Do we need to sign snapshots too? If so, how do other ASF projects deal with automated snapshot deployment?
A. On Sun, May 12, 2013 at 3:00 AM, Olivier Lamy <[email protected]> wrote: > Hi, > You say ".... staging/releases ...". > Really ? > You want to share a gpg key which can sign official Apache release in > an external system where you don't have any control on who has access > and read files ? > Not sure asf infra folks will agree (note I'm usually less security > paranoid than infra folks as my wife can access to my laptop :-) ) > > > 2013/5/12 Adrian Cole <[email protected]>: > > I opened https://issues.apache.org/jira/browse/INFRA-6260 to see what > infra > > folks will say :) > > > > Thanks for starting the wheels on this, Andrew. > > > > -A > > > > > > On Fri, May 10, 2013 at 5:16 PM, Andrew Bayer <[email protected] > >wrote: > > > >> And re: creds - as I asked on JCLOUDS-15 - what creds should we be using > >> for deploying from a Jenkins other than the main ASF one? I don't really > >> want to put my own creds in settings.xml (and for that matter, we'd > have to > >> make sure we can make changes to the settings.xml on the CloudBees > dynamic > >> slaves)... > >> > >> A. > >> > >> On Fri, May 10, 2013 at 3:47 PM, Andrew Bayer <[email protected] > >> >wrote: > >> > >> > https://issues.apache.org/jira/browse/INFRA-6254 opened to get push > >> > rights. > >> > > >> > A. > >> > > >> > > >> > On Fri, May 10, 2013 at 10:17 AM, Adrian Cole < > [email protected] > >> >wrote: > >> > > >> >> ok I created a jira with the steps as I understand them. > >> >> > >> >> Anybody available to run them through? > >> >> > >> >> https://issues.apache.org/jira/browse/JCLOUDS-15 > >> >> > >> >> -A > >> >> > >> >> > >> >> On Thu, May 9, 2013 at 6:44 PM, Suresh Marru <[email protected]> > wrote: > >> >> > >> >> > On May 9, 2013, at 7:04 PM, Olivier Lamy <[email protected]> wrote: > >> >> > > >> >> > > Hi, > >> >> > > > >> >> > > We must inherit the Apache parent pom. > >> >> > > > >> >> > > <parent> > >> >> > > <groupId>org.apache</groupId> > >> >> > > <artifactId>apache</artifactId> > >> >> > > <version>13</version> > >> >> > > </parent> > >> >> > > > >> >> > > Then have this section in your pom: > >> >> > > <server> > >> >> > > <id>apache.snapshots.https</id> > >> >> > > <username></username> > >> >> > > <password></password> > >> >> > > </server> > >> >> > > > >> >> > > With username/password ASF valid ones. > >> >> > > >> >> > Its highly recommended to have this server settings in maven > >> >> settings.xml > >> >> > as described in - > >> >> > http://www.apache.org/dev/publishing-maven-artifacts.html#dev-env > >> >> > > >> >> > We need to craft some releases instructions. Unfortunately i only > have > >> >> svn > >> >> > based release experience, I do not think git will be much different > >> but > >> >> > need to make sure how the automate tags work. Here is an example - > >> >> > http://airavata.apache.org/development/release-management.html > >> >> > > >> >> > Suresh > >> >> > > >> >> > > > >> >> > > I think we have to change the groupId to something like > >> >> > org.apache.jclouds. > >> >> > > Then load an infra issue for setup this groupId. > >> >> > > > >> >> > > The trouble is still the user/password store somewhere (doh you > will > >> >> > > think I'm security paranoid :-) ). > >> >> > > But the Jenkins asf instance use a generic user/password so > deploy > >> to > >> >> > > asf snapshot repo is easy. > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > > >> >> > > 2013/5/10 Adrian Cole <[email protected]>: > >> >> > >> Hi, team. > >> >> > >> > >> >> > >> relating to: https://issues.apache.org/jira/browse/JCLOUDS-4 > >> >> > >> > >> >> > >> We are now publishing snapshots of 1.5.x, 1.6.x, and 1.7.x to > >> >> sonatype > >> >> > from > >> >> > >> our ASF repositories. I've tentatively set the build fail > email to > >> >> dev. > >> >> > >> > >> >> > >> Note that karaf build has been broke for some time, so this is > >> >> hopefully > >> >> > >> one of the first fixes we can address here! > >> >> > >> > >> >> > >> Cheers, > >> >> > >> -A > >> >> > > > >> >> > > > >> >> > > > >> >> > > -- > >> >> > > Olivier Lamy > >> >> > > Ecetera: http://ecetera.com.au > >> >> > > http://twitter.com/olamy | http://linkedin.com/in/olamy > >> >> > > >> >> > > >> >> > >> > > >> > > >> > > > > -- > Olivier Lamy > Ecetera: http://ecetera.com.au > http://twitter.com/olamy | http://linkedin.com/in/olamy >
