Re: [VOTE] Release of the dependencymanager 2.0.0
On Sat, Jan 31, 2009 at 1:30 PM, Marcel Offermans wrote: > Hey Karl, > > Thanks for your help on this! > > On Jan 31, 2009, at 13:09 , Karl Pauls wrote: > >> Seriously, nobody did say its easy to do releases - I agree with >> richard that it is more of a pain then it should be. Contributions to >> make it easier by doing some maven magic or writing a check/built >> script are more then welcome! > > I'll definitely add to the release page as I learn more. Great! >>> For the signing process, I also followed the procedure. Can anyone tell >>> me >>> what went wrong there? Karl? >> >> I think you already figured it out. You need to have a LICENSE and >> NOTICE file in the root of your projects. Additionally, depending on >> your set-up you might need an >> >> META-INF/LICENSE=LICENSE,META-INF/NOTICE=NOTICE >> instruction in your poms to make them end-up in the jar artifacts. > > Ok, I seem to have to add that. > >> I guess the next step is to clean-up the release tags in svn and >> downgrade your version in trunk manually. Then you can redo the >> release. Ping me when you need more help. > > I'm a bit puzzled about that downgrading message. You mean I can still try > to fix 2.0.0 and re-open the vote? I did remove the release tags for now. Well, i don't think that there is a clear rule on this one. If you want to follow the process as we did it most of the times then you wouldn't need to downgrade and do a new release with a higher version number (maybe 3.0 if you want a major release). In any case, the release tags need to be removed. > p.s.: Additionally, I don't think the key that was used for signing is > in the KEYS file. > > Could you please explain this, as I did add my key to the KEYS file. Also, > when I verify the signature on one of the release files it says: How did you add it and to which file. I see a key at the end of the file but it doesn't have a header (i.e., your name doesn't appear). Maybe you did forget a --armor or something just went wrong? Also, it might be just me and my set-up - could somebody else try whether the KEYS file works and let us know for sure? > $ gpg org.apache.felix.dependencymanager-2.0.0.jar.asc > gpg: Signature made Wed Jan 28 22:29:37 2009 CET using DSA key ID C5E9604F > gpg: Good signature from "Marcel Offermans (CODE SIGNING KEY) > " Yes, but that would be running against your local keyring which contains your key already regards, Karl > Greetings, Marcel > > -- Karl Pauls karlpa...@gmail.com
Re: [VOTE] Release of the dependencymanager 2.0.0
Marcel Offermans wrote: On Jan 31, 2009, at 13:09 , Karl Pauls wrote: I think you already figured it out. You need to have a LICENSE and NOTICE file in the root of your projects. Additionally, depending on your set-up you might need an META-INF/LICENSE=LICENSE,META-INF/NOTICE=NOTICE instruction in your poms to make them end-up in the jar artifacts. Ok, I seem to have to add that. The NOTICE file is trickier (but still fairly simple). You need to declare your "used" versus "included" dependencies, i.e., "external dependencies" vs "external dependencies embedded in your JAR". Just look at other subprojects for examples and if you want verify your NOTICE file, just send it to the list. -> richard I guess the next step is to clean-up the release tags in svn and downgrade your version in trunk manually. Then you can redo the release. Ping me when you need more help. I'm a bit puzzled about that downgrading message. You mean I can still try to fix 2.0.0 and re-open the vote? I did remove the release tags for now. p.s.: Additionally, I don't think the key that was used for signing is in the KEYS file. Could you please explain this, as I did add my key to the KEYS file. Also, when I verify the signature on one of the release files it says: $ gpg org.apache.felix.dependencymanager-2.0.0.jar.asc gpg: Signature made Wed Jan 28 22:29:37 2009 CET using DSA key ID C5E9604F gpg: Good signature from "Marcel Offermans (CODE SIGNING KEY) " Greetings, Marcel
Re: [VOTE] Release of the dependencymanager 2.0.0
