> +1 No binaries
>> >>>>>> +1 Works with beanutils
>> >>>>>>
>> >>>>>> I got a bug when using it with Commons RDF for "mvn clean package
>> >>>>> install",
>> >>>>>> related to the updated site-plugin:
>> >>>>>>
>> >>>>>> [ERROR] Failed to execute goal
>> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site (default-site)
>> >>> on
>> >>>>>> project commons-rdf-parent: Execution default-site of goal
>> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site failed: A
>> >>> required
>> >>>>> class
>> >>>>>> was missing while executing
>> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site:
>> >>>>>> org/apache/maven/doxia/sink/impl/XhtmlBaseSink
>> >>>>>>
>> >>>>>> This was fixed by updating its doxia-module-markdown dependency
>> from
>> >>> 1.6
>> >>>>> to
>> >>>>>> 1.7.
>> >>>>>>
>> >>>>>> With beanutils I tested the parent with "mvn clean install site"
>> and
>> >>> "mvn
>> >>>>>> release:prepare".
>> >>>>>>
>> >>>>>> On 27 November 2016 at 08:21, Gary Gregory <[hidden email]>
>> >>> wrote:
>> >>>>>>> We have added some enhancements since Commons Parent POM 41 was
>> >>>>> released,
>> >>>>>>> so I would like to release Commons Parent POM 42.
>> >>>>>>>
>> >>>>>>> Commons Parent POM 42 RC1 is available for review here:
>> >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
>> >>> t/42-RC1/
>> >>>>>>> (svn revision 17171)
>> >>>>>>>
>> >>>>>>> The tag is here:
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> http://svn.apache.org/repos/asf/commons/proper/commons-
>> >>>>> parent/tags/commons-parent-42-RC1/
>> >>>>>>> (svn revision 1771539)
>> >>>>>>> N.B. the SVN revision is required because SVN tags are not
>> >>> immutable.
>> >>>>>>>
>> >>>>>>> Maven artifacts are here:
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> https://repository.apache.org/content/repositories/
>> >>>>> orgapachecommons-1221/org/apache/commons/commons-parent/42/
>> >>>>>>>
>> >>>>>>> These are the Maven artifacts and their hashes
>> >>>>>>>
>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site.xml
>> >>>>>>> (SHA1: a76e03e9059f31abc5e3c22f4e857366e689068f)
>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site
>> >>> .xml.asc
>> >>>>>>> (SHA1: 16b625891e404d95eb7688a99889dc499148d060)
>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom
>> >>>>>>> (SHA1: b95e1096a4cf0d8bcd52740900a474b1e7f87dd1)
>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom.asc
>> >>>>>>> (SHA1: 810728ac23f181f0f706ae0132bdb406288f5859)
>> >>>>>>>
>> >>>>>>> I built this with:
>> >>>>>>>
>> >>>>>>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
>> >>>>>>> 2015-11-10T08:41:47-08:00)
>> >>>>>>> Maven home: E:\Java\apache-maven-3.3.9\bin\..
>> >>>>>>> Java version: 1.8.0_112, vendor: Oracle Corporation
>> >>>>>>> Java home: C:\Program Files\Java\jdk1.8.0_112\jre
>> >>>>>>> Default locale: en_US, platform encoding: Cp1252
>> >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family: "dos"
>> >>>>>>>
>> >>>>>>> The site was built with:
>> >>>>>>>
>> >>>>>>> Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1;
>> >>>>>>> 2014-12-14T09:29:23-08:00)
>> >>>>>>> Maven home: E:\Java\apache-maven-3.2.5
>> >>>>>>> Java version: 1.7.0_79, vendor: Oracle Corporation
>> >>>>>>> Java home: C:\Program Files\Java\jdk1.7.0_79\jre
>> >>>>>>> Default locale: en_US, platform encoding: Cp1252
>> >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
>> >>> "windows"
>> >>>>>>>
>> >>>>>>> [because Maven 3.3.9 gets an exception due to a binary
>> compatiblity
>> >>>>> break
>> >>>>>>> in Slf4j.)
>> >>>>>>>
>> >>>>>>> Details of changes since 41 are in the release notes:
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-
>> >>>>> parent/42-RC1/RELEASE-NOTES.txt
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
>> >>>>> RC1/site/changes-report.html
>> >>>>>>>
>> >>>>>>> Site:
>> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-RC1/site/
>> >>>>>>> (note some *relative* links are broken and the 42 directories are
>> >>>>>>> not yet created - these will be OK once the site is deployed)
>> >>>>>>>
>> >>>>>>> There is no Clirr Report (compared to 41) since there is no Java
>> >>> code in
>> >>>>>>> this project.
>> >>>>>>>
>> >>>>>>> RAT Report:
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
>> >>>>> RC1/site/rat-report.html
>> >>>>>>> KEYS:
>> >>>>>>> https://www.apache.org/dist/commons/KEYS
>> >>>>>>>
>> >>>>>>> Please review the release candidate and vote.
>> >>>>>>>
>> >>>>>>> This lazy vote will close no sooner that 72 hours from now, i.e.
>> >>>>> sometime
>> >>>>>>> after 09:00 UTC 30-November 2016
>> >>>>>>>
>> >>>>>>> [ ] +1 Release these artifacts
>> >>>>>>> [ ] +0 OK, but...
>> >>>>>>> [ ] -0 OK, but really should fix...
>> >>>>>>> [ ] -1 I oppose this release because...
>> >>>>>>>
>> >>>>>>> Thanks!
>> >>>>>>>
>> >>>>>>> Gary Gregory
>> >>>>>>>
>> >>>>>>> --
>> >>>>>>> E-Mail: [hidden email] | [hidden email] <
>> >>>>> [hidden email]>
>> >>>>>>> Java Persistence with Hibernate, Second Edition
>> >>>>>>>
>> >>>>>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
>> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
>> >>>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b
>> >>> 1af9fe6a2b8>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> >>>>> am2&o=1&a=1617290459>
>> >>>>>>> JUnit in Action, Second Edition
>> >>>>>>>
>> >>>>>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
>> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
>> >>>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac
>> >>> 902a24de418%22
>> >>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> >>>>> am2&o=1&a=1935182021>
>> >>>>>>> Spring Batch in Action
>> >>>>>>>
>> >>>>>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
>> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
>> >>>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
>> >>>>> 7Blink_id%7D%7D%22%3ESpring%20Batch%20in%20Action>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> >>>>> am2&o=1&a=1935182951>
>> >>>>>>> Blog: http://garygregory.wordpress.com
>> >>>>>>> Home: http://garygregory.com/
>> >>>>>>> Tweet! http://twitter.com/GaryGregory
>> >>>>>>
>> >>>>>> --
>> >>>>>> Stian Soiland-Reyes
>> >>>>>> http://orcid.org/0000-0001-9842-9718
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> --
>> >>>>> Stian Soiland-Reyes
>> >>>>> http://orcid.org/0000-0001-9842-9718
>> >>>>>
>> >>>>> ------------------------------------------------------------
>> ---------
>> >>>>> To unsubscribe, e-mail: [hidden email]
>> >>>>> For additional commands, e-mail: [hidden email]
>> >>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>> --
>> >>>> E-Mail: [hidden email] | [hidden email]
>> >>>> Java Persistence with Hibernate, Second Edition
>> >>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
>> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
>> >>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>> >>>>
>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> >>> am2&o=1&a=1617290459>
>> >>>> JUnit in Action, Second Edition
>> >>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
>> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
>> >>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a
>> 24de418%22>
>> >>>>
>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> >>> am2&o=1&a=1935182021>
>> >>>> Spring Batch in Action
>> >>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
>> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
>> >>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
>> >>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> >>> am2&o=1&a=1935182951>
>> >>>> Blog: http://garygregory.wordpress.com
>> >>>> Home: http://garygregory.com/
>> >>>> Tweet! http://twitter.com/GaryGregory
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> Stian Soiland-Reyes
>> >>> http://orcid.org/0000-0001-9842-9718
>> >>>
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: [hidden email]
>> >>> For additional commands, e-mail: [hidden email]
>> >>>
>> >>>
>> >>
>> >>
>> >> --
>> >> E-Mail: [hidden email] | [hidden email]
>> >> Java Persistence with Hibernate, Second Edition
>> >> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>> >>
>> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> am2&o=1&a=1617290459>
>> >> JUnit in Action, Second Edition
>> >> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>> >>
>> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> am2&o=1&a=1935182021>
>> >> Spring Batch in Action
>> >> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
>> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> am2&o=1&a=1935182951>
>> >> Blog: http://garygregory.wordpress.com
>> >> Home: http://garygregory.com/
>> >> Tweet! http://twitter.com/GaryGregory
>> >>
>> >
>> >
>> >
>> > --
>> > E-Mail: [hidden email] | [hidden email]
>> > Java Persistence with Hibernate, Second Edition
>> > <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>> >
>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> am2&o=1&a=1617290459>
>> > JUnit in Action, Second Edition
>> > <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>> >
>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> am2&o=1&a=1935182021>
>> > Spring Batch in Action
>> > <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>> am2&o=1&a=1935182951>
>> > Blog: http://garygregory.wordpress.com
>> > Home: http://garygregory.com/
>> > Tweet! http://twitter.com/GaryGregory
>>
>>
>
>
> --
> E-Mail: [hidden email] | [hidden email]
> Java Persistence with Hibernate, Second Edition
> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
> JUnit in Action, Second Edition
> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
> Spring Batch in Action
> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
> Blog: http://garygregory.wordpress.com
> Home: http://garygregory.com/
> Tweet! http://twitter.com/GaryGregory
>



--
E-Mail: [hidden email] | [hidden email]
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
Reply | Threaded
Open this post in threaded view
|

Re: [CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

Jörg Schaible-5
Then trigger "skip" using a property and every project can set it if
required.

Gary Gregory wrote:

