On 9/8/16, 4:12 PM, "Josh Tynjala" <[email protected]> wrote:
>To avoid this issue in the future, whichever ant target is used to create >a >binary release should probably clean everything first. Another potential >issue is that someone might modify their downloaded files to test >something >locally and forget to revert them. In other words, local modifications >could end up in a binary release without any kind of warning. If the full >binary release build forced a clean and re-downloaded dependencies, that >would handle both issues. For me, the GCL files are outside the ant folders so a clean wouldn't help. It is an interesting Apache-ism that they recommend building artifacts locally. It would be way more safe IMO to just ship something from the CI server. But that's also a reason that only the source artifact is an official release. The binary artifacts are harder to verify and thus aren't official releases, just a convenience. > >Can we update the binary release of 0.7.0? Or do we need to do a 0.7.1? As >far as I can tell, the source bits are fine because the downloads are part >of building from source. In this case, I think you can add that one file to the binary package, update the md5 files and sign it and push it back up there. -Alex
