1) No you don’t need KEYS file in github only on the release share
https://dist.apache.org/repos/dist/dev/incubator/

2) as podling you add to
https://dist.apache.org/repos/dist/dev/incubator/
When you commit via svn you will be able to add a “directory” for Sedona

2a) for release, you basically do a svn rename to move from dev to release
“path”

3) if you have java based artifacts, yes. You will publish to Nexus,
staging first and when release is signed off, you can click on the
interface to make it official, which then automatically sync to Maven
central.

Here is a script for example that does release signing and publication to
Nexus (and staging before release)
https://github.com/apache/spark/blob/master/dev/create-release/release-build.sh


On Wed, Nov 4, 2020 at 2:50 AM Netanel Malka <netanel...@gmail.com> wrote:

> Hi,
>
> I followed the release-signing
> <https://infra.apache.org/release-signing.html> doc and created a key for
> signing and hashing.
>
> I have a few questions:
>
>    1. Should the KEYS file also be added to the project root directory on
>    Github? ( I saw it in Apache Ant)
>    2. I saw in release-policy_upload-ci
>    <http://www.apache.org/legal/release-policy.html#upload-ci> that we
> need
>    to add a release candidate to https://dist.apache.org/repos/dist/*dev*/
> <TLP
>    name>/. However, there does not seem to be a directory with Sedona as
> the
>    TLP name. How may we be able to get a directory with that name? (Also
> for
>    the *release*)
>    3. Do we need to push the artifacts also to ASF Nexus Repository (beside
>    Maven Central)?
>
>
> Thanks.
>
> On Mon, 2 Nov 2020 at 19:21, Netanel Malka <netanel...@gmail.com> wrote:
>
> > Thanks Felix.
> >
> > I would be delighted to help.
> > I can start with the GPG.
> >  Can I test it on a some artifact, or I need to wait for the first
> release?
> >
> >
> > On Mon, 2 Nov 2020 at 03:17, Felix Cheung <felixche...@apache.org>
> wrote:
> >
> >> Great progress!
> >>
> >> To add,
> >> A) I’d strongly recommend the WIP disclaimer - it would be much easier
> to
> >> pass with in the first release
> >> https://incubator.apache.org/policy/incubation.html#disclaimers
> >>
> >> B) more info in signing, checksum
> >> https://infra.apache.org/release-signing.html
> >>
> >> C) signing key should be individual’s and (public key ) published and
> also
> >> listed in KEYS file - KEYS file  should be located next to the staging
> >> (and
> >> later release) location, see above
> >>
> >> D) “correct place” - this is in reference to ASF officIal staging server
> >> http://www.apache.org/legal/release-policy.html#stage
> >> And can be “uploaded” by committing to svn
> >> http://www.apache.org/legal/release-policy.html#upload-ci
> >>
> >> E) python / PyPI -
> >> https://incubator.apache.org/guides/distribution.html#pypi
> >>
> >>
> >>
> >> On Sun, Nov 1, 2020 at 2:17 PM Jia Yu <ji...@apache.org> wrote:
> >>
> >> > Hi Netanel, Pawel and other committers,
> >> >
> >> > While Pawel is working on Python code of Sedona 1.0, let's focus on
> >> other
> >> > parts required by the release. Netanel, can you help me with all the
> ASF
> >> > incubator requirement items that are not DONE?
> >> >
> >> > *Here is a checklist for our first Sedona release*
> >> >
> >> > *ASF incubator requirement
> >> > (https://incubator.apache.org/guides/releasemanagement.html
> >> > <https://incubator.apache.org/guides/releasemanagement.html>, we
> >> probably
> >> > should read ASF release requirement as well):*
> >> >
> >> > 1 .Include the word incubating in the release file name: DONE. Please
> >> see
> >> > the POM.xml in all directories.
> >> >
> >> > 2. Include an ASF LICENSE and NOTICE file: DONE. Please see the GitHub
> >> > repo.
> >> >
> >> > 3. Have valid checksums or signatures: I believe signature should be
> >> done
> >> > by the GPG key. Not sure about the checksum. I am also not sure about
> >> the
> >> > GPG key requirement of ASF. I use GPG key to sign releases of GeoSpark
> >> in
> >> > the past.
> >> >
> >> > 4. Be placed in the correct place on the ASF’s infrastructure: we
> should
> >> > place our releases in two places: Maven, and PyPi. Not sure how to
> >> relate
> >> > them to ASF.
> >> >
> >> > 5. Have a KEYS file to validate the release: this should be the public
> >> key
> >> > of our GPG key?
> >> >
> >> > *Sedona requirement*
> >> >
> >> > 1. Python path name, file headers, and jars
> >> > 2. Project website docs: documentation should use the name, Sedona, in
> >> all
> >> > tutorials. We should also include the situation of GeoTools
> >> dependencies.
> >> >
> >> > Thanks,
> >> > Jia
> >> >
> >> >
> >> > On Wed, Oct 14, 2020 at 10:08 PM Jia Yu <ji...@apache.org> wrote:
> >> >
> >> > > Hi folks,
> >> > >
> >> > > We will be working on the first Sedona. Please see the JIRA ticket
> >> here:
> >> > >
> >> >
> >>
> https://issues.apache.org/jira/projects/SEDONA/issues/SEDONA-3?filter=allopenissues
> >> > >
> >> > > Do you think there are any outstanding issues to be fixed as well?
> >> > >
> >> > > Thanks,
> >> > > Jia
> >> > >
> >> >
> >>
> >
> >
> > --
> > Best regards,
> > Netanel Malka.
> >
>
>
> --
> Best regards,
> Netanel Malka.
>

Reply via email to