> On Thu, Dec 1, 2016 at 6:12 PM, Gary Gregory <[hidden email]>
> wrote:
>
>> The answer is, as usual, "it depends".
>>
>> For Apache Commons Daemon, I would like to have the bin-zip in Maven
>> Central or each DLLs in Maven Central.
>>
>> But for the general case, you are right, we do not need them.
>>
>> I wonder if I can just put the src-zip to https://dist.apache.org/
>> repos/dist/dev/commons/commons-parent/42-RC1/ and let the VOTE go
>> longer...
>>
>
> Ah, crud, no because the VOTE lists the revision number and if I add the
> src zip/gz files, then the revision will be incorrect. I need an RC2 after
> all. Sorry about that.
>
> Gary
>
>>
>> Gary
>>
>> On Thu, Dec 1, 2016 at 6:07 PM, Charles Honton <[hidden email]> wrote:
>>
>>> Why do we expect the src zip to be present in the maven repository?  No
>>> other commons project pushes the src zip/gz to maven central.
>>>
>>> If we want to supply src zip/gz as a convenience, why wouldn’t it be at
>>> http://commons.apache.org/proper/ <http://commons.apache.org/proper/> as
>>> all other components are?
>>>
>>> thanks,
>>> chas
>>>
>>> > On Dec 1, 2016, at 9:15 AM, Gary Gregory <[hidden email]>
>>> wrote:
>>> >
>>> > [editing subject]
>>> >
>>> > On Thu, Dec 1, 2016 at 9:14 AM, Gary Gregory <[hidden email]>
>>> wrote:
>>> >
>>> >> I am canceling this VOTE to deal with the missing src files.
>>> >>
>>> >> Gary
>>> >>
>>> >> On Thu, Dec 1, 2016 at 3:26 AM, Stian Soiland-Reyes
>>> >> <[hidden email]> wrote:
>>> >>
>>> >>> I did "mvn clean install -Prelease" from SVN and got in target/:
>>> >>>
>>> >>> commons-parent-42-SNAPSHOT-src.tar.gz
>>> >>> commons-parent-42-SNAPSHOT-src.zip
>>> >>>
>>> >>> however they were not installed to the Maven repository, because the
>>> >>> pom says "<attach>false</attach>"
>>> >>>
>>> >>>
>>> >>>
>>> >>> On 30 November 2016 at 19:04, Gary Gregory <[hidden email]>
>>> >>> wrote:
>>> >>>> On Wed, Nov 30, 2016 at 1:34 AM, Stian Soiland-Reyes <
>>> [hidden email]>
>>> >>>> wrote:
>>> >>>>
>>> >>>>> Just a thing I noticed..
>>> >>>>>
>>> >>>>> In https://dist.apache.org/repos/dist/release/commons/commons->>> >>>>> parent/commons-parent-41/
>>> >>>>> and before we had a -src.tar.gz and -src.zip
>>> >>>>> (just like any other
>>> >>>>>
>>> >>>>> while your candidate in
>>> >>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
>>> t/42-RC1/
>>> >>>>> is just the deployed pom file and so can't as easily be "built" or
>>> >>>>> installed.
>>> >>>>>
>>> >>>>> Not a blocker for me personally, but it would be good if we can
>>> >>>>> keep the parent similar to the other components, even if it
>>> >>>>> doesn't have any source code. For instance Debian packages Commons
>>> >>>>> parent.
>>> >>>>>
>>> >>>>
>>> >>>> I looks like we started providing the src zip/gz with version 40
>>> only.
>>> >>> Crud!
>>> >>>>
>>> >>>> I'm not sure why the assembly plugin did not kick in.
>>> >>>>
>>> >>>> Can someone take a look?
>>> >>>>
>>> >>>> Thank you,
>>> >>>> Gary
>>> >>>>
>>> >>>>
>>> >>>>>
>>> >>>>> On 30 November 2016 at 09:25, Stian Soiland-Reyes
>>> >>>>> <[hidden email]
>>> >
>>> >>>>> wrote:
>>> >>>>>> +1
>>> >>>>>>
>>> >>>>>> Checked:
>>> >>>>>>
>>> >>>>>> +1 Signatures, hashes
>>> >>>>>> +1 tag matches repo matches dist
>>> >>>>>> +1 No binaries
>>> >>>>>> +1 Works with beanutils
>>> >>>>>>
>>> >>>>>> I got a bug when using it with Commons RDF for "mvn clean package
>>> >>>>> install",
>>> >>>>>> related to the updated site-plugin:
>>> >>>>>>
>>> >>>>>> [ERROR] Failed to execute goal
>>> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site
>>> >>>>>> (default-site)
>>> >>> on
>>> >>>>>> project commons-rdf-parent: Execution default-site of goal
>>> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site failed: A
>>> >>> required
>>> >>>>> class
>>> >>>>>> was missing while executing
>>> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site:
>>> >>>>>> org/apache/maven/doxia/sink/impl/XhtmlBaseSink
>>> >>>>>>
>>> >>>>>> This was fixed by updating its doxia-module-markdown dependency
>>> from
>>> >>> 1.6
>>> >>>>> to
>>> >>>>>> 1.7.
>>> >>>>>>
>>> >>>>>> With beanutils I tested the parent with "mvn clean install site"
>>> and
>>> >>> "mvn
>>> >>>>>> release:prepare".
>>> >>>>>>
>>> >>>>>> On 27 November 2016 at 08:21, Gary Gregory <[hidden email]>
>>> >>> wrote:
>>> >>>>>>> We have added some enhancements since Commons Parent POM 41 was
>>> >>>>> released,
>>> >>>>>>> so I would like to release Commons Parent POM 42.
>>> >>>>>>>
>>> >>>>>>> Commons Parent POM 42 RC1 is available for review here:
>>> >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
>>> >>> t/42-RC1/
>>> >>>>>>> (svn revision 17171)
>>> >>>>>>>
>>> >>>>>>> The tag is here:
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> http://svn.apache.org/repos/asf/commons/proper/commons->>> >>>>> parent/tags/commons-parent-42-RC1/
>>> >>>>>>> (svn revision 1771539)
>>> >>>>>>> N.B. the SVN revision is required because SVN tags are not
>>> >>> immutable.
>>> >>>>>>>
>>> >>>>>>> Maven artifacts are here:
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> https://repository.apache.org/content/repositories/
>>> >>>>> orgapachecommons-1221/org/apache/commons/commons-parent/42/
>>> >>>>>>>
>>> >>>>>>> These are the Maven artifacts and their hashes
>>> >>>>>>>
>>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site.xml
>>> >>>>>>> (SHA1: a76e03e9059f31abc5e3c22f4e857366e689068f)
>>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site
>>> >>> .xml.asc
>>> >>>>>>> (SHA1: 16b625891e404d95eb7688a99889dc499148d060)
>>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom
>>> >>>>>>> (SHA1: b95e1096a4cf0d8bcd52740900a474b1e7f87dd1)
>>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom.asc
>>> >>>>>>> (SHA1: 810728ac23f181f0f706ae0132bdb406288f5859)
>>> >>>>>>>
>>> >>>>>>> I built this with:
>>> >>>>>>>
>>> >>>>>>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
>>> >>>>>>> 2015-11-10T08:41:47-08:00)
>>> >>>>>>> Maven home: E:\Java\apache-maven-3.3.9\bin\..
>>> >>>>>>> Java version: 1.8.0_112, vendor: Oracle Corporation
>>> >>>>>>> Java home: C:\Program Files\Java\jdk1.8.0_112\jre
>>> >>>>>>> Default locale: en_US, platform encoding: Cp1252
>>> >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
>>> >>>>>>> "dos"
>>> >>>>>>>
>>> >>>>>>> The site was built with:
>>> >>>>>>>
>>> >>>>>>> Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1;
>>> >>>>>>> 2014-12-14T09:29:23-08:00)
>>> >>>>>>> Maven home: E:\Java\apache-maven-3.2.5
>>> >>>>>>> Java version: 1.7.0_79, vendor: Oracle Corporation
>>> >>>>>>> Java home: C:\Program Files\Java\jdk1.7.0_79\jre
>>> >>>>>>> Default locale: en_US, platform encoding: Cp1252
>>> >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
>>> >>> "windows"
>>> >>>>>>>
>>> >>>>>>> [because Maven 3.3.9 gets an exception due to a binary
>>> compatiblity
>>> >>>>> break
>>> >>>>>>> in Slf4j.)
>>> >>>>>>>
>>> >>>>>>> Details of changes since 41 are in the release notes:
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons->>> >>>>> parent/42-RC1/RELEASE-NOTES.txt
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42->>> >>>>> RC1/site/changes-report.html
>>> >>>>>>>
>>> >>>>>>> Site:
>>> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-RC1/site/
>>> >>>>>>> (note some *relative* links are broken and the 42 directories
>>> >>>>>>> are not yet created - these will be OK once the site is
>>> >>>>>>> deployed)
>>> >>>>>>>
>>> >>>>>>> There is no Clirr Report (compared to 41) since there is no Java
>>> >>> code in
>>> >>>>>>> this project.
>>> >>>>>>>
>>> >>>>>>> RAT Report:
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42->>> >>>>> RC1/site/rat-report.html
>>> >>>>>>> KEYS:
>>> >>>>>>> https://www.apache.org/dist/commons/KEYS
>>> >>>>>>>
>>> >>>>>>> Please review the release candidate and vote.
>>> >>>>>>>
>>> >>>>>>> This lazy vote will close no sooner that 72 hours from now, i.e.
>>> >>>>> sometime
>>> >>>>>>> after 09:00 UTC 30-November 2016
>>> >>>>>>>
>>> >>>>>>> [ ] +1 Release these artifacts
>>> >>>>>>> [ ] +0 OK, but...
>>> >>>>>>> [ ] -0 OK, but really should fix...
>>> >>>>>>> [ ] -1 I oppose this release because...
>>> >>>>>>>
>>> >>>>>>> Thanks!
>>> >>>>>>>
>>> >>>>>>> Gary Gregory
>>> >>>>>>>
>>> >>>>>>> --
>>> >>>>>>> E-Mail: [hidden email] | [hidden email] <
>>> >>>>> [hidden email]>
>>> >>>>>>> Java Persistence with Hibernate, Second Edition
>>> >>>>>>>
>>> >>>>>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
>>> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
>>> >>>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b
>>> >>> 1af9fe6a2b8>
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> >>>>> am2&o=1&a=1617290459>
>>> >>>>>>> JUnit in Action, Second Edition
>>> >>>>>>>
>>> >>>>>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
>>> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
>>> >>>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac
>>> >>> 902a24de418%22
>>> >>>>>>
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> >>>>> am2&o=1&a=1935182021>
>>> >>>>>>> Spring Batch in Action
>>> >>>>>>>
>>> >>>>>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
>>> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
>>> >>>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
>>> >>>>> 7Blink_id%7D%7D%22%3ESpring%20Batch%20in%20Action>
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> >>>>> am2&o=1&a=1935182951>
>>> >>>>>>> Blog: http://garygregory.wordpress.com
>>> >>>>>>> Home: http://garygregory.com/
>>> >>>>>>> Tweet! http://twitter.com/GaryGregory
>>> >>>>>>
>>> >>>>>> --
>>> >>>>>> Stian Soiland-Reyes
>>> >>>>>> http://orcid.org/0000-0001-9842-9718
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>> --
>>> >>>>> Stian Soiland-Reyes
>>> >>>>> http://orcid.org/0000-0001-9842-9718
>>> >>>>>
>>> >>>>> ------------------------------------------------------------
>>> ---------
>>> >>>>> To unsubscribe, e-mail: [hidden email]
>>> >>>>> For additional commands, e-mail: [hidden email]
>>> >>>>>
>>> >>>>>
>>> >>>>
>>> >>>>
>>> >>>> --
>>> >>>> E-Mail: [hidden email] | [hidden email]
>>> >>>> Java Persistence with Hibernate, Second Edition
>>> >>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
>>> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
>>> >>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>>> >>>>
>>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> >>> am2&o=1&a=1617290459>
>>> >>>> JUnit in Action, Second Edition
>>> >>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
>>> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
>>> >>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a
>>> 24de418%22>
>>> >>>>
>>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> >>> am2&o=1&a=1935182021>
>>> >>>> Spring Batch in Action
>>> >>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
>>> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
>>> >>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
>>> >>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
>>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> >>> am2&o=1&a=1935182951>
>>> >>>> Blog: http://garygregory.wordpress.com
>>> >>>> Home: http://garygregory.com/
>>> >>>> Tweet! http://twitter.com/GaryGregory
>>> >>>
>>> >>>
>>> >>>
>>> >>> --
>>> >>> Stian Soiland-Reyes
>>> >>> http://orcid.org/0000-0001-9842-9718
>>> >>>
>>> >>>
---------------------------------------------------------------------

>>> >>> To unsubscribe, e-mail: [hidden email]
>>> >>> For additional commands, e-mail: [hidden email]
>>> >>>
>>> >>>
>>> >>
>>> >>
>>> >> --
>>> >> E-Mail: [hidden email] | [hidden email]
>>> >> Java Persistence with Hibernate, Second Edition
>>> >> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
>>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
>>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>>> >>
>>> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> am2&o=1&a=1617290459>
>>> >> JUnit in Action, Second Edition
>>> >> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
>>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
>>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>>> >>
>>> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> am2&o=1&a=1935182021>
>>> >> Spring Batch in Action
>>> >> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
>>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
>>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
>>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
>>> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> am2&o=1&a=1935182951>
>>> >> Blog: http://garygregory.wordpress.com
>>> >> Home: http://garygregory.com/
>>> >> Tweet! http://twitter.com/GaryGregory
>>> >>
>>> >
>>> >
>>> >
>>> > --
>>> > E-Mail: [hidden email] | [hidden email]
>>> > Java Persistence with Hibernate, Second Edition
>>> > <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
>>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
>>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>>> >
>>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> am2&o=1&a=1617290459>
>>> > JUnit in Action, Second Edition
>>> > <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
>>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
>>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>>> >
>>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> am2&o=1&a=1935182021>
>>> > Spring Batch in Action
>>> > <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
>>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
>>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
>>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
>>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
>>> am2&o=1&a=1935182951>
>>> > Blog: http://garygregory.wordpress.com
>>> > Home: http://garygregory.com/
>>> > Tweet! http://twitter.com/GaryGregory
>>>
>>>
>>
>>
>> --
>> E-Mail: [hidden email] | [hidden email]
>> Java Persistence with Hibernate, Second Edition
>>
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>>
>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
>> JUnit in Action, Second Edition
>>
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>>
>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
>> Spring Batch in Action
>>
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
>> Blog: http://garygregory.wordpress.com
>> Home: http://garygregory.com/
>> Tweet! http://twitter.com/GaryGregory
>>
>
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

garydgregory
OK, so the good news is that I do not need to redo a Nexus deployment. I
should just need to commit the src zips to the dist dev folder and call a
new VOTE with an updated SVN rev for that part of the VOTE...

Gary

On Thu, Dec 1, 2016 at 11:21 PM, Jörg Schaible <
[hidden email]> wrote:

