Thanks for bringing these up! > this fixes everything but the signing key used issue https://github.com/apache/cassandra-in-jvm-dtest-api/pull/2 Great, I'll just merge this together with my branch to master to have a ref. Thank you for taking time to resolve these.
> * Source artifacts does not compile. They depend on snapshot dependency, see below. I did mention this explicitly in my original email. There's no Cassandra artifact and we can not release it yet because it depends on this repository. To resolve this, I'll remove tests and dependency on cassandra jar for now just to publish. These tests won't do us any good here until Cassandra artifacts are released anyways. > * There's no copyright or NOTICE file in source jar artifact. I'll double-check, but I do not remember this mentioned in the Apache guide I've followed, it's worth adding this information there if it's missing. > * What key has been used to sign? Can you provide more specific details on that? Apache guide I've followed said you have to sign with your own key, which was what I've done. If this is not the case, it'd be great to know which key I should use. I did upload public key to ubuntu keystore for verification to. > * The scm SHA is not mentioned in the vote. True; branch is not merged since Cassandra patch that depends on it is not finalized. But to comply to Apache processes we can just merge the branch. > * There's a ".git" directory in the source jar artifact. Interesting. I've used `mvn release:prepare/perform`, and expected it to take care of it. On Fri, Mar 20, 2020 at 7:39 PM Mick Semb Wever <m...@apache.org> wrote: > > The vote will be open for 72 hours (longer if needed). Everyone who has > > tested the build is invited to vote. Votes by PMC members are considered > > binding. A vote passes if there are at least three binding +1s. > > > > > -1 > > A few things here don't meet the requirements. > > * There's no copyright or NOTICE file in source jar artifact. > * The license is not present in all files (eg AssertUtils.java) > * What key has been used to sign? > * Source artifacts does not compile. They depend on snapshot dependency, > see below. > * There's a ".git" directory in the source jar artifact. > > Additionally, > * `mvn rat:check` does not pass. (relates back to license and .git > directory) > * There's unnecessary duplicate source artifacts. > * The source zip file does not have sha256 or sha512 checksums. > * The contents of the source zip artifact do not match what's in scm. > * The scm SHA is not mentioned in the vote. > * Where's the scm tag for this scm SHA? > * Erroneous `.asc.asc` files. > > > The build failure I get is: > ``` > [ERROR] Failed to execute goal on project dtest-api: Could not resolve > dependencies for project org.apache.cassandra:dtest-api:jar:0.0.4-SNAPSHOT: > Could not find artifact > org.apache.cassandra:in-jvm-dtest-cassandra-tryout:jar:0.0.1-2.2-1 in > central (https://repo.maven.apache.org/maven2) -> [Help 1] > ``` > > The source zip artifact can just be removed (not generated) as there's no > need (afaik) for any artifacts outside of the maven repository. But add > those manually added files into git. This will solve the sha256 and sha512 > problem, and that the build that doesn't match scm contents. > > > I've got a few hours in front of me and will try to send some PRs to fix > what I can here. > > regards, > Mick > -- alex p
