Ah, yes, the binary release was disabled with the ivy work, due to external dependencies. In any case the additional work would only delay release.
And here I was testing everything to make sure the classdep build bug hadn't dropped any classes from jar files. So this release will only contain source and documentation artifacts. Still it's a step in the right direction. Come on pmc members, River needs you. River is more relevant today than it was in 2007. IPv6 is making it more relevant, by lifting capability restrictions and simplifying network configuration. It is possible to address all of the following in a backward compatible way in future releases: 1. IPv6 Multicast Discovery (external reference implementation) 2. Unicast https discovery (ext ref impl) 3. Tool to generate security policy files (ext ref impl) to simplify user config. 4. ServiceRegistrar default methods to authenticate services prior to download. Offloads smart proxy and Entry downloads from Reggie to services, also delays unmarshalling improving client performance (ext ref impl). 5. Input validation of untrusted serial data for java deserialization. (ext ref impl). 6 Upgrade to TLSv1.2, support for elliptic curve crypto and perfect forward secrecy. (ext ref impl). 7. Deprecation of complex inadequate proxy trust. The above not only allows new capabilities such as p2p over the IPv6 net, but hardens and simplifies security. Regards, Peter. Sent from my Samsung device. Include original message ---- Original message ---- From: Peter <j...@zeus.net.au> Sent: 02/09/2016 07:14:47 am To: dev@river.apache.org <dev@river.apache.org> Subject: Re: release artifacts The release artifacts contain source code, the binaries are there for user convenience. I could use the new X500 Certificate to sign the jars, this was purchased by the Apache Foundation for this purpose. Regards, Peter. Sent from my Samsung device. Include original message ---- Original message ---- From: Patricia Shanahan <p...@acm.org> Sent: 01/09/2016 11:31:01 pm To: dev@river.apache.org Subject: Re: release artifacts How many PMC members are ready and willing to build and test, so that they can upvote the release? Peter: Why jar files in the release? Isn't it supposed to be source code? On 9/1/2016 4:57 AM, Peter Firmstone wrote: > Getting another set of release artifacts 4 River3 ready and have run all >tests again, need to generate pgp signatures on weekend. > > Decided not to use X500 release cert to sign jar files this release to >prevent holding up progress, since I haven't worked out how others can verify >release artifacts as the pgp signatures will be different when comparing >artifacts containing signed jars with those that don't, then there's the issue >of how to integrate it into the build process. > > Regards, > > Peter. > > Sent from my Samsung device. > >