Hey Karl, Thanks for your help on this! On Jan 31, 2009, at 13:09 , Karl Pauls wrote: Seriously, nobody did say its easy to do releases - I agree with richard that it is more of a pain then it should be. Contributions to make it easier by doing some maven magic or writing a check/built script are more then welcome! I'll definitely add to the release page as I learn more. For the signing process, I also followed the procedure. Can anyone tell me what went wrong there? Karl? I think you already figured it out. You need to have a LICENSE and NOTICE file in the root of your projects. Additionally, depending on your set-up you might need an META-INF/LICENSE=LICENSE,META-INF/NOTICE=NOTICEInclude-Resrouce> instruction in your poms to make them end-up in the jar artifacts. Ok, I seem to have to add that. I guess the next step is to clean-up the release tags in svn and downgrade your version in trunk manually. Then you can redo the release. Ping me when you need more help. I'm a bit puzzled about that downgrading message. You mean I can still try to fix 2.0.0 and re-open the vote? I did remove the release tags for now. p.s.: Additionally, I don't think the key that was used for signing is in the KEYS file. Could you please explain this, as I did add my key to the KEYS file. Also, when I verify the signature on one of the release files it says: $ gpg org.apache.felix.dependencymanager-2.0.0.jar.asc gpg: Signature made Wed Jan 28 22:29:37 2009 CET using DSA key ID C5E9604F gpg: Good signature from "Marcel Offermans (CODE SIGNING KEY) >" Greetings, Marcel
Re: [VOTE] Release of the dependencymanager 2.0.0
On Sat, Jan 31, 2009 at 10:50 AM, Marcel Offermans wrote: > Okay, let's see, I followed the release procedure on our site to the letter > on this one, that does not mention anything about LICENSE or NOTICE files. > Where should I copy them from (and why does maven not do that for you when > preparing a release)? Because its maven :-) Seriously, nobody did say its easy to do releases - I agree with richard that it is more of a pain then it should be. Contributions to make it easier by doing some maven magic or writing a check/built script are more then welcome! > For the signing process, I also followed the procedure. Can anyone tell me > what went wrong there? Karl? I think you already figured it out. You need to have a LICENSE and NOTICE file in the root of your projects. Additionally, depending on your set-up you might need an META-INF/LICENSE=LICENSE,META-INF/NOTICE=NOTICE instruction in your poms to make them end-up in the jar artifacts. I guess the next step is to clean-up the release tags in svn and downgrade your version in trunk manually. Then you can redo the release. Ping me when you need more help. regards, Karl > Greetings, Marcel > On Jan 31, 2009, at 1:54 , Richard S. Hall wrote: > >> Yes, I +1 the -1... >> >> I know the release process is a pain, but we need to re-do this one. >> Luckily, the fixes are easy. >> >> -> richard >> >> >> Karl Pauls wrote: >>> >>> -1 >>> >>> None of the artifacts (.jar, -project, -bin) contain any LICENSE nor >>> NOTICE files. Furthermore, as mentioned by Felix Meschberger at least >>> two files have missing license headers (which I consider a blocker as >>> well). >>> >>> regards, >>> >>> Karl >>> >>> p.s.: Additionally, I don't think the key that was used for signing is >>> in the KEYS file. >>> >>> On Fri, Jan 30, 2009 at 7:42 PM, Marcel Offermans >>> wrote: >>> Hello all, I'm opening a new vote for the first release candidate for the dependency manager and its optional shell command bundle. I've compiled everything and put it up for testing and checking here: http://people.apache.org/~marrs/dependencymanager-2.0.0/ The KEYS file for verifying the signature is also in this directory and the checksum files should have the correct format. The main reason for naming this release 2.0.0 is that there have been many 1.x versions and snapshots out there, so to avoid any confusion I'm starting with 2.0.0. Please check the release and cast your votes, the vote will be open for at least 72 hours: [ ] +1 Approve the release [ ] -1 Veto the release (please provide specific comments) Greetings, Marcel >>> >>> >>> >>> > > -- Karl Pauls karlpa...@gmail.com