> Then trigger "skip" using a property and every project can set it if
> required.
>
> Gary Gregory wrote:
>
> > On Thu, Dec 1, 2016 at 6:12 PM, Gary Gregory <[hidden email]>
> > wrote:
> >
> >> The answer is, as usual, "it depends".
> >>
> >> For Apache Commons Daemon, I would like to have the bin-zip in Maven
> >> Central or each DLLs in Maven Central.
> >>
> >> But for the general case, you are right, we do not need them.
> >>
> >> I wonder if I can just put the src-zip to https://dist.apache.org/
> >> repos/dist/dev/commons/commons-parent/42-RC1/ and let the VOTE go
> >> longer...
> >>
> >
> > Ah, crud, no because the VOTE lists the revision number and if I add the
> > src zip/gz files, then the revision will be incorrect. I need an RC2
> after
> > all. Sorry about that.
> >
> > Gary
> >
> >>
> >> Gary
> >>
> >> On Thu, Dec 1, 2016 at 6:07 PM, Charles Honton <[hidden email]> wrote:
> >>
> >>> Why do we expect the src zip to be present in the maven repository?  No
> >>> other commons project pushes the src zip/gz to maven central.
> >>>
> >>> If we want to supply src zip/gz as a convenience, why wouldn’t it be at
> >>> http://commons.apache.org/proper/ <http://commons.apache.org/proper/>
> as
> >>> all other components are?
> >>>
> >>> thanks,
> >>> chas
> >>>
> >>> > On Dec 1, 2016, at 9:15 AM, Gary Gregory <[hidden email]>
> >>> wrote:
> >>> >
> >>> > [editing subject]
> >>> >
> >>> > On Thu, Dec 1, 2016 at 9:14 AM, Gary Gregory <[hidden email]
> >
> >>> wrote:
> >>> >
> >>> >> I am canceling this VOTE to deal with the missing src files.
> >>> >>
> >>> >> Gary
> >>> >>
> >>> >> On Thu, Dec 1, 2016 at 3:26 AM, Stian Soiland-Reyes
> >>> >> <[hidden email]> wrote:
> >>> >>
> >>> >>> I did "mvn clean install -Prelease" from SVN and got in target/:
> >>> >>>
> >>> >>> commons-parent-42-SNAPSHOT-src.tar.gz
> >>> >>> commons-parent-42-SNAPSHOT-src.zip
> >>> >>>
> >>> >>> however they were not installed to the Maven repository, because
> the
> >>> >>> pom says "<attach>false</attach>"
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>> On 30 November 2016 at 19:04, Gary Gregory <[hidden email]
> >
> >>> >>> wrote:
> >>> >>>> On Wed, Nov 30, 2016 at 1:34 AM, Stian Soiland-Reyes <
> >>> [hidden email]>
> >>> >>>> wrote:
> >>> >>>>
> >>> >>>>> Just a thing I noticed..
> >>> >>>>>
> >>> >>>>> In https://dist.apache.org/repos/dist/release/commons/commons->>>
> >>>>> parent/commons-parent-41/
> >>> >>>>> and before we had a -src.tar.gz and -src.zip
> >>> >>>>> (just like any other
> >>> >>>>>
> >>> >>>>> while your candidate in
> >>> >>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
> >>> t/42-RC1/
> >>> >>>>> is just the deployed pom file and so can't as easily be "built"
> or
> >>> >>>>> installed.
> >>> >>>>>
> >>> >>>>> Not a blocker for me personally, but it would be good if we can
> >>> >>>>> keep the parent similar to the other components, even if it
> >>> >>>>> doesn't have any source code. For instance Debian packages
> Commons
> >>> >>>>> parent.
> >>> >>>>>
> >>> >>>>
> >>> >>>> I looks like we started providing the src zip/gz with version 40
> >>> only.
> >>> >>> Crud!
> >>> >>>>
> >>> >>>> I'm not sure why the assembly plugin did not kick in.
> >>> >>>>
> >>> >>>> Can someone take a look?
> >>> >>>>
> >>> >>>> Thank you,
> >>> >>>> Gary
> >>> >>>>
> >>> >>>>
> >>> >>>>>
> >>> >>>>> On 30 November 2016 at 09:25, Stian Soiland-Reyes
> >>> >>>>> <[hidden email]
> >>> >
> >>> >>>>> wrote:
> >>> >>>>>> +1
> >>> >>>>>>
> >>> >>>>>> Checked:
> >>> >>>>>>
> >>> >>>>>> +1 Signatures, hashes
> >>> >>>>>> +1 tag matches repo matches dist
> >>> >>>>>> +1 No binaries
> >>> >>>>>> +1 Works with beanutils
> >>> >>>>>>
> >>> >>>>>> I got a bug when using it with Commons RDF for "mvn clean
> package
> >>> >>>>> install",
> >>> >>>>>> related to the updated site-plugin:
> >>> >>>>>>
> >>> >>>>>> [ERROR] Failed to execute goal
> >>> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site
> >>> >>>>>> (default-site)
> >>> >>> on
> >>> >>>>>> project commons-rdf-parent: Execution default-site of goal
> >>> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site failed: A
> >>> >>> required
> >>> >>>>> class
> >>> >>>>>> was missing while executing
> >>> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site:
> >>> >>>>>> org/apache/maven/doxia/sink/impl/XhtmlBaseSink
> >>> >>>>>>
> >>> >>>>>> This was fixed by updating its doxia-module-markdown dependency
> >>> from
> >>> >>> 1.6
> >>> >>>>> to
> >>> >>>>>> 1.7.
> >>> >>>>>>
> >>> >>>>>> With beanutils I tested the parent with "mvn clean install site"
> >>> and
> >>> >>> "mvn
> >>> >>>>>> release:prepare".
> >>> >>>>>>
> >>> >>>>>> On 27 November 2016 at 08:21, Gary Gregory <[hidden email]
> >
> >>> >>> wrote:
> >>> >>>>>>> We have added some enhancements since Commons Parent POM 41 was
> >>> >>>>> released,
> >>> >>>>>>> so I would like to release Commons Parent POM 42.
> >>> >>>>>>>
> >>> >>>>>>> Commons Parent POM 42 RC1 is available for review here:
> >>> >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
> >>> >>> t/42-RC1/
> >>> >>>>>>> (svn revision 17171)
> >>> >>>>>>>
> >>> >>>>>>> The tag is here:
> >>> >>>>>>>
> >>> >>>>>>>
> >>> >>>>>>> http://svn.apache.org/repos/asf/commons/proper/commons->>>
> >>>>> parent/tags/commons-parent-42-RC1/
> >>> >>>>>>> (svn revision 1771539)
> >>> >>>>>>> N.B. the SVN revision is required because SVN tags are not
> >>> >>> immutable.
> >>> >>>>>>>
> >>> >>>>>>> Maven artifacts are here:
> >>> >>>>>>>
> >>> >>>>>>>
> >>> >>>>>>> https://repository.apache.org/content/repositories/
> >>> >>>>> orgapachecommons-1221/org/apache/commons/commons-parent/42/
> >>> >>>>>>>
> >>> >>>>>>> These are the Maven artifacts and their hashes
> >>> >>>>>>>
> >>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-
> site.xml
> >>> >>>>>>> (SHA1: a76e03e9059f31abc5e3c22f4e857366e689068f)
> >>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site
> >>> >>> .xml.asc
> >>> >>>>>>> (SHA1: 16b625891e404d95eb7688a99889dc499148d060)
> >>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom
> >>> >>>>>>> (SHA1: b95e1096a4cf0d8bcd52740900a474b1e7f87dd1)
> >>> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.
> pom.asc
> >>> >>>>>>> (SHA1: 810728ac23f181f0f706ae0132bdb406288f5859)
> >>> >>>>>>>
> >>> >>>>>>> I built this with:
> >>> >>>>>>>
> >>> >>>>>>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
> >>> >>>>>>> 2015-11-10T08:41:47-08:00)
> >>> >>>>>>> Maven home: E:\Java\apache-maven-3.3.9\bin\..
> >>> >>>>>>> Java version: 1.8.0_112, vendor: Oracle Corporation
> >>> >>>>>>> Java home: C:\Program Files\Java\jdk1.8.0_112\jre
> >>> >>>>>>> Default locale: en_US, platform encoding: Cp1252
> >>> >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
> >>> >>>>>>> "dos"
> >>> >>>>>>>
> >>> >>>>>>> The site was built with:
> >>> >>>>>>>
> >>> >>>>>>> Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1;
> >>> >>>>>>> 2014-12-14T09:29:23-08:00)
> >>> >>>>>>> Maven home: E:\Java\apache-maven-3.2.5
> >>> >>>>>>> Java version: 1.7.0_79, vendor: Oracle Corporation
> >>> >>>>>>> Java home: C:\Program Files\Java\jdk1.7.0_79\jre
> >>> >>>>>>> Default locale: en_US, platform encoding: Cp1252
> >>> >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
> >>> >>> "windows"
> >>> >>>>>>>
> >>> >>>>>>> [because Maven 3.3.9 gets an exception due to a binary
> >>> compatiblity
> >>> >>>>> break
> >>> >>>>>>> in Slf4j.)
> >>> >>>>>>>
> >>> >>>>>>> Details of changes since 41 are in the release notes:
> >>> >>>>>>>
> >>> >>>>>>>
> >>> >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons->>>
> >>>>> parent/42-RC1/RELEASE-NOTES.txt
> >>> >>>>>>>
> >>> >>>>>>>
> >>> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42->>>
> >>>>> RC1/site/changes-report.html
> >>> >>>>>>>
> >>> >>>>>>> Site:
> >>> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
> RC1/site/
> >>> >>>>>>> (note some *relative* links are broken and the 42 directories
> >>> >>>>>>> are not yet created - these will be OK once the site is
> >>> >>>>>>> deployed)
> >>> >>>>>>>
> >>> >>>>>>> There is no Clirr Report (compared to 41) since there is no
> Java
> >>> >>> code in
> >>> >>>>>>> this project.
> >>> >>>>>>>
> >>> >>>>>>> RAT Report:
> >>> >>>>>>>
> >>> >>>>>>>
> >>> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42->>>
> >>>>> RC1/site/rat-report.html
> >>> >>>>>>> KEYS:
> >>> >>>>>>> https://www.apache.org/dist/commons/KEYS
> >>> >>>>>>>
> >>> >>>>>>> Please review the release candidate and vote.
> >>> >>>>>>>
> >>> >>>>>>> This lazy vote will close no sooner that 72 hours from now,
> i.e.
> >>> >>>>> sometime
> >>> >>>>>>> after 09:00 UTC 30-November 2016
> >>> >>>>>>>
> >>> >>>>>>> [ ] +1 Release these artifacts
> >>> >>>>>>> [ ] +0 OK, but...
> >>> >>>>>>> [ ] -0 OK, but really should fix...
> >>> >>>>>>> [ ] -1 I oppose this release because...
> >>> >>>>>>>
> >>> >>>>>>> Thanks!
> >>> >>>>>>>
> >>> >>>>>>> Gary Gregory
> >>> >>>>>>>
> >>> >>>>>>> --
> >>> >>>>>>> E-Mail: [hidden email] | [hidden email] <
> >>> >>>>> [hidden email]>
> >>> >>>>>>> Java Persistence with Hibernate, Second Edition
> >>> >>>>>>>
> >>> >>>>>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> >>> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> >>> >>>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b
> >>> >>> 1af9fe6a2b8>
> >>> >>>>>>>
> >>> >>>>>>>
> >>> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> >>>>> am2&o=1&a=1617290459>
> >>> >>>>>>> JUnit in Action, Second Edition
> >>> >>>>>>>
> >>> >>>>>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> >>> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> >>> >>>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac
> >>> >>> 902a24de418%22
> >>> >>>>>>
> >>> >>>>>>>
> >>> >>>>>>>
> >>> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> >>>>> am2&o=1&a=1935182021>
> >>> >>>>>>> Spring Batch in Action
> >>> >>>>>>>
> >>> >>>>>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> >>> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> >>> >>>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> >>> >>>>> 7Blink_id%7D%7D%22%3ESpring%20Batch%20in%20Action>
> >>> >>>>>>>
> >>> >>>>>>>
> >>> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> >>>>> am2&o=1&a=1935182951>
> >>> >>>>>>> Blog: http://garygregory.wordpress.com
> >>> >>>>>>> Home: http://garygregory.com/
> >>> >>>>>>> Tweet! http://twitter.com/GaryGregory
> >>> >>>>>>
> >>> >>>>>> --
> >>> >>>>>> Stian Soiland-Reyes
> >>> >>>>>> http://orcid.org/0000-0001-9842-9718
> >>> >>>>>
> >>> >>>>>
> >>> >>>>>
> >>> >>>>> --
> >>> >>>>> Stian Soiland-Reyes
> >>> >>>>> http://orcid.org/0000-0001-9842-9718
> >>> >>>>>
> >>> >>>>> ------------------------------------------------------------
> >>> ---------
> >>> >>>>> To unsubscribe, e-mail: [hidden email]
> >>> >>>>> For additional commands, e-mail: [hidden email]
> >>> >>>>>
> >>> >>>>>
> >>> >>>>
> >>> >>>>
> >>> >>>> --
> >>> >>>> E-Mail: [hidden email] | [hidden email]
> >>> >>>> Java Persistence with Hibernate, Second Edition
> >>> >>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
> >>> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
> >>> >>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2
> b8>
> >>> >>>>
> >>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> >>> am2&o=1&a=1617290459>
> >>> >>>> JUnit in Action, Second Edition
> >>> >>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
> >>> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
> >>> >>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a
> >>> 24de418%22>
> >>> >>>>
> >>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> >>> am2&o=1&a=1935182021>
> >>> >>>> Spring Batch in Action
> >>> >>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
> >>> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
> >>> >>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
> >>> >>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
> >>> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> >>> am2&o=1&a=1935182951>
> >>> >>>> Blog: http://garygregory.wordpress.com
> >>> >>>> Home: http://garygregory.com/
> >>> >>>> Tweet! http://twitter.com/GaryGregory
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>> --
> >>> >>> Stian Soiland-Reyes
> >>> >>> http://orcid.org/0000-0001-9842-9718
> >>> >>>
> >>> >>>
> ---------------------------------------------------------------------
> >>> >>> To unsubscribe, e-mail: [hidden email]
> >>> >>> For additional commands, e-mail: [hidden email]
> >>> >>>
> >>> >>>
> >>> >>
> >>> >>
> >>> >> --
> >>> >> E-Mail: [hidden email] | [hidden email]
> >>> >> Java Persistence with Hibernate, Second Edition
> >>> >> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
> >>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> >>> >>
> >>> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1617290459>
> >>> >> JUnit in Action, Second Edition
> >>> >> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
> >>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> 18%22>
> >>> >>
> >>> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1935182021>
> >>> >> Spring Batch in Action
> >>> >> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
> >>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
> >>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
> >>> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1935182951>
> >>> >> Blog: http://garygregory.wordpress.com
> >>> >> Home: http://garygregory.com/
> >>> >> Tweet! http://twitter.com/GaryGregory
> >>> >>
> >>> >
> >>> >
> >>> >
> >>> > --
> >>> > E-Mail: [hidden email] | [hidden email]
> >>> > Java Persistence with Hibernate, Second Edition
> >>> > <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
> >>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> >>> >
> >>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1617290459>
> >>> > JUnit in Action, Second Edition
> >>> > <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
> >>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> 18%22>
> >>> >
> >>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1935182021>
> >>> > Spring Batch in Action
> >>> > <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
> >>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
> >>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
> >>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1935182951>
> >>> > Blog: http://garygregory.wordpress.com
> >>> > Home: http://garygregory.com/
> >>> > Tweet! http://twitter.com/GaryGregory
> >>>
> >>>
> >>
> >>
> >> --
> >> E-Mail: [hidden email] | [hidden email]
> >> Java Persistence with Hibernate, Second Edition
> >>
> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> >>
> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1617290459>
> >> JUnit in Action, Second Edition
> >>
> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22
> >
> >>
> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182021>
> >> Spring Batch in Action
> >>
> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182951>
> >> Blog: http://garygregory.wordpress.com
> >> Home: http://garygregory.com/
> >> Tweet! http://twitter.com/GaryGregory
> >>
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


--
E-Mail: [hidden email] | [hidden email]
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
Reply | Threaded
Open this post in threaded view
|

Re: [CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

Stian Soiland-Reyes
In reply to this post by Charles Honton
I would prefer the source distribution to also be deployed in Maven
Central, as most Maven projects now do through the Apache super pom (but
then called -source-release). This means the Maven distribution for a
particular version should be completely reproducible without having to hunt
around the archive.apache.org (which is discouraged for direct downloads)
and have slight variations in paths and filenames.


We have not heard complaints from Sonatype to stop including the source
distros - that would affect all Maven-using ASF project - their presence
cause no harm.


When reviewing an RC a -src.tar.gz in the repo also makes it very easy to
check that the deployed version matches src dist (barring deliberate fraud)
- for the rng RC I had to instead check each of the -sources.jar (which are
not guaranteed to be compilable).


Another matter is the -bin releases (they are just aggregates of jars
already deployed separately) and making sure there are not like .asc.asc
extras. In a multi-module build only the top level distros should be made -
most ASF projects manage this in different ways.

On 2 Dec 2016 2:07 am, "Charles Honton" <[hidden email]> wrote:

