Hi, I followed the release-signing <https://infra.apache.org/release-signing.html> doc and created a key for signing and hashing.
I have a few questions: 1. Should the KEYS file also be added to the project root directory on Github? ( I saw it in Apache Ant) 2. I saw in release-policy_upload-ci <http://www.apache.org/legal/release-policy.html#upload-ci> that we need to add a release candidate to https://dist.apache.org/repos/dist/*dev*/<TLP name>/. However, there does not seem to be a directory with Sedona as the TLP name. How may we be able to get a directory with that name? (Also for the *release*) 3. Do we need to push the artifacts also to ASF Nexus Repository (beside Maven Central)? Thanks. On Mon, 2 Nov 2020 at 19:21, Netanel Malka <[email protected]> wrote: > Thanks Felix. > > I would be delighted to help. > I can start with the GPG. > Can I test it on a some artifact, or I need to wait for the first release? > > > On Mon, 2 Nov 2020 at 03:17, Felix Cheung <[email protected]> wrote: > >> Great progress! >> >> To add, >> A) I’d strongly recommend the WIP disclaimer - it would be much easier to >> pass with in the first release >> https://incubator.apache.org/policy/incubation.html#disclaimers >> >> B) more info in signing, checksum >> https://infra.apache.org/release-signing.html >> >> C) signing key should be individual’s and (public key ) published and also >> listed in KEYS file - KEYS file should be located next to the staging >> (and >> later release) location, see above >> >> D) “correct place” - this is in reference to ASF officIal staging server >> http://www.apache.org/legal/release-policy.html#stage >> And can be “uploaded” by committing to svn >> http://www.apache.org/legal/release-policy.html#upload-ci >> >> E) python / PyPI - >> https://incubator.apache.org/guides/distribution.html#pypi >> >> >> >> On Sun, Nov 1, 2020 at 2:17 PM Jia Yu <[email protected]> wrote: >> >> > Hi Netanel, Pawel and other committers, >> > >> > While Pawel is working on Python code of Sedona 1.0, let's focus on >> other >> > parts required by the release. Netanel, can you help me with all the ASF >> > incubator requirement items that are not DONE? >> > >> > *Here is a checklist for our first Sedona release* >> > >> > *ASF incubator requirement >> > (https://incubator.apache.org/guides/releasemanagement.html >> > <https://incubator.apache.org/guides/releasemanagement.html>, we >> probably >> > should read ASF release requirement as well):* >> > >> > 1 .Include the word incubating in the release file name: DONE. Please >> see >> > the POM.xml in all directories. >> > >> > 2. Include an ASF LICENSE and NOTICE file: DONE. Please see the GitHub >> > repo. >> > >> > 3. Have valid checksums or signatures: I believe signature should be >> done >> > by the GPG key. Not sure about the checksum. I am also not sure about >> the >> > GPG key requirement of ASF. I use GPG key to sign releases of GeoSpark >> in >> > the past. >> > >> > 4. Be placed in the correct place on the ASF’s infrastructure: we should >> > place our releases in two places: Maven, and PyPi. Not sure how to >> relate >> > them to ASF. >> > >> > 5. Have a KEYS file to validate the release: this should be the public >> key >> > of our GPG key? >> > >> > *Sedona requirement* >> > >> > 1. Python path name, file headers, and jars >> > 2. Project website docs: documentation should use the name, Sedona, in >> all >> > tutorials. We should also include the situation of GeoTools >> dependencies. >> > >> > Thanks, >> > Jia >> > >> > >> > On Wed, Oct 14, 2020 at 10:08 PM Jia Yu <[email protected]> wrote: >> > >> > > Hi folks, >> > > >> > > We will be working on the first Sedona. Please see the JIRA ticket >> here: >> > > >> > >> https://issues.apache.org/jira/projects/SEDONA/issues/SEDONA-3?filter=allopenissues >> > > >> > > Do you think there are any outstanding issues to be fixed as well? >> > > >> > > Thanks, >> > > Jia >> > > >> > >> > > > -- > Best regards, > Netanel Malka. > -- Best regards, Netanel Malka.
