[jira] [Commented] (LUCENE-5143) rm or formalize dealing with "general" KEYS files in our dist dir

Tue, 14 Feb 2017 15:25:10 -0800 

    [ 
https://issues.apache.org/jira/browse/LUCENE-5143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15866911#comment-15866911
 ] 

Jan Høydahl commented on LUCENE-5143:
-------------------------------------

To bring closure, I propose the following

* We delete these: {{lucene/java/KEYS}}, {{lucene/solr/KEYS}}
* We update https://archive.apache.org/dist/lucene/KEYS and make sure it 
contains all keys ever used for signing a release
* We stop publishing KEYS to every release dir. Instead the RM will only need 
to make sure that his/her *own* key is in the file. Never remove keys, only add.
* https://wiki.apache.org/lucene-java/ReleaseTodo should probably be updated to 
clarify

I think this is in-line with 
https://www.apache.org/dev/release-signing.html#keys-policy

> rm or formalize dealing with "general" KEYS files in our dist dir
> -----------------------------------------------------------------
>
>                 Key: LUCENE-5143
>                 URL: https://issues.apache.org/jira/browse/LUCENE-5143
>             Project: Lucene - Core
>          Issue Type: Task
>            Reporter: Hoss Man
>
> At some point in the past, we started creating a snapshots of KEYS (taken 
> from the auto-generated data from id.apache.org) in the release dir of each 
> release...
> http://www.apache.org/dist/lucene/solr/4.4.0/KEYS
> http://www.apache.org/dist/lucene/java/4.4.0/KEYS
> http://archive.apache.org/dist/lucene/java/4.3.0/KEYS
> http://archive.apache.org/dist/lucene/solr/4.3.0/KEYS
> etc...
> But we also still have some "general" KEYS files...
> https://www.apache.org/dist/lucene/KEYS
> https://www.apache.org/dist/lucene/java/KEYS
> https://www.apache.org/dist/lucene/solr/KEYS
> ...which (as i discovered when i went to add my key to them today) are stale 
> and don't seem to be getting updated.
> I vaguely remember someone (rmuir?) explaining to me at one point the reason 
> we started creating a fresh copy of KEYS in each release dir, but i no longer 
> remember what they said, and i can't find any mention of a reason in any of 
> the release docs, or in any sort of comment in buildAndPushRelease.py
> we probably do one of the following:
>  * remove these "general" KEYS files
>  * add a disclaimer to the top of these files that they are legacy files for 
> verifying old releases and are no longer used for new releases
>  * ensure these files are up to date stop generating per-release KEYS file 
> copies
>  * update our release process to ensure that the general files get updated on 
> each release as well



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to