Leo Simons wrote:
Release and build processes
Hi gang,
since I missed a lot of the initial talks, I'm writing this seperately. There
are a lot of "gotchas" related to release management. The ASF has historically
been real good at it and really lousy at creating a documented policy. Stuff
like
* There should be a documented and straightforward and automated way to
re-generate any release or relase snapshot "n" years from now. All the
artifacts for doing that should live in SVN. Eg we want to be able to do
$ svn co http://.../tags/....
$ cd ....
$ sh release.sh
$ wget http://www.apache.org/dist/harmony/..../.....tgz.sha1
$ openssl dgst -sha1 -verify .....tgz.sha1 .....
Verification OK
$
or get as close to something like that as possible.
So far, that's there, except for the zipping. The binaries for the
current snapshot are created from the ant build and zipped up. Tim will
add a 'dist' target when all is sorted.
* Releases should be properly GPG-signed, with SHA1 digest provided as well,
etc etc.
There is documentation on release management somewhere on
http://www.apache.org/dev/
(sorry, no network as I type). There are incubation rules pertaining to
publishing releases and/or snapshots somewhere on
http://incubator.apache.org/
I know I've previously written about this stuff to several mailing lists and
several wiki pages, IIRC by head something like
http://wiki.apache.org/excalibur/ReleaseManagement
should still exist. (I think at some point about 20% of the files on
www.apache.org/dist/ where owned by me and I was the biggest policy-breaker
in terms of bad symlinks, messed up file permissions, missing GPG signatures
so I *had* to figure out some "right way" to do stuff...I still haven't fixed
all my problems there I believe...)
The thing I just want to stress right now...
**Do not take this stuff lightly.** Apache is one of the most trusted names in
the world when it comes to distributing large amounts of quality software and we
have a responsibility to keep up the standard. All contributors and committers
should take some time to review these links and all the technical details
related to building and publishing releases. It might also be a good idea to
read eg dev@httpd.apache.org and look at their commit logs and the like to get
a feeling for what a "mature" release management process looks like here at the
ASF. It pays off bigtime to get a sound and solid release process in place
ASAP. Eg the distro script for JCHEVM in etc/ is a good start.
Its a good idea to tackle doing a release process incrementally, so by all means
"just get started" and publish some of those snapshots. Just make sure we're
complying with all the relevant policies (URLs above). I wish I had
some time to commit to help out writing down some tips 'n tricks or better yet
writing some scripts to help with this and getting a gump run going, but I don't
think I have that time at the moment :-/.
That's what has been done. Everything has so far been marked 'snapshot'
and they aren't signed because they aren't a release.
geir
Just some random rants, I'm sorry about not writing more clearly :-)
cheers,
Leo