Agreed on all points regarding the zip.
Since you offered, I updated the scripts to require it and the sha512 noted
below :-)
The verification includes verifying the tar.gz and zip contents are the same.
On another topic, [1] says the suffix MUST be sha512 for a SHA 512 sum (which
in fact is what the file contains)
apache-edgent-1.2.0-incubating-source-release.tar.gz.sha1
So that needs be changed in the staging area in addition to staging the zip and
its sums/sig.
Thanks!
— Dale
[1] http://www.apache.org/dev/release-distribution#sigs-and-sums
> On Dec 6, 2017, at 2:35 PM, Christofer Dutz <[email protected]> wrote:
> ...
> I just had a look at what the script was looking for. If releasing tar and
> zip i think we would have to do the checking for both types. I can add the
> other zip easily. But in that Case i would suggest adding that to the script
> and add one check to make sure the content is identical. Would be good If we
> could be sure we need to detail-check only one.
> ...
> From: Dale LaBossiere <[email protected]>
> ...
> -Papache-release also generates a zip. I had expected we’d be releasing that
> too but it isn’t staged.
> At this time I’m fine if we just continue 1.2.0 with only the tar.gz but if
> you also want to stage the zip that's fine too.
>
> I just need to know which way we’re going because I need to adjust the
> “downloads” website page accordingly.
