On Sat, Sep 18, 2010 at 5:09 PM, Ryan McKinley <ryan...@gmail.com> wrote:
> > I cannot in good conscience sign with my key, nor vote over any maven > > artifacts. I noticed these guides only mentioned how to upload (which > itself > > seems extremely complex). But nowhere do i see 'how do you test that your > > artifacts are correct'. And thats really the main problem I have with our > > maven support. > > I understand what you are worried about... and think we can avoid it. > How about: > > 1. Keep the "generate-maven-artifacts" in the release. This just > copies the "official" jar files to a special directory structure (same > keys etc) > 2. The RM just makes a zip or copies that folder somewhere. (perhaps > to their own ~people folder) > 3. Someone else get that into the repo > > I think it is important to *try* to have the "official" jar files in > the maven repositories -- we have scripts that get that mostly right. > In the past when we have errors it is just the pom files that get > edited (these are the files that say what the other files/dependencies > are). If we remove the "generate-maven-artifacts" task, then without > writing lots of new scripts (uggg) the jar files in the maven repos > will be a different build. > > Does that sound OK? > > it sounds like it only solves 'part 2: uploading'. i want to solve 'part 1: verifying artifacts are correct before signing/uploading at all'. to me, maven is nothing more than a contrib with no unit tests. it needs tests so we know it is working. -- Robert Muir rcm...@gmail.com
