+1 for "latest". Not that this is a JAVA project, but that follows some already-established conventions from other apache projects (i.e. maven).
Aaron Coburn > On May 27, 2015, at 3:28 PM, Josh Thompson <[email protected]> wrote: > > Signed PGP part > I just remembered I hadn't updated the dist directory yet. I just copied them > and checked them in. The mirrors should have them picked up by this time > tomorrow. > > I don't know if we decided for sure on a "current" or "latest" symlink. For > whatever reason, I like "latest" better. > > Josh > > On Thursday, May 14, 2015 4:41:34 PM Andy Kurth wrote: > > 2 sounds ok to me. Did we ever decide if we wanted to use something like a > > "current" or "latest" symlink? > > -Andy > > > > On Wed, May 13, 2015 at 9:47 AM, Josh Thompson <[email protected]> > > > > wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > I just discovered a problem with the vcl-install.sh and vcl-upgrade.sh > > > scripts > > > bundled with 2.4.2. When we decided to move to putting all release files > > > under a directory named after the version number when placing files at > > > www.apache.org/dist/vcl, I didn't get the scripts updated to include the > > > version number in the path from which they download the archive and > > > signatures > > > (i.e. they are downloading from /dist/vcl instead of /dist/vcl/2.4.2). We > > > have 2 options for fixing this: > > > > > > 1) release 2.4.3 with the paths included > > > 2) copy the files that are under www.apache.org/dist/vcl/2.4.2 to > > > www.apache.org/dist/vcl > > > > > > I'd prefer not to do yet another release (option 1). > > > > > > Regarding options 2, we decided to put all of the files under a version > > > number > > > because vcl-install.sh and vcl-upgrade.sh don't have version numbers in > > > the > > > filenames, and would thus keep getting updated in the /dist/vcl directory > > > with > > > each release, which could trigger an attack alert since the files would be > > > modified. > > > > > > I think we'd be safe to copy all of the files from /dist/vcl/2.4.2 to > > > /dist/vcl for one release. Since vcl-install.sh and vcl-upgrade.sh are > > > not > > > currently in /dist/vcl, I don't think we'll trigger any alerts. Then, for > > > the > > > next release, we'd have things fixed to be downloading from the correct > > > URLs. > > > > > > Thoughts? > > > > > > Josh > > > - -- > > > - ------------------------------- > > > Josh Thompson > > > VCL Developer > > > North Carolina State University > > > > > > my GPG/PGP key can be found at pgp.mit.edu > > > > > > All electronic mail messages in connection with State business which > > > are sent to or received by this account are subject to the NC Public > > > Records Law and may be disclosed to third parties. > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v2 > > > > > > iEYEARECAAYFAlVTVhgACgkQV/LQcNdtPQONLgCfV70/hyWRRwTT1uckH5LZ76zQ > > > yA4AnREe2kprAtHQA0M8jy3v2jqSLoBn > > > =rM82 > > > -----END PGP SIGNATURE----- > -- > ------------------------------- > Josh Thompson > VCL Developer > North Carolina State University > > my GPG/PGP key can be found at pgp.mit.edu > > All electronic mail messages in connection with State business which > are sent to or received by this account are subject to the NC Public > Records Law and may be disclosed to third parties. > >
signature.asc
Description: Message signed with OpenPGP using GPGMail