> Why do we expect the src zip to be present in the maven repository?  No
> other commons project pushes the src zip/gz to maven central.
>
> If we want to supply src zip/gz as a convenience, why wouldn’t it be at
> http://commons.apache.org/proper/ <http://commons.apache.org/proper/> as
> all other components are?
>
> thanks,
> chas
>
> > On Dec 1, 2016, at 9:15 AM, Gary Gregory <[hidden email]> wrote:
> >
> > [editing subject]
> >
> > On Thu, Dec 1, 2016 at 9:14 AM, Gary Gregory <[hidden email]>
> wrote:
> >
> >> I am canceling this VOTE to deal with the missing src files.
> >>
> >> Gary
> >>
> >> On Thu, Dec 1, 2016 at 3:26 AM, Stian Soiland-Reyes <[hidden email]>
> >> wrote:
> >>
> >>> I did "mvn clean install -Prelease" from SVN and got in target/:
> >>>
> >>> commons-parent-42-SNAPSHOT-src.tar.gz
> >>> commons-parent-42-SNAPSHOT-src.zip
> >>>
> >>> however they were not installed to the Maven repository, because the
> >>> pom says "<attach>false</attach>"
> >>>
> >>>
> >>>
> >>> On 30 November 2016 at 19:04, Gary Gregory <[hidden email]>
> >>> wrote:
> >>>> On Wed, Nov 30, 2016 at 1:34 AM, Stian Soiland-Reyes <
> [hidden email]>
> >>>> wrote:
> >>>>
> >>>>> Just a thing I noticed..
> >>>>>
> >>>>> In https://dist.apache.org/repos/dist/release/commons/commons-
> >>>>> parent/commons-parent-41/
> >>>>> and before we had a -src.tar.gz and -src.zip
> >>>>> (just like any other
> >>>>>
> >>>>> while your candidate in
> >>>>> https://dist.apache.org/repos/dist/dev/commons/commons-
> parent/42-RC1/
> >>>>> is just the deployed pom file and so can't as easily be "built" or
> >>>>> installed.
> >>>>>
> >>>>> Not a blocker for me personally, but it would be good if we can keep
> >>>>> the parent similar to the other components, even if it doesn't have
> >>>>> any source code. For instance Debian packages Commons parent.
> >>>>>
> >>>>
> >>>> I looks like we started providing the src zip/gz with version 40 only.
> >>> Crud!
> >>>>
> >>>> I'm not sure why the assembly plugin did not kick in.
> >>>>
> >>>> Can someone take a look?
> >>>>
> >>>> Thank you,
> >>>> Gary
> >>>>
> >>>>
> >>>>>
> >>>>> On 30 November 2016 at 09:25, Stian Soiland-Reyes <[hidden email]>
> >>>>> wrote:
> >>>>>> +1
> >>>>>>
> >>>>>> Checked:
> >>>>>>
> >>>>>> +1 Signatures, hashes
> >>>>>> +1 tag matches repo matches dist
> >>>>>> +1 No binaries
> >>>>>> +1 Works with beanutils
> >>>>>>
> >>>>>> I got a bug when using it with Commons RDF for "mvn clean package
> >>>>> install",
> >>>>>> related to the updated site-plugin:
> >>>>>>
> >>>>>> [ERROR] Failed to execute goal
> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site (default-site)
> >>> on
> >>>>>> project commons-rdf-parent: Execution default-site of goal
> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site failed: A
> >>> required
> >>>>> class
> >>>>>> was missing while executing
> >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site:
> >>>>>> org/apache/maven/doxia/sink/impl/XhtmlBaseSink
> >>>>>>
> >>>>>> This was fixed by updating its doxia-module-markdown dependency from
> >>> 1.6
> >>>>> to
> >>>>>> 1.7.
> >>>>>>
> >>>>>> With beanutils I tested the parent with "mvn clean install site" and
> >>> "mvn
> >>>>>> release:prepare".
> >>>>>>
> >>>>>> On 27 November 2016 at 08:21, Gary Gregory <[hidden email]>
> >>> wrote:
> >>>>>>> We have added some enhancements since Commons Parent POM 41 was
> >>>>> released,
> >>>>>>> so I would like to release Commons Parent POM 42.
> >>>>>>>
> >>>>>>> Commons Parent POM 42 RC1 is available for review here:
> >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
> >>> t/42-RC1/
> >>>>>>> (svn revision 17171)
> >>>>>>>
> >>>>>>> The tag is here:
> >>>>>>>
> >>>>>>>
> >>>>>>> http://svn.apache.org/repos/asf/commons/proper/commons-
> >>>>> parent/tags/commons-parent-42-RC1/
> >>>>>>> (svn revision 1771539)
> >>>>>>> N.B. the SVN revision is required because SVN tags are not
> >>> immutable.
> >>>>>>>
> >>>>>>> Maven artifacts are here:
> >>>>>>>
> >>>>>>>
> >>>>>>> https://repository.apache.org/content/repositories/
> >>>>> orgapachecommons-1221/org/apache/commons/commons-parent/42/
> >>>>>>>
> >>>>>>> These are the Maven artifacts and their hashes
> >>>>>>>
> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site.xml
> >>>>>>> (SHA1: a76e03e9059f31abc5e3c22f4e857366e689068f)
> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site
> >>> .xml.asc
> >>>>>>> (SHA1: 16b625891e404d95eb7688a99889dc499148d060)
> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom
> >>>>>>> (SHA1: b95e1096a4cf0d8bcd52740900a474b1e7f87dd1)
> >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom.asc
> >>>>>>> (SHA1: 810728ac23f181f0f706ae0132bdb406288f5859)
> >>>>>>>
> >>>>>>> I built this with:
> >>>>>>>
> >>>>>>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
> >>>>>>> 2015-11-10T08:41:47-08:00)
> >>>>>>> Maven home: E:\Java\apache-maven-3.3.9\bin\..
> >>>>>>> Java version: 1.8.0_112, vendor: Oracle Corporation
> >>>>>>> Java home: C:\Program Files\Java\jdk1.8.0_112\jre
> >>>>>>> Default locale: en_US, platform encoding: Cp1252
> >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family: "dos"
> >>>>>>>
> >>>>>>> The site was built with:
> >>>>>>>
> >>>>>>> Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1;
> >>>>>>> 2014-12-14T09:29:23-08:00)
> >>>>>>> Maven home: E:\Java\apache-maven-3.2.5
> >>>>>>> Java version: 1.7.0_79, vendor: Oracle Corporation
> >>>>>>> Java home: C:\Program Files\Java\jdk1.7.0_79\jre
> >>>>>>> Default locale: en_US, platform encoding: Cp1252
> >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
> >>> "windows"
> >>>>>>>
> >>>>>>> [because Maven 3.3.9 gets an exception due to a binary compatiblity
> >>>>> break
> >>>>>>> in Slf4j.)
> >>>>>>>
> >>>>>>> Details of changes since 41 are in the release notes:
> >>>>>>>
> >>>>>>>
> >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-
> >>>>> parent/42-RC1/RELEASE-NOTES.txt
> >>>>>>>
> >>>>>>>
> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
> >>>>> RC1/site/changes-report.html
> >>>>>>>
> >>>>>>> Site:
> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-RC1/site/
> >>>>>>> (note some *relative* links are broken and the 42 directories are
> >>>>>>> not yet created - these will be OK once the site is deployed)
> >>>>>>>
> >>>>>>> There is no Clirr Report (compared to 41) since there is no Java
> >>> code in
> >>>>>>> this project.
> >>>>>>>
> >>>>>>> RAT Report:
> >>>>>>>
> >>>>>>>
> >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
> >>>>> RC1/site/rat-report.html
> >>>>>>> KEYS:
> >>>>>>> https://www.apache.org/dist/commons/KEYS
> >>>>>>>
> >>>>>>> Please review the release candidate and vote.
> >>>>>>>
> >>>>>>> This lazy vote will close no sooner that 72 hours from now, i.e.
> >>>>> sometime
> >>>>>>> after 09:00 UTC 30-November 2016
> >>>>>>>
> >>>>>>> [ ] +1 Release these artifacts
> >>>>>>> [ ] +0 OK, but...
> >>>>>>> [ ] -0 OK, but really should fix...
> >>>>>>> [ ] -1 I oppose this release because...
> >>>>>>>
> >>>>>>> Thanks!
> >>>>>>>
> >>>>>>> Gary Gregory
> >>>>>>>
> >>>>>>> --
> >>>>>>> E-Mail: [hidden email] | [hidden email] <
> >>>>> [hidden email]>
> >>>>>>> Java Persistence with Hibernate, Second Edition
> >>>>>>>
> >>>>>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> >>>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b
> >>> 1af9fe6a2b8>
> >>>>>>>
> >>>>>>>
> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>>>> am2&o=1&a=1617290459>
> >>>>>>> JUnit in Action, Second Edition
> >>>>>>>
> >>>>>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> >>>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac
> >>> 902a24de418%22
> >>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>>>> am2&o=1&a=1935182021>
> >>>>>>> Spring Batch in Action
> >>>>>>>
> >>>>>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> >>>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> >>>>> 7Blink_id%7D%7D%22%3ESpring%20Batch%20in%20Action>
> >>>>>>>
> >>>>>>>
> >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>>>> am2&o=1&a=1935182951>
> >>>>>>> Blog: http://garygregory.wordpress.com
> >>>>>>> Home: http://garygregory.com/
> >>>>>>> Tweet! http://twitter.com/GaryGregory
> >>>>>>
> >>>>>> --
> >>>>>> Stian Soiland-Reyes
> >>>>>> http://orcid.org/0000-0001-9842-9718
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Stian Soiland-Reyes
> >>>>> http://orcid.org/0000-0001-9842-9718
> >>>>>
> >>>>> ------------------------------------------------------------
> ---------
> >>>>> To unsubscribe, e-mail: [hidden email]
> >>>>> For additional commands, e-mail: [hidden email]
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>> --
> >>>> E-Mail: [hidden email] | [hidden email]
> >>>> Java Persistence with Hibernate, Second Edition
> >>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
> >>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> >>>>
> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1617290459>
> >>>> JUnit in Action, Second Edition
> >>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
> >>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> 18%22>
> >>>>
> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1935182021>
> >>>> Spring Batch in Action
> >>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
> >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
> >>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
> >>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
> >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> >>> am2&o=1&a=1935182951>
> >>>> Blog: http://garygregory.wordpress.com
> >>>> Home: http://garygregory.com/
> >>>> Tweet! http://twitter.com/GaryGregory
> >>>
> >>>
> >>>
> >>> --
> >>> Stian Soiland-Reyes
> >>> http://orcid.org/0000-0001-9842-9718
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: [hidden email]
> >>> For additional commands, e-mail: [hidden email]
> >>>
> >>>
> >>
> >>
> >> --
> >> E-Mail: [hidden email] | [hidden email]
> >> Java Persistence with Hibernate, Second Edition
> >> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> >>
> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1617290459>
> >> JUnit in Action, Second Edition
> >> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22
> >
> >>
> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182021>
> >> Spring Batch in Action
> >> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> >> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182951>
> >> Blog: http://garygregory.wordpress.com
> >> Home: http://garygregory.com/
> >> Tweet! http://twitter.com/GaryGregory
> >>
> >
> >
> >
> > --
> > E-Mail: [hidden email] | [hidden email]
> > Java Persistence with Hibernate, Second Edition
> > <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> >
> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1617290459>
> > JUnit in Action, Second Edition
> > <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22
> >
> >
> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182021>
> > Spring Batch in Action
> > <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182951>
> > Blog: http://garygregory.wordpress.com
> > Home: http://garygregory.com/
> > Tweet! http://twitter.com/GaryGregory
>
>
Reply | Threaded
Open this post in threaded view
|

Re: [CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

Gilles Sadowski
On Sat, 3 Dec 2016 10:53:27 +0000, Stian Soiland-Reyes wrote:

> I would prefer the source distribution to also be deployed in Maven
> Central, as most Maven projects now do through the Apache super pom
> (but
> then called -source-release). This means the Maven distribution for a
> particular version should be completely reproducible without having
> to hunt
> around the archive.apache.org (which is discouraged for direct
> downloads)
> and have slight variations in paths and filenames.
>
>
> We have not heard complaints from Sonatype to stop including the
> source
> distros - that would affect all Maven-using ASF project - their
> presence
> cause no harm.
>
>
> When reviewing an RC a -src.tar.gz in the repo also makes it very
> easy to
> check that the deployed version matches src dist (barring deliberate
> fraud)
> - for the rng RC I had to instead check each of the -sources.jar
> (which are
> not guaranteed to be compilable).
>
>
> Another matter is the -bin releases (they are just aggregates of jars
> already deployed separately) and making sure there are not like
> .asc.asc
> extras. In a multi-module build only the top level distros should be
> made -
> most ASF projects manage this in different ways.

This is the opposite of what the "release tools" (I don't which
exactly):
* they upload every module source and bin packages (+ sigs, checksum
and hash)
* they do not upload the "aggregate" distribution

For the latter, I've been told they I have to create specific
"assembly"
files and call "mvn assembly:single" but see
   https://issues.apache.org/jira/browse/RNG-31

These are tasks common to all releases, it should be dealt with in
commons-parent, even if it implies some additional conventions (not
a problem I guess!).

Since this is discussed now, it would be an opportunity to introduce
the much waited functionalities before release v42:
* create and upload full distribution to Nexus (and make a copy to
   the SVN "dev" directory
* not upload the partial (modules) source and binary archives to Nexus
   (avoid manual deletion)
* ensure that top-level LICENSE and NOTICE files are included in the
   all the modules JAR files


Regards,
Gilles


> On 2 Dec 2016 2:07 am, "Charles Honton" <[hidden email]> wrote:
>
>> Why do we expect the src zip to be present in the maven repository?  
>> No
>> other commons project pushes the src zip/gz to maven central.
>>
>> If we want to supply src zip/gz as a convenience, why wouldn’t it be
>> at
>> http://commons.apache.org/proper/ 
>> <http://commons.apache.org/proper/> as
>> all other components are?
>>
>> thanks,
>> chas
>>
>> > [...]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

garydgregory
In reply to this post by Stian Soiland-Reyes
So, when I run:

mvn clean deploy -Duser.name=ggregory -Prelease -Ptest-deploy

The zip and gz files are created but not signed or hashed.

Thoughts?

Gary


On Sat, Dec 3, 2016 at 2:53 AM, Stian Soiland-Reyes <[hidden email]>
wrote:

