On 17 May 2016 at 17:57, Bernd <e...@zusammenkunft.net> wrote: > Hello, > > Thanks Josh! > > This is a binding +1 > > (however I have some minor optional points which could be fixed in another > RC or before releasing the repo): > > > 2016-05-12 5:29 GMT+02:00 Josh Elser <els...@apache.org>: > >> All, >> >> Please consider the following for Apache Commons VFS2 version 2.1 (rc2). >> >> Maven repository: >> https://repository.apache.org/content/repositories/orgapachecommons-1166 > > > - The files *.asc.md5 and *.asc.sha1 are normally deleted according to > commons procedure (not sure why).
Because they serve no purpose; they are just clutter. A .asc file is its own validator - if it is mangled, it won't be usable as a sig file. It is equivalent to creating *.md5.sha1 files. > I think you can do that before the repo > is submitted. Hopefully. Note that Maven did not create these hashes for the NET and Validator releases I created recently. It would be worth knowing what Maven version was used for the release. > + all *.sha1, *.md5 and *.asc verified in > orgapachecommons-1166/org/apache/commons/commons-vfs2-distribution/2.1/ > > >> >> Artifacts: https://dist.apache.org/repos/dist/dev/commons/vfs/ r13608 >> > >> MD5 commons-vfs-distribution-2.1-bin.tar.gz >> 8cc35a3169e1faee727c5af94c7dd904 >> SHA1 commons-vfs-distribution-2.1-bin.tar.gz >> 72b7557c4e8b1789b8aa0a9c1e0cb2c9daecec30 >> MD5 commons-vfs-distribution-2.1-src.tar.gz >> a182ac642874e85fbc7d1086f7663482 >> SHA1 commons-vfs-distribution-2.1-src.tar.gz >> e42ac2053deb314277213e43f6f1d6b43eff3de9 >> >> MD5 commons-vfs-distribution-2.1-bin.zip b512a45c63d824eef826f174fd7a9245 >> SHA1 commons-vfs-distribution-2.1-bin.zip >> 886cb5a430da58b3a68e2abf297b6f735d3ffaf0 >> MD5 commons-vfs-distribution-2.1-src.zip 29645a0ad091c15b2cf76b619c33069f >> SHA1 commons-vfs-distribution-2.1-src.zip >> 5824cf4d802865b5e93ff62c90affa58df6c4384 >> >> + verified > > >> Signed with 4677D66C from >> https://dist.apache.org/repos/dist/release/commons/KEYS > > > + verified > - PGP signature is SHA1 but I guess it is (still) fine > - Cant verify the key on a trusted path, but thats not a Commons > requirement. The KEYS file is stored in SVN, which gives traceability of who added what key. > > >> >> >> SVN tag is available at >> >> https://svn.apache.org/repos/asf/commons/proper/vfs/tags/commons-vfs2-project-2.1-rc2/ >> r1743451 >> >> Staged Maven website: >> http://home.apache.org/~elserj/commons/commons-vfs-2.1/ >> >> All reports are available in the provided staged Maven site (see "Project >> Reports" at the root-level as well as under each sub-module). >> JIRA-generated >> release notes are available in the dist.a.o "Artifacts" repository. Unit >> tests pass and the RC was built util JDK6. >> >> (For Sebb) A direct Clirr link >> >> http://home.apache.org/~elserj/commons/commons-vfs-2.1/commons-vfs2/clirr-report.html >> >> Changes since rc1: >> >> * Fixed more compatibility concerns against 2.0 (thanks, Greg) >> * Improved release notes (thanks, Sebb) >> >> This vote will be open for 72-hours, 2016/05/14 0400 UTC. >> >> [X ] +1 Release these artifacts as version 2.1 >> [ ] 0 OK, but... >> [ ] -1 I oppose these artifacts as version 2.1 because.. >> >> - Josh >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org