Sure, I can remake the email, but the binaries are fine. I made a little tool for myself and I'll just use the template from the website.
The SHA1 I took was for the release which is the value that's interpolated into the build.properties. On Sep 9, 2013, at 3:56 PM, Stephen Connolly <[email protected]> wrote: > On 8 September 2013 18:51, Jason van Zyl <[email protected]> wrote: > >> >> On Sep 8, 2013, at 1:12 PM, sebb <[email protected]> wrote: >> >>> I thought you were going to include the SCM coordinates used to create >>> the tarballs? >>> >> >> Sorry, not intentional. I forgot. >> >>> It's particularly important here, because AFAICT the SCM coordinates >>> are not present in the POM. >>> If true, then it's not possible to verify the files in the source >> tarballs. >>> >> >> I hash is always in the distribution, it's how we show where it comes from >> when you type "mvn -v". It's in the build properties in the core JAR and >> the hash in there is: >> >> c9950d777c7368e51431500c29aecf1e11e3d2c6 >> > > Is that the SHA1 of the src.zip and src.tar.gz or is it the SHA1 of the git > commit. > > What we are looking for on the vote emails is the SHA1 and MD5 of the > src.zip and src.tar.gz so that interested parties can verify that the vote > was against the source distribution that ends up in dist and central. Since > the staging repository is deleted as part of the release process, and since > what the PMC is voting on is the source bundles, we need the vote email to > specify the hashes of the source bundle *for the record*... > > Of course this is really easy to do as Maven helpfully uploads the hashes > to the staging repository, but since "it didn't happen if it wasn't on a > mailing list" (stephenc rolls his eyes) we need the release manager to > ensure that the vote has this required information. > > Note: The commit hash is really nice to have, but is not part of the > minimum set of required information, and we are trying to stick to minimum > procedure. So we don't look for that *even* if other people think we should. > > >> >>> Also, AFAIK, the PMC agreed to include hashes of the tarballs in vote >> e-mails? >>> >>> On 8 September 2013 14:07, Jason van Zyl <[email protected]> wrote: >>>> Hi, >>>> >>>> Here is a link to Jira with 6 issues resolved: >>>> >> https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500&version=18968 >>>> >>>> Staging repo: >>>> https://repository.apache.org/content/repositories/maven-016/ >>>> >>>> The distributable binaries and sources for testing can be found here: >>>> >> https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/ >>>> >>>> Specifically the zip, tarball, and source archives can be found here: >>>> >> https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.zip >>>> >> https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-bin.tar.gz >>>> >> https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.zip >>>> >> https://repository.apache.org/content/repositories/maven-016/org/apache/maven/apache-maven/3.1.1/apache-maven-3.1.1-src.tar.gz >>>> >>>> Vote open for 72 hours. >>>> >>>> [ ] +1 >>>> [ ] +0 >>>> [ ] -1 >>>> >>>> Thanks, >>>> >>>> The Maven Team >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >> >> Thanks, >> >> Jason >> >> ---------------------------------------------------------- >> Jason van Zyl >> Founder, Apache Maven >> http://twitter.com/jvanzyl >> --------------------------------------------------------- >> >> >> >> >> >> >> >> Thanks, Jason ---------------------------------------------------------- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl ---------------------------------------------------------