> I would prefer the source distribution to also be deployed in Maven
> Central, as most Maven projects now do through the Apache super pom (but
> then called -source-release). This means the Maven distribution for a
> particular version should be completely reproducible without having to hunt
> around the archive.apache.org (which is discouraged for direct downloads)
> and have slight variations in paths and filenames.
>
>
> We have not heard complaints from Sonatype to stop including the source
> distros - that would affect all Maven-using ASF project - their presence
> cause no harm.
>
>
> When reviewing an RC a -src.tar.gz in the repo also makes it very easy to
> check that the deployed version matches src dist (barring deliberate fraud)
> - for the rng RC I had to instead check each of the -sources.jar (which are
> not guaranteed to be compilable).
>
>
> Another matter is the -bin releases (they are just aggregates of jars
> already deployed separately) and making sure there are not like .asc.asc
> extras. In a multi-module build only the top level distros should be made -
> most ASF projects manage this in different ways.
>
> On 2 Dec 2016 2:07 am, "Charles Honton" <[hidden email]> wrote:
>
> > Why do we expect the src zip to be present in the maven repository?  No
> > other commons project pushes the src zip/gz to maven central.
> >
> > If we want to supply src zip/gz as a convenience, why wouldn’t it be at
> > http://commons.apache.org/proper/ <http://commons.apache.org/proper/> as
> > all other components are?
> >
> > thanks,
> > chas
> >
> > > On Dec 1, 2016, at 9:15 AM, Gary Gregory <[hidden email]>
> wrote:
> > >
> > > [editing subject]
> > >
> > > On Thu, Dec 1, 2016 at 9:14 AM, Gary Gregory <[hidden email]>
> > wrote:
> > >
> > >> I am canceling this VOTE to deal with the missing src files.
> > >>
> > >> Gary
> > >>
> > >> On Thu, Dec 1, 2016 at 3:26 AM, Stian Soiland-Reyes <[hidden email]
> >
> > >> wrote:
> > >>
> > >>> I did "mvn clean install -Prelease" from SVN and got in target/:
> > >>>
> > >>> commons-parent-42-SNAPSHOT-src.tar.gz
> > >>> commons-parent-42-SNAPSHOT-src.zip
> > >>>
> > >>> however they were not installed to the Maven repository, because the
> > >>> pom says "<attach>false</attach>"
> > >>>
> > >>>
> > >>>
> > >>> On 30 November 2016 at 19:04, Gary Gregory <[hidden email]>
> > >>> wrote:
> > >>>> On Wed, Nov 30, 2016 at 1:34 AM, Stian Soiland-Reyes <
> > [hidden email]>
> > >>>> wrote:
> > >>>>
> > >>>>> Just a thing I noticed..
> > >>>>>
> > >>>>> In https://dist.apache.org/repos/dist/release/commons/commons-
> > >>>>> parent/commons-parent-41/
> > >>>>> and before we had a -src.tar.gz and -src.zip
> > >>>>> (just like any other
> > >>>>>
> > >>>>> while your candidate in
> > >>>>> https://dist.apache.org/repos/dist/dev/commons/commons-
> > parent/42-RC1/
> > >>>>> is just the deployed pom file and so can't as easily be "built" or
> > >>>>> installed.
> > >>>>>
> > >>>>> Not a blocker for me personally, but it would be good if we can
> keep
> > >>>>> the parent similar to the other components, even if it doesn't have
> > >>>>> any source code. For instance Debian packages Commons parent.
> > >>>>>
> > >>>>
> > >>>> I looks like we started providing the src zip/gz with version 40
> only.
> > >>> Crud!
> > >>>>
> > >>>> I'm not sure why the assembly plugin did not kick in.
> > >>>>
> > >>>> Can someone take a look?
> > >>>>
> > >>>> Thank you,
> > >>>> Gary
> > >>>>
> > >>>>
> > >>>>>
> > >>>>> On 30 November 2016 at 09:25, Stian Soiland-Reyes <
> [hidden email]>
> > >>>>> wrote:
> > >>>>>> +1
> > >>>>>>
> > >>>>>> Checked:
> > >>>>>>
> > >>>>>> +1 Signatures, hashes
> > >>>>>> +1 tag matches repo matches dist
> > >>>>>> +1 No binaries
> > >>>>>> +1 Works with beanutils
> > >>>>>>
> > >>>>>> I got a bug when using it with Commons RDF for "mvn clean package
> > >>>>> install",
> > >>>>>> related to the updated site-plugin:
> > >>>>>>
> > >>>>>> [ERROR] Failed to execute goal
> > >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site
> (default-site)
> > >>> on
> > >>>>>> project commons-rdf-parent: Execution default-site of goal
> > >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site failed: A
> > >>> required
> > >>>>> class
> > >>>>>> was missing while executing
> > >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site:
> > >>>>>> org/apache/maven/doxia/sink/impl/XhtmlBaseSink
> > >>>>>>
> > >>>>>> This was fixed by updating its doxia-module-markdown dependency
> from
> > >>> 1.6
> > >>>>> to
> > >>>>>> 1.7.
> > >>>>>>
> > >>>>>> With beanutils I tested the parent with "mvn clean install site"
> and
> > >>> "mvn
> > >>>>>> release:prepare".
> > >>>>>>
> > >>>>>> On 27 November 2016 at 08:21, Gary Gregory <[hidden email]>
> > >>> wrote:
> > >>>>>>> We have added some enhancements since Commons Parent POM 41 was
> > >>>>> released,
> > >>>>>>> so I would like to release Commons Parent POM 42.
> > >>>>>>>
> > >>>>>>> Commons Parent POM 42 RC1 is available for review here:
> > >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
> > >>> t/42-RC1/
> > >>>>>>> (svn revision 17171)
> > >>>>>>>
> > >>>>>>> The tag is here:
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> http://svn.apache.org/repos/asf/commons/proper/commons-
> > >>>>> parent/tags/commons-parent-42-RC1/
> > >>>>>>> (svn revision 1771539)
> > >>>>>>> N.B. the SVN revision is required because SVN tags are not
> > >>> immutable.
> > >>>>>>>
> > >>>>>>> Maven artifacts are here:
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> https://repository.apache.org/content/repositories/
> > >>>>> orgapachecommons-1221/org/apache/commons/commons-parent/42/
> > >>>>>>>
> > >>>>>>> These are the Maven artifacts and their hashes
> > >>>>>>>
> > >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site.xml
> > >>>>>>> (SHA1: a76e03e9059f31abc5e3c22f4e857366e689068f)
> > >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site
> > >>> .xml.asc
> > >>>>>>> (SHA1: 16b625891e404d95eb7688a99889dc499148d060)
> > >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom
> > >>>>>>> (SHA1: b95e1096a4cf0d8bcd52740900a474b1e7f87dd1)
> > >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom.asc
> > >>>>>>> (SHA1: 810728ac23f181f0f706ae0132bdb406288f5859)
> > >>>>>>>
> > >>>>>>> I built this with:
> > >>>>>>>
> > >>>>>>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
> > >>>>>>> 2015-11-10T08:41:47-08:00)
> > >>>>>>> Maven home: E:\Java\apache-maven-3.3.9\bin\..
> > >>>>>>> Java version: 1.8.0_112, vendor: Oracle Corporation
> > >>>>>>> Java home: C:\Program Files\Java\jdk1.8.0_112\jre
> > >>>>>>> Default locale: en_US, platform encoding: Cp1252
> > >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
> "dos"
> > >>>>>>>
> > >>>>>>> The site was built with:
> > >>>>>>>
> > >>>>>>> Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1;
> > >>>>>>> 2014-12-14T09:29:23-08:00)
> > >>>>>>> Maven home: E:\Java\apache-maven-3.2.5
> > >>>>>>> Java version: 1.7.0_79, vendor: Oracle Corporation
> > >>>>>>> Java home: C:\Program Files\Java\jdk1.7.0_79\jre
> > >>>>>>> Default locale: en_US, platform encoding: Cp1252
> > >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
> > >>> "windows"
> > >>>>>>>
> > >>>>>>> [because Maven 3.3.9 gets an exception due to a binary
> compatiblity
> > >>>>> break
> > >>>>>>> in Slf4j.)
> > >>>>>>>
> > >>>>>>> Details of changes since 41 are in the release notes:
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-
> > >>>>> parent/42-RC1/RELEASE-NOTES.txt
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
> > >>>>> RC1/site/changes-report.html
> > >>>>>>>
> > >>>>>>> Site:
> > >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-RC1/site/
> > >>>>>>> (note some *relative* links are broken and the 42 directories are
> > >>>>>>> not yet created - these will be OK once the site is deployed)
> > >>>>>>>
> > >>>>>>> There is no Clirr Report (compared to 41) since there is no Java
> > >>> code in
> > >>>>>>> this project.
> > >>>>>>>
> > >>>>>>> RAT Report:
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
> > >>>>> RC1/site/rat-report.html
> > >>>>>>> KEYS:
> > >>>>>>> https://www.apache.org/dist/commons/KEYS
> > >>>>>>>
> > >>>>>>> Please review the release candidate and vote.
> > >>>>>>>
> > >>>>>>> This lazy vote will close no sooner that 72 hours from now, i.e.
> > >>>>> sometime
> > >>>>>>> after 09:00 UTC 30-November 2016
> > >>>>>>>
> > >>>>>>> [ ] +1 Release these artifacts
> > >>>>>>> [ ] +0 OK, but...
> > >>>>>>> [ ] -0 OK, but really should fix...
> > >>>>>>> [ ] -1 I oppose this release because...
> > >>>>>>>
> > >>>>>>> Thanks!
> > >>>>>>>
> > >>>>>>> Gary Gregory
> > >>>>>>>
> > >>>>>>> --
> > >>>>>>> E-Mail: [hidden email] | [hidden email] <
> > >>>>> [hidden email]>
> > >>>>>>> Java Persistence with Hibernate, Second Edition
> > >>>>>>>
> > >>>>>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> > >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> > >>>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b
> > >>> 1af9fe6a2b8>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>>>> am2&o=1&a=1617290459>
> > >>>>>>> JUnit in Action, Second Edition
> > >>>>>>>
> > >>>>>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> > >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> > >>>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac
> > >>> 902a24de418%22
> > >>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>>>> am2&o=1&a=1935182021>
> > >>>>>>> Spring Batch in Action
> > >>>>>>>
> > >>>>>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> > >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> > >>>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> > >>>>> 7Blink_id%7D%7D%22%3ESpring%20Batch%20in%20Action>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>>>> am2&o=1&a=1935182951>
> > >>>>>>> Blog: http://garygregory.wordpress.com
> > >>>>>>> Home: http://garygregory.com/
> > >>>>>>> Tweet! http://twitter.com/GaryGregory
> > >>>>>>
> > >>>>>> --
> > >>>>>> Stian Soiland-Reyes
> > >>>>>> http://orcid.org/0000-0001-9842-9718
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> --
> > >>>>> Stian Soiland-Reyes
> > >>>>> http://orcid.org/0000-0001-9842-9718
> > >>>>>
> > >>>>> ------------------------------------------------------------
> > ---------
> > >>>>> To unsubscribe, e-mail: [hidden email]
> > >>>>> For additional commands, e-mail: [hidden email]
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>
> > >>>> --
> > >>>> E-Mail: [hidden email] | [hidden email]
> > >>>> Java Persistence with Hibernate, Second Edition
> > >>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
> > >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
> > >>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> > >>>>
> > >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>> am2&o=1&a=1617290459>
> > >>>> JUnit in Action, Second Edition
> > >>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
> > >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
> > >>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> > 18%22>
> > >>>>
> > >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>> am2&o=1&a=1935182021>
> > >>>> Spring Batch in Action
> > >>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
> > >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
> > >>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
> > >>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
> > >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>> am2&o=1&a=1935182951>
> > >>>> Blog: http://garygregory.wordpress.com
> > >>>> Home: http://garygregory.com/
> > >>>> Tweet! http://twitter.com/GaryGregory
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> Stian Soiland-Reyes
> > >>> http://orcid.org/0000-0001-9842-9718
> > >>>
> > >>> ------------------------------------------------------------
> ---------
> > >>> To unsubscribe, e-mail: [hidden email]
> > >>> For additional commands, e-mail: [hidden email]
> > >>>
> > >>>
> > >>
> > >>
> > >> --
> > >> E-Mail: [hidden email] | [hidden email]
> > >> Java Persistence with Hibernate, Second Edition
> > >> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> > linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> > >>
> > >> <http:////ir-na.amazon-adsystem.com/e/ir?t=
> garygregory-20&l=am2&o=1&a=
> > 1617290459>
> > >> JUnit in Action, Second Edition
> > >> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> > linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> 18%22
> > >
> > >>
> > >> <http:////ir-na.amazon-adsystem.com/e/ir?t=
> garygregory-20&l=am2&o=1&a=
> > 1935182021>
> > >> Spring Batch in Action
> > >> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> > linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> > 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> > >> <http:////ir-na.amazon-adsystem.com/e/ir?t=
> garygregory-20&l=am2&o=1&a=
> > 1935182951>
> > >> Blog: http://garygregory.wordpress.com
> > >> Home: http://garygregory.com/
> > >> Tweet! http://twitter.com/GaryGregory
> > >>
> > >
> > >
> > >
> > > --
> > > E-Mail: [hidden email] | [hidden email]
> > > Java Persistence with Hibernate, Second Edition
> > > <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> > linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> > >
> > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> > 1617290459>
> > > JUnit in Action, Second Edition
> > > <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> > linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> 18%22
> > >
> > >
> > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> > 1935182021>
> > > Spring Batch in Action
> > > <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> > linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> > 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> > 1935182951>
> > > Blog: http://garygregory.wordpress.com
> > > Home: http://garygregory.com/
> > > Tweet! http://twitter.com/GaryGregory
> >
> >
>



--
E-Mail: [hidden email] | [hidden email]
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
Reply | Threaded
Open this post in threaded view
|

Commons release policy

Charles Honton
To follow up the thread on releasing parent 42 and exactly what needs to signed, etc.  I’ve researched asf release policy.  Here’s the gist:

1. Every ASF release must contain a source package, which must be sufficient for a user to build and test the release provided they have access to the appropriate platform and tools. <http://www.apache.org/dev/release#what-must-every-release-contain>

2. A release isn't 'released' until the contents are in the project's distribution directory, which is a subdirectory of www.apache.org/dist/ <http://www.apache.org/dev/release#where-do-releases-go>.

3. Every artifact distributed to the public through Apache channels MUST be accompanied by one file containing an OpenPGP compatible ASCII armored detached signature and another file containing an MD5 checksum. <https://www.apache.org/dev/release-distribution.html#sigs-and-sums>

What do we consider the source package for our releases?  
Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient to build and test the release?  
Is the zip/gz just a convenience and is it still useful/required?  
Or is it the reverse, the zip/gz is the release and the jars are the convenience distributions?

regards,
chas
Reply | Threaded
Open this post in threaded view
|

Re: Commons release policy

garydgregory
On Dec 3, 2016 9:34 AM, "Charles Honton" <[hidden email]> wrote:
>
> To follow up the thread on releasing parent 42 and exactly what needs to
signed, etc.  I’ve researched asf release policy.  Here’s the gist:
>
> 1. Every ASF release must contain a source package, which must be
sufficient for a user to build and test the release provided they have
access to the appropriate platform and tools. <
http://www.apache.org/dev/release#what-must-every-release-contain>
>
> 2. A release isn't 'released' until the contents are in the project's
distribution directory, which is a subdirectory of www.apache.org/dist/ <
http://www.apache.org/dev/release#where-do-releases-go>.
>
> 3. Every artifact distributed to the public through Apache channels MUST
be accompanied by one file containing an OpenPGP compatible ASCII armored
detached signature and another file containing an MD5 checksum. <
https://www.apache.org/dev/release-distribution.html#sigs-and-sums>
>
> What do we consider the source package for our releases?
> Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient to
build and test the release?

Nope. A sources jar is a convenience for IDEs, it usually does not contain
build scripts and such. I am AFK so I am hoping someone can provide an
example.

> Is the zip/gz just a convenience and is it still useful/required?

That should contain almost everything that is in the repo except for things
like old files like proposal.html.

> Or is it the reverse, the zip/gz is the release and the jars are the
convenience distributions?

Yep. The release are the zip/gz sources. All binaries are conveniences.
Granted that without a Maven Central jar release, a component is not easy
to reuse.

Gary

>
> regards,
> chas
Reply | Threaded
Open this post in threaded view
|

Re: Commons release policy

Matt Sicker
The source jar does just include the .java/.scala/etc. files along with
anything in src/main/resources/ (and anything else configured, though this
is the default). I think that a source jar is required for distribution on
maven central. Besides making releases on the /dist/ svn repo, there's
repository.apache.org which can also technically be used to download maven
artifacts besides MC (plus I think bintray/jcenter mirrors everything on
MC).

So basically, at the bare minimum, you need the source tarball/zip on dist
which can be used by users to build usable artifacts from source using the
relevant build tools and publicly available dependencies (which of course
are licensed appropriately). All artifacts are signed along with at least
an md5 hash, but I typically also see shaN hashes along with since md5 is
so old and broken (maybe this policy should be updated?). And then the flow
from repository.apache.org to MC and elsewhere only contains the compiled
jars, source jars, poms, and sometimes accompanying xml artifacts or zips.

On 3 December 2016 at 12:14, Gary Gregory <[hidden email]> wrote:

> On Dec 3, 2016 9:34 AM, "Charles Honton" <[hidden email]> wrote:
> >
> > To follow up the thread on releasing parent 42 and exactly what needs to
> signed, etc.  I’ve researched asf release policy.  Here’s the gist:
> >
> > 1. Every ASF release must contain a source package, which must be
> sufficient for a user to build and test the release provided they have
> access to the appropriate platform and tools. <
> http://www.apache.org/dev/release#what-must-every-release-contain>
> >
> > 2. A release isn't 'released' until the contents are in the project's
> distribution directory, which is a subdirectory of www.apache.org/dist/ <
> http://www.apache.org/dev/release#where-do-releases-go>.
> >
> > 3. Every artifact distributed to the public through Apache channels MUST
> be accompanied by one file containing an OpenPGP compatible ASCII armored
> detached signature and another file containing an MD5 checksum. <
> https://www.apache.org/dev/release-distribution.html#sigs-and-sums>
> >
> > What do we consider the source package for our releases?
> > Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient to
> build and test the release?
>
> Nope. A sources jar is a convenience for IDEs, it usually does not contain
> build scripts and such. I am AFK so I am hoping someone can provide an
> example.
>
> > Is the zip/gz just a convenience and is it still useful/required?
>
> That should contain almost everything that is in the repo except for things
> like old files like proposal.html.
>
> > Or is it the reverse, the zip/gz is the release and the jars are the
> convenience distributions?
>
> Yep. The release are the zip/gz sources. All binaries are conveniences.
> Granted that without a Maven Central jar release, a component is not easy
> to reuse.
>
> Gary
>
> >
> > regards,
> > chas
>



--
Matt Sicker <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Commons release policy

garydgregory
Well, getting SHA-1 hashes is not awesome either, we really need a plugin
updated to use SHA-2/SHA-256

Gary

On Sat, Dec 3, 2016 at 11:57 AM, Matt Sicker <[hidden email]> wrote:

> The source jar does just include the .java/.scala/etc. files along with
> anything in src/main/resources/ (and anything else configured, though this
> is the default). I think that a source jar is required for distribution on
> maven central. Besides making releases on the /dist/ svn repo, there's
> repository.apache.org which can also technically be used to download maven
> artifacts besides MC (plus I think bintray/jcenter mirrors everything on
> MC).
>
> So basically, at the bare minimum, you need the source tarball/zip on dist
> which can be used by users to build usable artifacts from source using the
> relevant build tools and publicly available dependencies (which of course
> are licensed appropriately). All artifacts are signed along with at least
> an md5 hash, but I typically also see shaN hashes along with since md5 is
> so old and broken (maybe this policy should be updated?). And then the flow
> from repository.apache.org to MC and elsewhere only contains the compiled
> jars, source jars, poms, and sometimes accompanying xml artifacts or zips.
>
> On 3 December 2016 at 12:14, Gary Gregory <[hidden email]> wrote:
>
> > On Dec 3, 2016 9:34 AM, "Charles Honton" <[hidden email]> wrote:
> > >
> > > To follow up the thread on releasing parent 42 and exactly what needs
> to
> > signed, etc.  I’ve researched asf release policy.  Here’s the gist:
> > >
> > > 1. Every ASF release must contain a source package, which must be
> > sufficient for a user to build and test the release provided they have
> > access to the appropriate platform and tools. <
> > http://www.apache.org/dev/release#what-must-every-release-contain>
> > >
> > > 2. A release isn't 'released' until the contents are in the project's
> > distribution directory, which is a subdirectory of www.apache.org/dist/
> <
> > http://www.apache.org/dev/release#where-do-releases-go>.
> > >
> > > 3. Every artifact distributed to the public through Apache channels
> MUST
> > be accompanied by one file containing an OpenPGP compatible ASCII armored
> > detached signature and another file containing an MD5 checksum. <
> > https://www.apache.org/dev/release-distribution.html#sigs-and-sums>
> > >
> > > What do we consider the source package for our releases?
> > > Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient to
> > build and test the release?
> >
> > Nope. A sources jar is a convenience for IDEs, it usually does not
> contain
> > build scripts and such. I am AFK so I am hoping someone can provide an
> > example.
> >
> > > Is the zip/gz just a convenience and is it still useful/required?
> >
> > That should contain almost everything that is in the repo except for
> things
> > like old files like proposal.html.
> >
> > > Or is it the reverse, the zip/gz is the release and the jars are the
> > convenience distributions?
> >
> > Yep. The release are the zip/gz sources. All binaries are conveniences.
> > Granted that without a Maven Central jar release, a component is not easy
> > to reuse.
> >
> > Gary
> >
> > >
> > > regards,
> > > chas
> >
>
>
>
> --
> Matt Sicker <[hidden email]>
>



--
E-Mail: [hidden email] | [hidden email]
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
Reply | Threaded
Open this post in threaded view
|

Re: Commons release policy

garydgregory
I am not mentioning SHA-3 but you get my point.

