FYI -- we decided to -1 this based on more license issues.. The .rat-excludes file previously mentioned has been updated and those issues resolved. I'll be putting together a RC4 this morning.
-Dan On Sat, Dec 3, 2016 at 4:16 PM, Leif Hedstrom <zw...@apache.org> wrote: > >> On Dec 2, 2016, at 5:57 PM, Dan Kirkwood <dang...@apache.org> wrote: >> >> Thanks again for the feedback, Leif.. There is a .rat_excludes >> file at the top level, but it looks like we didn't get it fully >> populated. The .json files should certainly be excluded.. > > Oh, but it was not in the tar-ball, that’s why I couldn’t find it. > >> >> According to the page you referred to earlier, you can use one of >> several methods to do create the md5 sum: >> http://www.apache.org/dev/release-signing.html#md5 >> <http://www.apache.org/dev/release-signing.html#md5> -- as we already >> are using gpg for signing, I figured that would be safe.. It >> doesn't matter to me which we use, but we should be consistent, so >> I'll document what we decide on in the release instructions.. > > Yeh, I don’t care (much), as long as you are consistent (it should be part of > a build script / Makefile target). > > The ASCII armor validated fine btw :). > >> >> Easy enough to include sha1 as well :-) > > Cool. > > Cheers, > > — leif >