On Sat, Jan 31, 2009 at 1:30 PM, Marcel Offermans <[email protected]> wrote: > Hey Karl, > > Thanks for your help on this! > > On Jan 31, 2009, at 13:09 , Karl Pauls wrote: > >> Seriously, nobody did say its easy to do releases - I agree with >> richard that it is more of a pain then it should be. Contributions to >> make it easier by doing some maven magic or writing a check/built >> script are more then welcome! > > I'll definitely add to the release page as I learn more.
Great! >>> For the signing process, I also followed the procedure. Can anyone tell >>> me >>> what went wrong there? Karl? >> >> I think you already figured it out. You need to have a LICENSE and >> NOTICE file in the root of your projects. Additionally, depending on >> your set-up you might need an >> >> <Include-Resource>META-INF/LICENSE=LICENSE,META-INF/NOTICE=NOTICE</Include-Resrouce> >> instruction in your poms to make them end-up in the jar artifacts. > > Ok, I seem to have to add that. > >> I guess the next step is to clean-up the release tags in svn and >> downgrade your version in trunk manually. Then you can redo the >> release. Ping me when you need more help. > > I'm a bit puzzled about that downgrading message. You mean I can still try > to fix 2.0.0 and re-open the vote? I did remove the release tags for now. Well, i don't think that there is a clear rule on this one. If you want to follow the process as we did it most of the times then you wouldn't need to downgrade and do a new release with a higher version number (maybe 3.0 if you want a major release). In any case, the release tags need to be removed. >>>>> p.s.: Additionally, I don't think the key that was used for signing is >>>>> in the KEYS file. > > Could you please explain this, as I did add my key to the KEYS file. Also, > when I verify the signature on one of the release files it says: How did you add it and to which file. I see a key at the end of the file but it doesn't have a header (i.e., your name doesn't appear). Maybe you did forget a --armor or something just went wrong? Also, it might be just me and my set-up - could somebody else try whether the KEYS file works and let us know for sure? > $ gpg org.apache.felix.dependencymanager-2.0.0.jar.asc > gpg: Signature made Wed Jan 28 22:29:37 2009 CET using DSA key ID C5E9604F > gpg: Good signature from "Marcel Offermans (CODE SIGNING KEY) > <[email protected]>" Yes, but that would be running against your local keyring which contains your key already.... regards, Karl > Greetings, Marcel > > -- Karl Pauls [email protected]