Gary

On Sat, Dec 3, 2016 at 12:02 PM, Gary Gregory <[hidden email]>
wrote:

> Well, getting SHA-1 hashes is not awesome either, we really need a plugin
> updated to use SHA-2/SHA-256
>
> Gary
>
> On Sat, Dec 3, 2016 at 11:57 AM, Matt Sicker <[hidden email]> wrote:
>
>> The source jar does just include the .java/.scala/etc. files along with
>> anything in src/main/resources/ (and anything else configured, though this
>> is the default). I think that a source jar is required for distribution on
>> maven central. Besides making releases on the /dist/ svn repo, there's
>> repository.apache.org which can also technically be used to download
>> maven
>> artifacts besides MC (plus I think bintray/jcenter mirrors everything on
>> MC).
>>
>> So basically, at the bare minimum, you need the source tarball/zip on dist
>> which can be used by users to build usable artifacts from source using the
>> relevant build tools and publicly available dependencies (which of course
>> are licensed appropriately). All artifacts are signed along with at least
>> an md5 hash, but I typically also see shaN hashes along with since md5 is
>> so old and broken (maybe this policy should be updated?). And then the
>> flow
>> from repository.apache.org to MC and elsewhere only contains the compiled
>> jars, source jars, poms, and sometimes accompanying xml artifacts or zips.
>>
>> On 3 December 2016 at 12:14, Gary Gregory <[hidden email]> wrote:
>>
>> > On Dec 3, 2016 9:34 AM, "Charles Honton" <[hidden email]> wrote:
>> > >
>> > > To follow up the thread on releasing parent 42 and exactly what needs
>> to
>> > signed, etc.  I’ve researched asf release policy.  Here’s the gist:
>> > >
>> > > 1. Every ASF release must contain a source package, which must be
>> > sufficient for a user to build and test the release provided they have
>> > access to the appropriate platform and tools. <
>> > http://www.apache.org/dev/release#what-must-every-release-contain>
>> > >
>> > > 2. A release isn't 'released' until the contents are in the project's
>> > distribution directory, which is a subdirectory of www.apache.org/dist/
>> <
>> > http://www.apache.org/dev/release#where-do-releases-go>.
>> > >
>> > > 3. Every artifact distributed to the public through Apache channels
>> MUST
>> > be accompanied by one file containing an OpenPGP compatible ASCII
>> armored
>> > detached signature and another file containing an MD5 checksum. <
>> > https://www.apache.org/dev/release-distribution.html#sigs-and-sums>
>> > >
>> > > What do we consider the source package for our releases?
>> > > Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient to
>> > build and test the release?
>> >
>> > Nope. A sources jar is a convenience for IDEs, it usually does not
>> contain
>> > build scripts and such. I am AFK so I am hoping someone can provide an
>> > example.
>> >
>> > > Is the zip/gz just a convenience and is it still useful/required?
>> >
>> > That should contain almost everything that is in the repo except for
>> things
>> > like old files like proposal.html.
>> >
>> > > Or is it the reverse, the zip/gz is the release and the jars are the
>> > convenience distributions?
>> >
>> > Yep. The release are the zip/gz sources. All binaries are conveniences.
>> > Granted that without a Maven Central jar release, a component is not
>> easy
>> > to reuse.
>> >
>> > Gary
>> >
>> > >
>> > > regards,
>> > > chas
>> >
>>
>>
>>
>> --
>> Matt Sicker <[hidden email]>
>>
>
>
>
> --
> E-Mail: [hidden email] | [hidden email]
> Java Persistence with Hibernate, Second Edition
> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
> JUnit in Action, Second Edition
> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
> Spring Batch in Action
> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
> Blog: http://garygregory.wordpress.com
> Home: http://garygregory.com/
> Tweet! http://twitter.com/GaryGregory
>



--
E-Mail: [hidden email] | [hidden email]
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
Reply | Threaded
Open this post in threaded view
|

Re: [CANCE][VOTE][LAZY] Release Commons Parent POM 42 based on RC1

Stian Soiland-Reyes
In reply to this post by garydgregory
They won't be signed or hashed if the files are not "attached" because then
they are not officially output artifacts of the build, and won't be
deployed.

You can run hashing and signing plugins manually, but then the ordering of
the phases matter; to avoid a race condition where the assembly plugin is
run after the signing or hashing.

Here's how we tried that in earlier release of Commons RDF:

https://github.com/apache/incubator-commonsrdf/blob/0.2.0-incubating/pom.xml#L446


note that this was buggy in other ways, e.g. it deployed .sha1.md5 etc and
I think was meant more as a convenience for the RM than for deployment. If
done on a detached file that should avoid double signatures. (My view is
that the source distros SHOULD be deployed - but of course only for the
main distro, not per module.

Maven assembly plugin etc can be hard.. should we ask on users@maven ..?

On 3 Dec 2016 4:41 pm, "Gary Gregory" <[hidden email]> wrote:

So, when I run:

mvn clean deploy -Duser.name=ggregory -Prelease -Ptest-deploy

The zip and gz files are created but not signed or hashed.

Thoughts?

Gary


On Sat, Dec 3, 2016 at 2:53 AM, Stian Soiland-Reyes <[hidden email]>
wrote:

> I would prefer the source distribution to also be deployed in Maven
> Central, as most Maven projects now do through the Apache super pom (but
> then called -source-release). This means the Maven distribution for a
> particular version should be completely reproducible without having to
hunt

> around the archive.apache.org (which is discouraged for direct downloads)
> and have slight variations in paths and filenames.
>
>
> We have not heard complaints from Sonatype to stop including the source
> distros - that would affect all Maven-using ASF project - their presence
> cause no harm.
>
>
> When reviewing an RC a -src.tar.gz in the repo also makes it very easy to
> check that the deployed version matches src dist (barring deliberate
fraud)
> - for the rng RC I had to instead check each of the -sources.jar (which
are
> not guaranteed to be compilable).
>
>
> Another matter is the -bin releases (they are just aggregates of jars
> already deployed separately) and making sure there are not like .asc.asc
> extras. In a multi-module build only the top level distros should be made
-

> most ASF projects manage this in different ways.
>
> On 2 Dec 2016 2:07 am, "Charles Honton" <[hidden email]> wrote:
>
> > Why do we expect the src zip to be present in the maven repository?  No
> > other commons project pushes the src zip/gz to maven central.
> >
> > If we want to supply src zip/gz as a convenience, why wouldn’t it be at
> > http://commons.apache.org/proper/ <http://commons.apache.org/proper/> as
> > all other components are?
> >
> > thanks,
> > chas
> >
> > > On Dec 1, 2016, at 9:15 AM, Gary Gregory <[hidden email]>
> wrote:
> > >
> > > [editing subject]
> > >
> > > On Thu, Dec 1, 2016 at 9:14 AM, Gary Gregory <[hidden email]>
> > wrote:
> > >
> > >> I am canceling this VOTE to deal with the missing src files.
> > >>
> > >> Gary
> > >>
> > >> On Thu, Dec 1, 2016 at 3:26 AM, Stian Soiland-Reyes <[hidden email]
> >
> > >> wrote:
> > >>
> > >>> I did "mvn clean install -Prelease" from SVN and got in target/:
> > >>>
> > >>> commons-parent-42-SNAPSHOT-src.tar.gz
> > >>> commons-parent-42-SNAPSHOT-src.zip
> > >>>
> > >>> however they were not installed to the Maven repository, because the
> > >>> pom says "<attach>false</attach>"
> > >>>
> > >>>
> > >>>
> > >>> On 30 November 2016 at 19:04, Gary Gregory <[hidden email]>
> > >>> wrote:
> > >>>> On Wed, Nov 30, 2016 at 1:34 AM, Stian Soiland-Reyes <
> > [hidden email]>
> > >>>> wrote:
> > >>>>
> > >>>>> Just a thing I noticed..
> > >>>>>
> > >>>>> In https://dist.apache.org/repos/dist/release/commons/commons-
> > >>>>> parent/commons-parent-41/
> > >>>>> and before we had a -src.tar.gz and -src.zip
> > >>>>> (just like any other
> > >>>>>
> > >>>>> while your candidate in
> > >>>>> https://dist.apache.org/repos/dist/dev/commons/commons-
> > parent/42-RC1/
> > >>>>> is just the deployed pom file and so can't as easily be "built" or
> > >>>>> installed.
> > >>>>>
> > >>>>> Not a blocker for me personally, but it would be good if we can
> keep
> > >>>>> the parent similar to the other components, even if it doesn't
have

> > >>>>> any source code. For instance Debian packages Commons parent.
> > >>>>>
> > >>>>
> > >>>> I looks like we started providing the src zip/gz with version 40
> only.
> > >>> Crud!
> > >>>>
> > >>>> I'm not sure why the assembly plugin did not kick in.
> > >>>>
> > >>>> Can someone take a look?
> > >>>>
> > >>>> Thank you,
> > >>>> Gary
> > >>>>
> > >>>>
> > >>>>>
> > >>>>> On 30 November 2016 at 09:25, Stian Soiland-Reyes <
> [hidden email]>
> > >>>>> wrote:
> > >>>>>> +1
> > >>>>>>
> > >>>>>> Checked:
> > >>>>>>
> > >>>>>> +1 Signatures, hashes
> > >>>>>> +1 tag matches repo matches dist
> > >>>>>> +1 No binaries
> > >>>>>> +1 Works with beanutils
> > >>>>>>
> > >>>>>> I got a bug when using it with Commons RDF for "mvn clean package
> > >>>>> install",
> > >>>>>> related to the updated site-plugin:
> > >>>>>>
> > >>>>>> [ERROR] Failed to execute goal
> > >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site
> (default-site)
> > >>> on
> > >>>>>> project commons-rdf-parent: Execution default-site of goal
> > >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site failed: A
> > >>> required
> > >>>>> class
> > >>>>>> was missing while executing
> > >>>>>> org.apache.maven.plugins:maven-site-plugin:3.6:site:
> > >>>>>> org/apache/maven/doxia/sink/impl/XhtmlBaseSink
> > >>>>>>
> > >>>>>> This was fixed by updating its doxia-module-markdown dependency
> from
> > >>> 1.6
> > >>>>> to
> > >>>>>> 1.7.
> > >>>>>>
> > >>>>>> With beanutils I tested the parent with "mvn clean install site"
> and
> > >>> "mvn
> > >>>>>> release:prepare".
> > >>>>>>
> > >>>>>> On 27 November 2016 at 08:21, Gary Gregory <[hidden email]>
> > >>> wrote:
> > >>>>>>> We have added some enhancements since Commons Parent POM 41 was
> > >>>>> released,
> > >>>>>>> so I would like to release Commons Parent POM 42.
> > >>>>>>>
> > >>>>>>> Commons Parent POM 42 RC1 is available for review here:
> > >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-paren
> > >>> t/42-RC1/
> > >>>>>>> (svn revision 17171)
> > >>>>>>>
> > >>>>>>> The tag is here:
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> http://svn.apache.org/repos/asf/commons/proper/commons-
> > >>>>> parent/tags/commons-parent-42-RC1/
> > >>>>>>> (svn revision 1771539)
> > >>>>>>> N.B. the SVN revision is required because SVN tags are not
> > >>> immutable.
> > >>>>>>>
> > >>>>>>> Maven artifacts are here:
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> https://repository.apache.org/content/repositories/
> > >>>>> orgapachecommons-1221/org/apache/commons/commons-parent/42/
> > >>>>>>>
> > >>>>>>> These are the Maven artifacts and their hashes
> > >>>>>>>
> > >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site.xml
> > >>>>>>> (SHA1: a76e03e9059f31abc5e3c22f4e857366e689068f)
> > >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42-site
> > >>> .xml.asc
> > >>>>>>> (SHA1: 16b625891e404d95eb7688a99889dc499148d060)
> > >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom
> > >>>>>>> (SHA1: b95e1096a4cf0d8bcd52740900a474b1e7f87dd1)
> > >>>>>>> /org/apache/commons/commons-parent/42/commons-parent-42.pom.asc
> > >>>>>>> (SHA1: 810728ac23f181f0f706ae0132bdb406288f5859)
> > >>>>>>>
> > >>>>>>> I built this with:
> > >>>>>>>
> > >>>>>>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
> > >>>>>>> 2015-11-10T08:41:47-08:00)
> > >>>>>>> Maven home: E:\Java\apache-maven-3.3.9\bin\..
> > >>>>>>> Java version: 1.8.0_112, vendor: Oracle Corporation
> > >>>>>>> Java home: C:\Program Files\Java\jdk1.8.0_112\jre
> > >>>>>>> Default locale: en_US, platform encoding: Cp1252
> > >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
> "dos"
> > >>>>>>>
> > >>>>>>> The site was built with:
> > >>>>>>>
> > >>>>>>> Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1;
> > >>>>>>> 2014-12-14T09:29:23-08:00)
> > >>>>>>> Maven home: E:\Java\apache-maven-3.2.5
> > >>>>>>> Java version: 1.7.0_79, vendor: Oracle Corporation
> > >>>>>>> Java home: C:\Program Files\Java\jdk1.7.0_79\jre
> > >>>>>>> Default locale: en_US, platform encoding: Cp1252
> > >>>>>>> OS name: "windows 7", version: "6.1", arch: "amd64", family:
> > >>> "windows"
> > >>>>>>>
> > >>>>>>> [because Maven 3.3.9 gets an exception due to a binary
> compatiblity
> > >>>>> break
> > >>>>>>> in Slf4j.)
> > >>>>>>>
> > >>>>>>> Details of changes since 41 are in the release notes:
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> https://dist.apache.org/repos/dist/dev/commons/commons-
> > >>>>> parent/42-RC1/RELEASE-NOTES.txt
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
> > >>>>> RC1/site/changes-report.html
> > >>>>>>>
> > >>>>>>> Site:
> > >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-RC1/site/
> > >>>>>>> (note some *relative* links are broken and the 42 directories
are

