> On June 30, 2014, 4:26 p.m., Jakob Homan wrote: > > RELEASE.md, line 35 > > <https://reviews.apache.org/r/23129/diff/1/?file=619416#file619416line35> > > > > Something I wasn't clear on re: signing git commits or tags - what > > happens if you lose the key and need to revoke it? Are those commits/tags > > still valid?
I think revoking the key wouldn't have any bad effect; you should still be able to check out the tag, it just means that if you verify the signature on the tag, it'll say that the signature was generated by a revoked key. (Assuming that the user actually finds out about the revocation. I'm not convinced that OpenPGP's key revocation actually works.) The signature is really an optional add-on. It's probably only useful if the repository is accessed through an untrusted mirror, to avoid the mirror tampering with the repository contents. > On June 30, 2014, 4:26 p.m., Jakob Homan wrote: > > gradle/release.gradle, line 53 > > <https://reviews.apache.org/r/23129/diff/1/?file=619419#file619419line53> > > > > How does one test this, ie publish to a local maven location, rather > > than Apache's Nexus? In Kafka I was setting > > mavenUrl=file://localhost/tmp/myRepo in .gradle/gradle.properties. Would > > that work here as well? I tested it by simply pushing to Apache's Nexus, which creates a staging repository (which you can then drop again, without affecting the public repository). However, the file URL works too -- good idea. I'll add a comment to that end. - Martin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23129/#review46988 ----------------------------------------------------------- On June 27, 2014, 4:49 p.m., Martin Kleppmann wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/23129/ > ----------------------------------------------------------- > > (Updated June 27, 2014, 4:49 p.m.) > > > Review request for samza. > > > Repository: samza > > > Description > ------- > > SAMZA-199: Publish Maven builds as part of release > > > Diffs > ----- > > RELEASE.md 3d34f9f09adcdf08d0944859cae3ce13150ca6d3 > build.gradle f728330712110e1d6edf0e285bd181f9605303c0 > gradle/buildscript.gradle 1de8e871e368b6a6473f7a0937b18163bde94eb4 > gradle/release.gradle 751255f88f7e7249ded99d3cc9a35493122e4b7b > > Diff: https://reviews.apache.org/r/23129/diff/ > > > Testing > ------- > > > Thanks, > > Martin Kleppmann > >