Re: [VOTE] Release of the dependencymanager 2.0.0
Okay, let's see, I followed the release procedure on our site to the letter on this one, that does not mention anything about LICENSE or NOTICE files. Where should I copy them from (and why does maven not do that for you when preparing a release)? For the signing process, I also followed the procedure. Can anyone tell me what went wrong there? Karl? Greetings, Marcel On Jan 31, 2009, at 1:54 , Richard S. Hall wrote: Yes, I +1 the -1... I know the release process is a pain, but we need to re-do this one. Luckily, the fixes are easy. -> richard Karl Pauls wrote: -1 None of the artifacts (.jar, -project, -bin) contain any LICENSE nor NOTICE files. Furthermore, as mentioned by Felix Meschberger at least two files have missing license headers (which I consider a blocker as well). regards, Karl p.s.: Additionally, I don't think the key that was used for signing is in the KEYS file. On Fri, Jan 30, 2009 at 7:42 PM, Marcel Offermans wrote: Hello all, I'm opening a new vote for the first release candidate for the dependency manager and its optional shell command bundle. I've compiled everything and put it up for testing and checking here: http://people.apache.org/~marrs/dependencymanager-2.0.0/ The KEYS file for verifying the signature is also in this directory and the checksum files should have the correct format. The main reason for naming this release 2.0.0 is that there have been many 1.x versions and snapshots out there, so to avoid any confusion I'm starting with 2.0.0. Please check the release and cast your votes, the vote will be open for at least 72 hours: [ ] +1 Approve the release [ ] -1 Veto the release (please provide specific comments) Greetings, Marcel
Re: [VOTE] Release of the dependencymanager 2.0.0
Yes, I +1 the -1... I know the release process is a pain, but we need to re-do this one. Luckily, the fixes are easy. -> richard Karl Pauls wrote: -1 None of the artifacts (.jar, -project, -bin) contain any LICENSE nor NOTICE files. Furthermore, as mentioned by Felix Meschberger at least two files have missing license headers (which I consider a blocker as well). regards, Karl p.s.: Additionally, I don't think the key that was used for signing is in the KEYS file. On Fri, Jan 30, 2009 at 7:42 PM, Marcel Offermans wrote: Hello all, I'm opening a new vote for the first release candidate for the dependency manager and its optional shell command bundle. I've compiled everything and put it up for testing and checking here: http://people.apache.org/~marrs/dependencymanager-2.0.0/ The KEYS file for verifying the signature is also in this directory and the checksum files should have the correct format. The main reason for naming this release 2.0.0 is that there have been many 1.x versions and snapshots out there, so to avoid any confusion I'm starting with 2.0.0. Please check the release and cast your votes, the vote will be open for at least 72 hours: [ ] +1 Approve the release [ ] -1 Veto the release (please provide specific comments) Greetings, Marcel
Re: [VOTE] Release of the dependencymanager 2.0.0
-1 None of the artifacts (.jar, -project, -bin) contain any LICENSE nor NOTICE files. Furthermore, as mentioned by Felix Meschberger at least two files have missing license headers (which I consider a blocker as well). regards, Karl p.s.: Additionally, I don't think the key that was used for signing is in the KEYS file. On Fri, Jan 30, 2009 at 7:42 PM, Marcel Offermans wrote: > Hello all, > > I'm opening a new vote for the first release candidate for the dependency > manager and its optional shell command bundle. I've compiled everything and > put it up for testing and checking here: > > http://people.apache.org/~marrs/dependencymanager-2.0.0/ > > The KEYS file for verifying the signature is also in this directory and the > checksum files should have the correct format. > > The main reason for naming this release 2.0.0 is that there have been many > 1.x versions and snapshots out there, so to avoid any confusion I'm starting > with 2.0.0. > > Please check the release and cast your votes, the vote will be open for at > least 72 hours: > > [ ] +1 Approve the release > [ ] -1 Veto the release (please provide specific comments) > > Greetings, Marcel > > -- Karl Pauls karlpa...@gmail.com