> > >>>>>>> not yet created - these will be OK once the site is deployed)
> > >>>>>>>
> > >>>>>>> There is no Clirr Report (compared to 41) since there is no Java
> > >>> code in
> > >>>>>>> this project.
> > >>>>>>>
> > >>>>>>> RAT Report:
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> https://people.apache.org/~ggregory/commons-parent-42-
> > >>>>> RC1/site/rat-report.html
> > >>>>>>> KEYS:
> > >>>>>>> https://www.apache.org/dist/commons/KEYS
> > >>>>>>>
> > >>>>>>> Please review the release candidate and vote.
> > >>>>>>>
> > >>>>>>> This lazy vote will close no sooner that 72 hours from now, i.e.
> > >>>>> sometime
> > >>>>>>> after 09:00 UTC 30-November 2016
> > >>>>>>>
> > >>>>>>> [ ] +1 Release these artifacts
> > >>>>>>> [ ] +0 OK, but...
> > >>>>>>> [ ] -0 OK, but really should fix...
> > >>>>>>> [ ] -1 I oppose this release because...
> > >>>>>>>
> > >>>>>>> Thanks!
> > >>>>>>>
> > >>>>>>> Gary Gregory
> > >>>>>>>
> > >>>>>>> --
> > >>>>>>> E-Mail: [hidden email] | [hidden email] <
> > >>>>> [hidden email]>
> > >>>>>>> Java Persistence with Hibernate, Second Edition
> > >>>>>>>
> > >>>>>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> > >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> > >>>>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b
> > >>> 1af9fe6a2b8>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>>>> am2&o=1&a=1617290459>
> > >>>>>>> JUnit in Action, Second Edition
> > >>>>>>>
> > >>>>>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> > >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> > >>>>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac
> > >>> 902a24de418%22
> > >>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>>>> am2&o=1&a=1935182021>
> > >>>>>>> Spring Batch in Action
> > >>>>>>>
> > >>>>>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> > >>>>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> > >>>>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> > >>>>> 7Blink_id%7D%7D%22%3ESpring%20Batch%20in%20Action>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> <http://ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>>>> am2&o=1&a=1935182951>
> > >>>>>>> Blog: http://garygregory.wordpress.com
> > >>>>>>> Home: http://garygregory.com/
> > >>>>>>> Tweet! http://twitter.com/GaryGregory
> > >>>>>>
> > >>>>>> --
> > >>>>>> Stian Soiland-Reyes
> > >>>>>> http://orcid.org/0000-0001-9842-9718
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> --
> > >>>>> Stian Soiland-Reyes
> > >>>>> http://orcid.org/0000-0001-9842-9718
> > >>>>>
> > >>>>> ------------------------------------------------------------
> > ---------
> > >>>>> To unsubscribe, e-mail: [hidden email]
> > >>>>> For additional commands, e-mail: [hidden email]
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>
> > >>>> --
> > >>>> E-Mail: [hidden email] | [hidden email]
> > >>>> Java Persistence with Hibernate, Second Edition
> > >>>> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?
> > >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&link
> > >>> Code=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> > >>>>
> > >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>> am2&o=1&a=1617290459>
> > >>>> JUnit in Action, Second Edition
> > >>>> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?
> > >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&link
> > >>> Code=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> > 18%22>
> > >>>>
> > >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>> am2&o=1&a=1935182021>
> > >>>> Spring Batch in Action
> > >>>> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?
> > >>> ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&link
> > >>> Code=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Bli
> > >>> nk_id%7D%7D%22%3ESpring+Batch+in+Action>
> > >>>> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=
> > >>> am2&o=1&a=1935182951>
> > >>>> Blog: http://garygregory.wordpress.com
> > >>>> Home: http://garygregory.com/
> > >>>> Tweet! http://twitter.com/GaryGregory
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> Stian Soiland-Reyes
> > >>> http://orcid.org/0000-0001-9842-9718
> > >>>
> > >>> ------------------------------------------------------------
> ---------
> > >>> To unsubscribe, e-mail: [hidden email]
> > >>> For additional commands, e-mail: [hidden email]
> > >>>
> > >>>
> > >>
> > >>
> > >> --
> > >> E-Mail: [hidden email] | [hidden email]
> > >> Java Persistence with Hibernate, Second Edition
> > >> <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> > linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> > >>
> > >> <http:////ir-na.amazon-adsystem.com/e/ir?t=
> garygregory-20&l=am2&o=1&a=
> > 1617290459>
> > >> JUnit in Action, Second Edition
> > >> <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> > linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> 18%22
> > >
> > >>
> > >> <http:////ir-na.amazon-adsystem.com/e/ir?t=
> garygregory-20&l=am2&o=1&a=
> > 1935182021>
> > >> Spring Batch in Action
> > >> <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> > linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> > 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> > >> <http:////ir-na.amazon-adsystem.com/e/ir?t=
> garygregory-20&l=am2&o=1&a=
> > 1935182951>
> > >> Blog: http://garygregory.wordpress.com
> > >> Home: http://garygregory.com/
> > >> Tweet! http://twitter.com/GaryGregory
> > >>
> > >
> > >
> > >
> > > --
> > > E-Mail: [hidden email] | [hidden email]
> > > Java Persistence with Hibernate, Second Edition
> > > <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> > linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> > >
> > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> > 1617290459>
> > > JUnit in Action, Second Edition
> > > <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> > linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> 18%22
> > >
> > >
> > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> > 1935182021>
> > > Spring Batch in Action
> > > <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> > linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> > 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> > > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> > 1935182951>
> > > Blog: http://garygregory.wordpress.com
> > > Home: http://garygregory.com/
> > > Tweet! http://twitter.com/GaryGregory
> >
> >
>



--
E-Mail: [hidden email] | [hidden email]
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_
tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_
tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_
tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
Reply | Threaded
Open this post in threaded view
|

Re: Commons release policy

sebb-2-2
In reply to this post by garydgregory
The hashes are not intended for authentication, only for checking that
the download works OK.
So the strength of the algorithm is not relevant here.

On 3 December 2016 at 20:02, Gary Gregory <[hidden email]> wrote:

> Well, getting SHA-1 hashes is not awesome either, we really need a plugin
> updated to use SHA-2/SHA-256
>
> Gary
>
> On Sat, Dec 3, 2016 at 11:57 AM, Matt Sicker <[hidden email]> wrote:
>
>> The source jar does just include the .java/.scala/etc. files along with
>> anything in src/main/resources/ (and anything else configured, though this
>> is the default). I think that a source jar is required for distribution on
>> maven central. Besides making releases on the /dist/ svn repo, there's
>> repository.apache.org which can also technically be used to download maven
>> artifacts besides MC (plus I think bintray/jcenter mirrors everything on
>> MC).
>>
>> So basically, at the bare minimum, you need the source tarball/zip on dist
>> which can be used by users to build usable artifacts from source using the
>> relevant build tools and publicly available dependencies (which of course
>> are licensed appropriately). All artifacts are signed along with at least
>> an md5 hash, but I typically also see shaN hashes along with since md5 is
>> so old and broken (maybe this policy should be updated?). And then the flow
>> from repository.apache.org to MC and elsewhere only contains the compiled
>> jars, source jars, poms, and sometimes accompanying xml artifacts or zips.
>>
>> On 3 December 2016 at 12:14, Gary Gregory <[hidden email]> wrote:
>>
>> > On Dec 3, 2016 9:34 AM, "Charles Honton" <[hidden email]> wrote:
>> > >
>> > > To follow up the thread on releasing parent 42 and exactly what needs
>> to
>> > signed, etc.  I’ve researched asf release policy.  Here’s the gist:
>> > >
>> > > 1. Every ASF release must contain a source package, which must be
>> > sufficient for a user to build and test the release provided they have
>> > access to the appropriate platform and tools. <
>> > http://www.apache.org/dev/release#what-must-every-release-contain>
>> > >
>> > > 2. A release isn't 'released' until the contents are in the project's
>> > distribution directory, which is a subdirectory of www.apache.org/dist/
>> <
>> > http://www.apache.org/dev/release#where-do-releases-go>.
>> > >
>> > > 3. Every artifact distributed to the public through Apache channels
>> MUST
>> > be accompanied by one file containing an OpenPGP compatible ASCII armored
>> > detached signature and another file containing an MD5 checksum. <
>> > https://www.apache.org/dev/release-distribution.html#sigs-and-sums>
>> > >
>> > > What do we consider the source package for our releases?
>> > > Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient to
>> > build and test the release?
>> >
>> > Nope. A sources jar is a convenience for IDEs, it usually does not
>> contain
>> > build scripts and such. I am AFK so I am hoping someone can provide an
>> > example.
>> >
>> > > Is the zip/gz just a convenience and is it still useful/required?
>> >
>> > That should contain almost everything that is in the repo except for
>> things
>> > like old files like proposal.html.
>> >
>> > > Or is it the reverse, the zip/gz is the release and the jars are the
>> > convenience distributions?
>> >
>> > Yep. The release are the zip/gz sources. All binaries are conveniences.
>> > Granted that without a Maven Central jar release, a component is not easy
>> > to reuse.
>> >
>> > Gary
>> >
>> > >
>> > > regards,
>> > > chas
>> >
>>
>>
>>
>> --
>> Matt Sicker <[hidden email]>
>>
>
>
>
> --
> E-Mail: [hidden email] | [hidden email]
> Java Persistence with Hibernate, Second Edition
> <https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
> JUnit in Action, Second Edition
> <https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>
>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
> Spring Batch in Action
> <https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
> Blog: http://garygregory.wordpress.com
> Home: http://garygregory.com/
> Tweet! http://twitter.com/GaryGregory

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Commons release policy

Matt Sicker
The .asc files should be used for verification. I don't even see the point
of adding md5 hashes anymore. Most software repositories rely on gpg
signatures instead nowadays.

On 4 December 2016 at 07:44, sebb <[hidden email]> wrote:

> The hashes are not intended for authentication, only for checking that
> the download works OK.
> So the strength of the algorithm is not relevant here.
>
> On 3 December 2016 at 20:02, Gary Gregory <[hidden email]> wrote:
> > Well, getting SHA-1 hashes is not awesome either, we really need a plugin
> > updated to use SHA-2/SHA-256
> >
> > Gary
> >
> > On Sat, Dec 3, 2016 at 11:57 AM, Matt Sicker <[hidden email]> wrote:
> >
> >> The source jar does just include the .java/.scala/etc. files along with
> >> anything in src/main/resources/ (and anything else configured, though
> this
> >> is the default). I think that a source jar is required for distribution
> on
> >> maven central. Besides making releases on the /dist/ svn repo, there's
> >> repository.apache.org which can also technically be used to download
> maven
> >> artifacts besides MC (plus I think bintray/jcenter mirrors everything on
> >> MC).
> >>
> >> So basically, at the bare minimum, you need the source tarball/zip on
> dist
> >> which can be used by users to build usable artifacts from source using
> the
> >> relevant build tools and publicly available dependencies (which of
> course
> >> are licensed appropriately). All artifacts are signed along with at
> least
> >> an md5 hash, but I typically also see shaN hashes along with since md5
> is
> >> so old and broken (maybe this policy should be updated?). And then the
> flow
> >> from repository.apache.org to MC and elsewhere only contains the
> compiled
> >> jars, source jars, poms, and sometimes accompanying xml artifacts or
> zips.
> >>
> >> On 3 December 2016 at 12:14, Gary Gregory <[hidden email]>
> wrote:
> >>
> >> > On Dec 3, 2016 9:34 AM, "Charles Honton" <[hidden email]> wrote:
> >> > >
> >> > > To follow up the thread on releasing parent 42 and exactly what
> needs
> >> to
> >> > signed, etc.  I’ve researched asf release policy.  Here’s the gist:
> >> > >
> >> > > 1. Every ASF release must contain a source package, which must be
> >> > sufficient for a user to build and test the release provided they have
> >> > access to the appropriate platform and tools. <
> >> > http://www.apache.org/dev/release#what-must-every-release-contain>
> >> > >
> >> > > 2. A release isn't 'released' until the contents are in the
> project's
> >> > distribution directory, which is a subdirectory of
> www.apache.org/dist/
> >> <
> >> > http://www.apache.org/dev/release#where-do-releases-go>.
> >> > >
> >> > > 3. Every artifact distributed to the public through Apache channels
> >> MUST
> >> > be accompanied by one file containing an OpenPGP compatible ASCII
> armored
> >> > detached signature and another file containing an MD5 checksum. <
> >> > https://www.apache.org/dev/release-distribution.html#sigs-and-sums>
> >> > >
> >> > > What do we consider the source package for our releases?
> >> > > Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient
> to
> >> > build and test the release?
> >> >
> >> > Nope. A sources jar is a convenience for IDEs, it usually does not
> >> contain
> >> > build scripts and such. I am AFK so I am hoping someone can provide an
> >> > example.
> >> >
> >> > > Is the zip/gz just a convenience and is it still useful/required?
> >> >
> >> > That should contain almost everything that is in the repo except for
> >> things
> >> > like old files like proposal.html.
> >> >
> >> > > Or is it the reverse, the zip/gz is the release and the jars are the
> >> > convenience distributions?
> >> >
> >> > Yep. The release are the zip/gz sources. All binaries are
> conveniences.
> >> > Granted that without a Maven Central jar release, a component is not
> easy
> >> > to reuse.
> >> >
> >> > Gary
> >> >
> >> > >
> >> > > regards,
> >> > > chas
> >> >
> >>
> >>
> >>
> >> --
> >> Matt Sicker <[hidden email]>
> >>
> >
> >
> >
> > --
> > E-Mail: [hidden email] | [hidden email]
> > Java Persistence with Hibernate, Second Edition
> > <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
> >
> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1617290459>
> > JUnit in Action, Second Edition
> > <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22
> >
> >
> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182021>
> > Spring Batch in Action
> > <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
> 1935182951>
> > Blog: http://garygregory.wordpress.com
> > Home: http://garygregory.com/
> > Tweet! http://twitter.com/GaryGregory
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


--
Matt Sicker <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Commons release policy

Stian Soiland-Reyes
I think the hashes are important in the vote email as there can often
be multiple release candidates (locally or announced on dev@) -- and
it is not impossible to get it wrong as the files are all called the
same. While hashes can be used to detect malicious tampering, it's
more useful to detect accidental tampering.  I find it useful as a way
to "audit myself".


As Sebb points out, the .sha1 and .md5 files are intended for
transport verification (CRC32 in TCP/IP is not reliable enough, and
file might be incomplete) -  after all they come from the same server
- however the .asc files themselves may sometimes internally just
contain a signed sha1 checksum and so don't offer any
cryptographically stronger verification for tamper-proof-worried
consumers (See https://www.apache.org/dev/openpgp.html#sha1 - I seem
to be guilty here as well) .

Checksums say that you got the right file and are small enough to
include in emails/announcements, signatures says it's from the right
source.


