[
https://issues.apache.org/jira/browse/PIVOT-260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12754543#action_12754543
]
Todd Volkert commented on PIVOT-260:
------------------------------------
Ok, based on some emails that have been sent since this ticket was created, it
has been confirmed that LICENSE and NOTICE need to be in the jar and war files
that we distribute if we ever want to publish them separately (like in Maven).
I'm guessing that DISCLAIMER does as well. Should we write up a separate, much
smaller, README that is intended for inclusion in each jar file, or is that
overkill?
> Add missing resources in generated jar files, for compatibility with Apache
> Maven Repository
> --------------------------------------------------------------------------------------------
>
> Key: PIVOT-260
> URL: https://issues.apache.org/jira/browse/PIVOT-260
> Project: Pivot
> Issue Type: New Feature
> Reporter: Sandro Martini
> Priority: Minor
> Fix For: 1.3.1
>
>
> To publish Pivot jars in the main Apache Maven Repository, some files must be
> added inside jars (under a META-INF directory), the full discussion thread on
> our mailing list here:
> http://markmail.org/message/33a74zxgod4wbovh?q=News+on+Pivot+jars+published+via+Maven
> Our build file should be modified, to include this.
> And maybe renewing our self-signing certificate could be useful, too.
> Extract:
> ASF projects can get their artifacts published in the central Maven
> repository (eg http://repo2.maven.org/maven2/) by copying them to
> http://people.apache.org/repo/m2-ibiblio-rsync-repository/ which
> automatically syncs with the central repo.
> To do that on people.apache.org copy them to
> /x1/www/people.apache.org/repo/m2-ibiblio-rsync-repository.
> All committers should have access to do that, via ssh.
> Each artifact MUST have been voted on by a PMC and comply with all the
> release requirements like having LICENSE, NOTICE, DISCLAIMER files, be
> signed, and indicate they're incubating artifacts in the name eg by including
> the "-incubating" suffix in the artifact name. A common way of getting that
> vote done is by including the artifacts to be published in a staging area
> which is pointed to in the release VOTE.
> Signed in Apache jargong only means ".asc" files. Those are so called
> detached PGP signatures, and from that it is possible to verify authenticity
> of artifacts published.
> See http://www.apache.org/info/verification.html for more info, and perhaps
> you are interested in http://www.apache.org/dev/release-signing.html as well
> in case you end up cutting the releases. Once the troubled server (Minotaur?)
> is back up and working properly again, you will also find interesting data at
> http://www.apache.org/~henkp/trust/apache.html (or there about).
> Maven wants the POMs to be present, but succeeds even without them.
> Maven also have deployment tools, so once the release is properly cut, the
> publishing to Maven central will go via a "mvn deploy:deploy-file" which if
> it is not given a POM will create a skeletal one, which I think for our usage
> is good enough (we don't
> have dependencies).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