Re: [VOTE] Release of the dependencymanager 2.0.0
+1 (non binding vote) On Fri, Jan 30, 2009 at 8:42 PM, Pierre De Rop < pierre.de_...@alcatel-lucent.fr> wrote: > +1 > > /pierre > > > Marcel Offermans wrote: > >> Hello all, >> >> I'm opening a new vote for the first release candidate for the dependency >> manager and its optional shell command bundle. I've compiled everything and >> put it up for testing and checking here: >> >> http://people.apache.org/~marrs/dependencymanager-2.0.0/ >> >> The KEYS file for verifying the signature is also in this directory and >> the checksum files should have the correct format. >> >> The main reason for naming this release 2.0.0 is that there have been many >> 1.x versions and snapshots out there, so to avoid any confusion I'm starting >> with 2.0.0. >> >> Please check the release and cast your votes, the vote will be open for at >> least 72 hours: >> >> [ ] +1 Approve the release >> [ ] -1 Veto the release (please provide specific comments) >> >> Greetings, Marcel >> >> >> > -- Toni Menzel Software Developer t...@okidokiteam.com http://www.ops4j.org - New Energy for OSS Communities - Open Participation Software.
Re: [VOTE] Release of the dependencymanager 2.0.0
+1 /pierre Marcel Offermans wrote: Hello all, I'm opening a new vote for the first release candidate for the dependency manager and its optional shell command bundle. I've compiled everything and put it up for testing and checking here: http://people.apache.org/~marrs/dependencymanager-2.0.0/ The KEYS file for verifying the signature is also in this directory and the checksum files should have the correct format. The main reason for naming this release 2.0.0 is that there have been many 1.x versions and snapshots out there, so to avoid any confusion I'm starting with 2.0.0. Please check the release and cast your votes, the vote will be open for at least 72 hours: [ ] +1 Approve the release [ ] -1 Veto the release (please provide specific comments) Greetings, Marcel
Re: [VOTE] Release of the dependencymanager 2.0.0
Thanks for restarting the vote. Here is my +1 Two files (SerialExecutor, State) of the dependencymanager bundle have missing license headers, this should be fixed for future releases. Regards Felix Marcel Offermans schrieb: > Hello all, > > I'm opening a new vote for the first release candidate for the > dependency manager and its optional shell command bundle. I've compiled > everything and put it up for testing and checking here: > > http://people.apache.org/~marrs/dependencymanager-2.0.0/ > > The KEYS file for verifying the signature is also in this directory and > the checksum files should have the correct format. > > The main reason for naming this release 2.0.0 is that there have been > many 1.x versions and snapshots out there, so to avoid any confusion I'm > starting with 2.0.0. > > Please check the release and cast your votes, the vote will be open for > at least 72 hours: > > [ ] +1 Approve the release > [ ] -1 Veto the release (please provide specific comments) > > Greetings, Marcel > >
[VOTE] Release of the dependencymanager 2.0.0
Hello all, I'm opening a new vote for the first release candidate for the dependency manager and its optional shell command bundle. I've compiled everything and put it up for testing and checking here: http://people.apache.org/~marrs/dependencymanager-2.0.0/ The KEYS file for verifying the signature is also in this directory and the checksum files should have the correct format. The main reason for naming this release 2.0.0 is that there have been many 1.x versions and snapshots out there, so to avoid any confusion I'm starting with 2.0.0. Please check the release and cast your votes, the vote will be open for at least 72 hours: [ ] +1 Approve the release [ ] -1 Veto the release (please provide specific comments) Greetings, Marcel