> On Dec 2, 2016, at 5:57 PM, Dan Kirkwood <dang...@apache.org> wrote: > > Thanks again for the feedback, Leif.. There is a .rat_excludes > file at the top level, but it looks like we didn't get it fully > populated. The .json files should certainly be excluded..
Oh, but it was not in the tar-ball, that’s why I couldn’t find it. > > According to the page you referred to earlier, you can use one of > several methods to do create the md5 sum: > http://www.apache.org/dev/release-signing.html#md5 > <http://www.apache.org/dev/release-signing.html#md5> -- as we already > are using gpg for signing, I figured that would be safe.. It > doesn't matter to me which we use, but we should be consistent, so > I'll document what we decide on in the release instructions.. Yeh, I don’t care (much), as long as you are consistent (it should be part of a build script / Makefile target). The ASCII armor validated fine btw :). > > Easy enough to include sha1 as well :-) Cool. Cheers, — leif