[jira] [Created] (XMLBEANS-558) Download page gpg example needs second parameter
Sebb created XMLBEANS-558: - Summary: Download page gpg example needs second parameter Key: XMLBEANS-558 URL: https://issues.apache.org/jira/browse/XMLBEANS-558 Project: XMLBeans Issue Type: Bug Reporter: Sebb It is important that the file being checked is also specified [1] on the gpg command line [2] If the second paramater is omitted, gpg can report success without actually checking the main artifact. This should not happen on correctly constructed ASF downloads, as we only provide detached sigs, but we should not be documenting bad practise. Note: the first example is correct, but the sample verification sequence omits the second parameter in: gpg --verify xmlbeans-bin-3.1.0.tgz.asc [1] https://www.apache.org/info/verification.html#specify_both [2] https://xmlbeans.apache.org/download/ -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
Re: Announcement wasn't accepted
I don't think the download directory locations are a problem. However the download page has several problems: https://xmlbeans.apache.org/sourceAndBinaries/ - no links to KEYS, sigs, hashes or even release artifacts. - should not link to unreleased code (ie. no links to SVN) Have a look at http://cxf.apache.org/download.html for a possible layout with all the required information. There are lots of others. On 4 July 2018 at 22:24, Andreas Beeker wrote: > FYI ... the announcement wasn't accepted, see below comments. > > so it looks like, I need to move the files to the location I originally > intended. > > Andi > > > Forwarded Message > Subject: Returned post for annou...@apache.org > Date: 4 Jul 2018 21:15:34 - > From: announce-ow...@apache.org > To: kiwiwi...@apache.org > > > Hi! This is the ezmlm program. I'm managing the > annou...@apache.org mailing list. > > I'm sorry, your message (enclosed) was not accepted by the moderator. > If the moderator has made any comments, they are shown below. > > > > > Announcements of Apache project releases must contain a link to the > relevant > download page, which might be hosted on an Apache site or a third party > site > such as github.com. [1] > > The download page must provide public download links where current official > source releases and accompanying cryptographic files may be obtained. [2] > > Links to the download artifacts must support downloads from mirrors. Links > to > metadata (SHA, ASC) must be from https://www.apache.org/dist/ roject>/ > MD5 is no longer considered useful and should not be used. SHA is required. > Links to KEYS must be from https://www.apache.org/dist// not > release > specific. > > Announcements that contain a link to the dyn/closer page alone will be > rejected by the moderators. > > Announcements that contain a link to a web page that does not include a > link > to a mirror to the artifact plus links to the signature and at least one > sha > checksum will be rejected. > > Announcements that link to dist.apache.org will not be accepted. > Likewise ones which link to SVN or Git code repos. > > [1] http://www.apache.org/legal/release-policy.html#release-announcements > [2] https://www.apache.org/dev/release-distribution#download-links > > < < > > >
Re: XMLBeans 3.0.0 release vote
On 22 June 2018 at 21:49, Andreas Beeker wrote: > I've just realized, that you've done the changes to the github mirror. > In the context of POI, I'm looking at github only as a source for patches, > but not as our project repo. > So I try to integrate your changes locally and then to the svn repo ... Huh? If GitHub is set up as a proper mirror, it should not differ from the project repo. There should be only one master repo which holds all changes. If that is not the case, it seems to me that something has gone badly wrong. > Andi > > On 6/22/18 10:35 PM, Andreas Beeker wrote: >> Before I vote, I'd like to see the XmlBeans 3.0.0 RC version in our POI build >> and although you've removed and then reverted it, it would be nice, if >> we don't need to do the piccolo modifications. >> >> So it looks like I need to do those modifications locally and find out why >> the piccolo stuff makes problems ... >> >> Andi >> >> > > - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
Re: Non-maintainer upload of bugfixes for the XMLBeans library in the Attic
On 7 November 2017 at 07:20, jan iversenwrote: > > > Sent from my iPad > >> On 6 Nov 2017, at 21:47, Dominik Stadler wrote: >> >> Hi, >> >> The Apache XMLBeans library was moved to the Attic a few years ago >> (05/2014), however Apache POI still uses the library as it's core XML >> binding framework. >> >> While the Apache POI PMC and the development community is already >> discussing possible replacements for some time, use of XMLBeans is still >> deeply rooted and thus hard to replace quickly. >> >> Over time, we discovered a few grave bugs in XMLBeans which lead to >> bug-reports that we cannot fix ourselves. >> >> Therefore we would like to start discussion about an NMU of XMLBeans to get >> a fix for the most pressing issues. >> >> See https://bz.apache.org/bugzilla/show_bug.cgi?id=59268 for the full >> discussion,and https://github.com/pjfanning/xmlbeans for a fork with >> initial bugfixes. >> >> Among others, we would like to fix the following, changes for these are >> already applied and verified in the github fork: >> * the official XMLBeans-JAR contains duplicate classes, making it >> impossible to use it on Android as the Android build fails due to this >> * cannot use Unicode surogates, thus affecting use of Apache POI in >> non-latin-script areas >> * Remove W3C and JAVAX classes which are not needed any more since Java 6 >> (current Apache POI development is on Java 8) >> >> >> So is there a precedent for something like this? What steps do we need to >> make to get an updated version of XMLBeans published? > > Others might have examples of how it was done in the past. Making a fork on > e.g. github with a new non-apache name is the simplest way. > > However if I understand it correct your intention is only to maintain > XMLbeans for the benefit of POI. That gives you (as I see it) another option, > you can include the source code in your project and do the patches as part of > your project. I think it would need to be in a different package to avoid possible confusion with the original. And it should be obvious that it is not intended for external use. e.g. org.apache.poi.internal.xmlbeans > rgds > jan i >> >> >> Thanks... Dominik >> >> On behalf of the Apache POI PMC >> >> >> About Apache POI >> --- >> >> Apache POI is well-known in the Java field as a library for reading and >> writing Microsoft Office file formats, such as Excel, PowerPoint, Word, >> Visio, Publisher and Outlook. It supports both the older (OLE2) and >> new (OOXML - Office Open XML) formats. >> >> See https://poi.apache.org/ for more details - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
Re: Apache POI 3.15 released
What is the project about? Why should I be interested in it? [rhetorical questions] The Announce emails are sent to people not on the developer or user lists. Most will have no idea what the project is about. So the e-mails should contain at least brief details of what the product does, and some info on why the new release might be of interest to them. Readers should not have to click the link to find out the basic information (although of course it is useful to have such links for further detail). Please can you add that information to future announce mails? Thanks. On 21 September 2016 at 23:32, David Northwrote: > The Apache POI PMC are pleased to announce the release of Apache POI 3.15. > > For details of changes in this release, refer to the release notes: > > https://www.apache.org/dyn/closer.lua/poi/release/RELEASE-NOTES.txt > > Thank you to all our contributors for making this release possible. > > Some of us will be at ApacheCon Europe in Seville later in the year; do > find us there if you have input and suggestions. > > On behalf of the Apache POI PMC, > > David North - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org