To avoid man-in-the-middle attack (hi, Mallory!), you need to download
the KEYS file with https://www.apache.org/dist/commons/KEYS  (not
http://!), trust the standard SSL CA's, your OS distro and your local
government actors and ISPs.

You can choose to verify that file is signed by one of the many keys
imported (but maybe not cross-signed) into your ring (I count 151
@apache.org keys in my ring). On the other side, a copy-pastable sha1
checksum posted to a public mailing list with copies in archives
across the world is a bit more work to circumvent (and more
detectable).


When building a Docker image it's also easier/better to use a
hard-coded hash than a blind download of KEYS file and download - as
the signature would match even if you download the wrong file/version.
For instance:
https://github.com/stain/jena-docker/blob/master/jena/Dockerfile#L23


Sometimes I see votes where the folder on dist.apache.org don't even
have a "RC1" or similar in the folder name - then the votes can get
quite confusing as to which RC has been reviewed. The existence of the
hash files make it easy to check which file is meant to be there and
cross-check with the email and/or the Maven staging repository (e.g.
with curl or wget).


I think it should be possible to move to a model where we only use the
Nexus staging repository - which I think does self-checks of the .md5
and .sha1 files (and .asc against public PGP server?) -- perhaps
extend the Commons Build Maven plugin to release from staging-repo to
dist.apache.org -- it could ask for (or print out) the sha1 checksums
and perhaps even make the VOTE email. Too ambitious?

On 4 December 2016 at 20:51, Matt Sicker <[hidden email]> wrote:

> The .asc files should be used for verification. I don't even see the point
> of adding md5 hashes anymore. Most software repositories rely on gpg
> signatures instead nowadays.
>
> On 4 December 2016 at 07:44, sebb <[hidden email]> wrote:
>
>> The hashes are not intended for authentication, only for checking that
>> the download works OK.
>> So the strength of the algorithm is not relevant here.
>>
>> On 3 December 2016 at 20:02, Gary Gregory <[hidden email]> wrote:
>> > Well, getting SHA-1 hashes is not awesome either, we really need a plugin
>> > updated to use SHA-2/SHA-256
>> >
>> > Gary
>> >
>> > On Sat, Dec 3, 2016 at 11:57 AM, Matt Sicker <[hidden email]> wrote:
>> >
>> >> The source jar does just include the .java/.scala/etc. files along with
>> >> anything in src/main/resources/ (and anything else configured, though
>> this
>> >> is the default). I think that a source jar is required for distribution
>> on
>> >> maven central. Besides making releases on the /dist/ svn repo, there's
>> >> repository.apache.org which can also technically be used to download
>> maven
>> >> artifacts besides MC (plus I think bintray/jcenter mirrors everything on
>> >> MC).
>> >>
>> >> So basically, at the bare minimum, you need the source tarball/zip on
>> dist
>> >> which can be used by users to build usable artifacts from source using
>> the
>> >> relevant build tools and publicly available dependencies (which of
>> course
>> >> are licensed appropriately). All artifacts are signed along with at
>> least
>> >> an md5 hash, but I typically also see shaN hashes along with since md5
>> is
>> >> so old and broken (maybe this policy should be updated?). And then the
>> flow
>> >> from repository.apache.org to MC and elsewhere only contains the
>> compiled
>> >> jars, source jars, poms, and sometimes accompanying xml artifacts or
>> zips.
>> >>
>> >> On 3 December 2016 at 12:14, Gary Gregory <[hidden email]>
>> wrote:
>> >>
>> >> > On Dec 3, 2016 9:34 AM, "Charles Honton" <[hidden email]> wrote:
>> >> > >
>> >> > > To follow up the thread on releasing parent 42 and exactly what
>> needs
>> >> to
>> >> > signed, etc.  I’ve researched asf release policy.  Here’s the gist:
>> >> > >
>> >> > > 1. Every ASF release must contain a source package, which must be
>> >> > sufficient for a user to build and test the release provided they have
>> >> > access to the appropriate platform and tools. <
>> >> > http://www.apache.org/dev/release#what-must-every-release-contain>
>> >> > >
>> >> > > 2. A release isn't 'released' until the contents are in the
>> project's
>> >> > distribution directory, which is a subdirectory of
>> www.apache.org/dist/
>> >> <
>> >> > http://www.apache.org/dev/release#where-do-releases-go>.
>> >> > >
>> >> > > 3. Every artifact distributed to the public through Apache channels
>> >> MUST
>> >> > be accompanied by one file containing an OpenPGP compatible ASCII
>> armored
>> >> > detached signature and another file containing an MD5 checksum. <
>> >> > https://www.apache.org/dev/release-distribution.html#sigs-and-sums>
>> >> > >
>> >> > > What do we consider the source package for our releases?
>> >> > > Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient
>> to
>> >> > build and test the release?
>> >> >
>> >> > Nope. A sources jar is a convenience for IDEs, it usually does not
>> >> contain
>> >> > build scripts and such. I am AFK so I am hoping someone can provide an
>> >> > example.
>> >> >
>> >> > > Is the zip/gz just a convenience and is it still useful/required?
>> >> >
>> >> > That should contain almost everything that is in the repo except for
>> >> things
>> >> > like old files like proposal.html.
>> >> >
>> >> > > Or is it the reverse, the zip/gz is the release and the jars are the
>> >> > convenience distributions?
>> >> >
>> >> > Yep. The release are the zip/gz sources. All binaries are
>> conveniences.
>> >> > Granted that without a Maven Central jar release, a component is not
>> easy
>> >> > to reuse.
>> >> >
>> >> > Gary
>> >> >
>> >> > >
>> >> > > regards,
>> >> > > chas
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Matt Sicker <[hidden email]>
>> >>
>> >
>> >
>> >
>> > --
>> > E-Mail: [hidden email] | [hidden email]
>> > Java Persistence with Hibernate, Second Edition
>> > <https://www.amazon.com/gp/product/1617290459/ref=as_li_
>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
>> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>
>> >
>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
>> 1617290459>
>> > JUnit in Action, Second Edition
>> > <https://www.amazon.com/gp/product/1935182021/ref=as_li_
>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
>> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22
>> >
>> >
>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
>> 1935182021>
>> > Spring Batch in Action
>> > <https://www.amazon.com/gp/product/1935182951/ref=as_li_
>> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
>> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
>> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
>> > <http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=
>> 1935182951>
>> > Blog: http://garygregory.wordpress.com
>> > Home: http://garygregory.com/
>> > Tweet! http://twitter.com/GaryGregory
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> --
> Matt Sicker <[hidden email]>



--
Stian Soiland-Reyes
http://orcid.org/0000-0001-9842-9718

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Commons release policy

Matt Sicker
I usually include sha512 hashes in my release emails, but I try to remain
overly paranoid about cryptography. As for whether or not sha1 is still
useful for cryptographic signatures, the hash itself is encrypted in a
signature, so you still need access to the private key to create the
signature in the first place, so it's still as secure as the crypto
algorithm itself.

On 5 December 2016 at 11:36, Stian Soiland-Reyes <[hidden email]> wrote:

> I think the hashes are important in the vote email as there can often
> be multiple release candidates (locally or announced on dev@) -- and
> it is not impossible to get it wrong as the files are all called the
> same. While hashes can be used to detect malicious tampering, it's
> more useful to detect accidental tampering.  I find it useful as a way
> to "audit myself".
>
>
> As Sebb points out, the .sha1 and .md5 files are intended for
> transport verification (CRC32 in TCP/IP is not reliable enough, and
> file might be incomplete) -  after all they come from the same server
> - however the .asc files themselves may sometimes internally just
> contain a signed sha1 checksum and so don't offer any
> cryptographically stronger verification for tamper-proof-worried
> consumers (See https://www.apache.org/dev/openpgp.html#sha1 - I seem
> to be guilty here as well) .
>
> Checksums say that you got the right file and are small enough to
> include in emails/announcements, signatures says it's from the right
> source.
>
>
> To avoid man-in-the-middle attack (hi, Mallory!), you need to download
> the KEYS file with https://www.apache.org/dist/commons/KEYS  (not
> http://!), trust the standard SSL CA's, your OS distro and your local
> government actors and ISPs.
>
> You can choose to verify that file is signed by one of the many keys
> imported (but maybe not cross-signed) into your ring (I count 151
> @apache.org keys in my ring). On the other side, a copy-pastable sha1
> checksum posted to a public mailing list with copies in archives
> across the world is a bit more work to circumvent (and more
> detectable).
>
>
> When building a Docker image it's also easier/better to use a
> hard-coded hash than a blind download of KEYS file and download - as
> the signature would match even if you download the wrong file/version.
> For instance:
> https://github.com/stain/jena-docker/blob/master/jena/Dockerfile#L23
>
>
> Sometimes I see votes where the folder on dist.apache.org don't even
> have a "RC1" or similar in the folder name - then the votes can get
> quite confusing as to which RC has been reviewed. The existence of the
> hash files make it easy to check which file is meant to be there and
> cross-check with the email and/or the Maven staging repository (e.g.
> with curl or wget).
>
>
> I think it should be possible to move to a model where we only use the
> Nexus staging repository - which I think does self-checks of the .md5
> and .sha1 files (and .asc against public PGP server?) -- perhaps
> extend the Commons Build Maven plugin to release from staging-repo to
> dist.apache.org -- it could ask for (or print out) the sha1 checksums
> and perhaps even make the VOTE email. Too ambitious?
>
> On 4 December 2016 at 20:51, Matt Sicker <[hidden email]> wrote:
> > The .asc files should be used for verification. I don't even see the
> point
> > of adding md5 hashes anymore. Most software repositories rely on gpg
> > signatures instead nowadays.
> >
> > On 4 December 2016 at 07:44, sebb <[hidden email]> wrote:
> >
> >> The hashes are not intended for authentication, only for checking that
> >> the download works OK.
> >> So the strength of the algorithm is not relevant here.
> >>
> >> On 3 December 2016 at 20:02, Gary Gregory <[hidden email]>
> wrote:
> >> > Well, getting SHA-1 hashes is not awesome either, we really need a
> plugin
> >> > updated to use SHA-2/SHA-256
> >> >
> >> > Gary
> >> >
> >> > On Sat, Dec 3, 2016 at 11:57 AM, Matt Sicker <[hidden email]>
> wrote:
> >> >
> >> >> The source jar does just include the .java/.scala/etc. files along
> with
> >> >> anything in src/main/resources/ (and anything else configured, though
> >> this
> >> >> is the default). I think that a source jar is required for
> distribution
> >> on
> >> >> maven central. Besides making releases on the /dist/ svn repo,
> there's
> >> >> repository.apache.org which can also technically be used to download
> >> maven
> >> >> artifacts besides MC (plus I think bintray/jcenter mirrors
> everything on
> >> >> MC).
> >> >>
> >> >> So basically, at the bare minimum, you need the source tarball/zip on
> >> dist
> >> >> which can be used by users to build usable artifacts from source
> using
> >> the
> >> >> relevant build tools and publicly available dependencies (which of
> >> course
> >> >> are licensed appropriately). All artifacts are signed along with at
> >> least
> >> >> an md5 hash, but I typically also see shaN hashes along with since
> md5
> >> is
> >> >> so old and broken (maybe this policy should be updated?). And then
> the
> >> flow
> >> >> from repository.apache.org to MC and elsewhere only contains the
> >> compiled
> >> >> jars, source jars, poms, and sometimes accompanying xml artifacts or
> >> zips.
> >> >>
> >> >> On 3 December 2016 at 12:14, Gary Gregory <[hidden email]>
> >> wrote:
> >> >>
> >> >> > On Dec 3, 2016 9:34 AM, "Charles Honton" <[hidden email]> wrote:
> >> >> > >
> >> >> > > To follow up the thread on releasing parent 42 and exactly what
> >> needs
> >> >> to
> >> >> > signed, etc.  I’ve researched asf release policy.  Here’s the gist:
> >> >> > >
> >> >> > > 1. Every ASF release must contain a source package, which must be
> >> >> > sufficient for a user to build and test the release provided they
> have
> >> >> > access to the appropriate platform and tools. <
> >> >> > http://www.apache.org/dev/release#what-must-every-release-contain>
> >> >> > >
> >> >> > > 2. A release isn't 'released' until the contents are in the
> >> project's
> >> >> > distribution directory, which is a subdirectory of
> >> www.apache.org/dist/
> >> >> <
> >> >> > http://www.apache.org/dev/release#where-do-releases-go>.
> >> >> > >
> >> >> > > 3. Every artifact distributed to the public through Apache
> channels
> >> >> MUST
> >> >> > be accompanied by one file containing an OpenPGP compatible ASCII
> >> armored
> >> >> > detached signature and another file containing an MD5 checksum. <
> >> >> > https://www.apache.org/dev/release-distribution.html#sigs-and-sums
> >
> >> >> > >
> >> >> > > What do we consider the source package for our releases?
> >> >> > > Are the xxx-sources.jar,  xxx-test-sources.jar, and pom
> sufficient
> >> to
> >> >> > build and test the release?
> >> >> >
> >> >> > Nope. A sources jar is a convenience for IDEs, it usually does not
> >> >> contain
> >> >> > build scripts and such. I am AFK so I am hoping someone can
> provide an
> >> >> > example.
> >> >> >
> >> >> > > Is the zip/gz just a convenience and is it still useful/required?
> >> >> >
> >> >> > That should contain almost everything that is in the repo except
> for
> >> >> things
> >> >> > like old files like proposal.html.
> >> >> >
> >> >> > > Or is it the reverse, the zip/gz is the release and the jars are
> the
> >> >> > convenience distributions?
> >> >> >
> >> >> > Yep. The release are the zip/gz sources. All binaries are
> >> conveniences.
> >> >> > Granted that without a Maven Central jar release, a component is
> not
> >> easy
> >> >> > to reuse.
> >> >> >
> >> >> > Gary
> >> >> >
> >> >> > >
> >> >> > > regards,
> >> >> > > chas
> >> >> >
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Matt Sicker <[hidden email]>
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > E-Mail: [hidden email] | [hidden email]
> >> > Java Persistence with Hibernate, Second Edition
> >> > <https://www.amazon.com/gp/product/1617290459/ref=as_li_
> >> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&
> >> linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2
> b8>
> >> >
> >> > <http:////ir-na.amazon-adsystem.com/e/ir?t=
> garygregory-20&l=am2&o=1&a=
> >> 1617290459>
> >> > JUnit in Action, Second Edition
> >> > <https://www.amazon.com/gp/product/1935182021/ref=as_li_
> >> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&
> >> linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de4
> 18%22
> >> >
> >> >
> >> > <http:////ir-na.amazon-adsystem.com/e/ir?t=
> garygregory-20&l=am2&o=1&a=
> >> 1935182021>
> >> > Spring Batch in Action
> >> > <https://www.amazon.com/gp/product/1935182951/ref=as_li_
> >> tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&
> >> linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%
> >> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> >> > <http:////ir-na.amazon-adsystem.com/e/ir?t=
> garygregory-20&l=am2&o=1&a=
> >> 1935182951>
> >> > Blog: http://garygregory.wordpress.com
> >> > Home: http://garygregory.com/
> >> > Tweet! http://twitter.com/GaryGregory
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [hidden email]
> >> For additional commands, e-mail: [hidden email]
> >>
> >>
> >
> >
> > --
> > Matt Sicker <[hidden email]>
>
>
>
> --
> Stian Soiland-Reyes
> http://orcid.org/0000-0001-9842-9718
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


--
Matt Sicker <[hidden email]>