Author: schor Date: Mon Oct 15 16:02:55 2018 New Revision: 1843922 URL: http://svn.apache.org/viewvc?rev=1843922&view=rev Log: update maven-design to indicate better how artifact signing is done, and special signing for source-release.
Modified: uima/site/trunk/uima-website/docs/maven-design.html uima/site/trunk/uima-website/xdocs/maven-design.xml Modified: uima/site/trunk/uima-website/docs/maven-design.html URL: http://svn.apache.org/viewvc/uima/site/trunk/uima-website/docs/maven-design.html?rev=1843922&r1=1843921&r2=1843922&view=diff ============================================================================== --- uima/site/trunk/uima-website/docs/maven-design.html (original) +++ uima/site/trunk/uima-website/docs/maven-design.html Mon Oct 15 16:02:55 2018 @@ -489,9 +489,8 @@ our svn tree, in a top level directory n should be "buildable" by doing "mvn install", etc. in the unzipped directory. </p> <p><code>source-release.zip</code> files for multi-project aggregates (such as the main - UIMA SDK) are built only at the top (root) level; the pom for that level typically specifies - to skip the deploy to maven-central, so the convenience packages and the source-release.zip are not deployed - there, but instead are distributed via Apache's mirror system. + UIMA SDK) are built only at the top (root) level and are not "attached" so it is + not uploaded to maven for distribution, but instead is distributed via Apache's mirror system. </p> <p> The release process happens when the commands <code>mvn release:prepare</code> followed by @@ -502,8 +501,14 @@ our svn tree, in a top level directory n You can debug this process without doing a release, by adding the parameter <code>-Papache-release</code> to the non-release Maven build commands. </p> - <p>All artifacts have gpg signatures, as well as .sha512 checksums. These are typically created during the build - process for the main artifact, all attached artifacts, and the pom.</p> + <p>For apache-releases (triggered with the apache-release profile), all artifacts + get signed with gpg signatures, as well as with .sha512 checksums. + These are created during the build for the top level project, when + the apache-release profile is specified, or when the mvn release plugin is run. + Most of the signatures happen because of the gpg plugin and the + checsum-maven-plugin, but the source-release.zip artifact has its own + special antrun task since it's not attached. + </p> <h2>LICENSE and NOTICE files</h2> <p> Things that are distributed from Apache need LICENSE and NOTICE files. We have several kinds Modified: uima/site/trunk/uima-website/xdocs/maven-design.xml URL: http://svn.apache.org/viewvc/uima/site/trunk/uima-website/xdocs/maven-design.xml?rev=1843922&r1=1843921&r2=1843922&view=diff ============================================================================== --- uima/site/trunk/uima-website/xdocs/maven-design.xml (original) +++ uima/site/trunk/uima-website/xdocs/maven-design.xml Mon Oct 15 16:02:55 2018 @@ -215,9 +215,8 @@ our svn tree, in a top level directory n should be "buildable" by doing "mvn install", etc. in the unzipped directory. </p> <p><code>source-release.zip</code> files for multi-project aggregates (such as the main - UIMA SDK) are built only at the top (root) level; the pom for that level typically specifies - to skip the deploy to maven-central, so the convenience packages and the source-release.zip are not deployed - there, but instead are distributed via Apache's mirror system. + UIMA SDK) are built only at the top (root) level and are not "attached" so it is + not uploaded to maven for distribution, but instead is distributed via Apache's mirror system. </p> <p> @@ -230,8 +229,14 @@ our svn tree, in a top level directory n <code>-Papache-release</code> to the non-release Maven build commands. </p> - <p>All artifacts have gpg signatures, as well as .sha512 checksums. These are typically created during the build - process for the main artifact, all attached artifacts, and the pom.</p> + <p>For apache-releases (triggered with the apache-release profile), all artifacts + get signed with gpg signatures, as well as with .sha512 checksums. + These are created during the build for the top level project, when + the apache-release profile is specified, or when the mvn release plugin is run. + Most of the signatures happen because of the gpg plugin and the + checsum-maven-plugin, but the source-release.zip artifact has its own + special antrun task since it's not attached. + </p> <h2>LICENSE and NOTICE files</h2> <p>