[GitHub] [hadoop] dongjoon-hyun commented on pull request #5281: HADOOP-18590. Publish SBOM artifacts

dongjoon-hyun commented on PR #5281: URL: https://github.com/apache/hadoop/pull/5281#issuecomment-1385941115 > ok, verified the artifacts get into the local mvn repo. It's great. :) > i do like the xml version BTW, including all the signatures. makes it easier to spot tamperin

[GitHub] [hadoop] dongjoon-hyun commented on pull request #5281: HADOOP-18590. Publish SBOM artifacts

dongjoon-hyun commented on PR #5281: URL: https://github.com/apache/hadoop/pull/5281#issuecomment-1384688622 Thank you, @steveloughran . -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specif

[GitHub] [hadoop] dongjoon-hyun commented on pull request #5281: HADOOP-18590. Publish SBOM artifacts

dongjoon-hyun commented on PR #5281: URL: https://github.com/apache/hadoop/pull/5281#issuecomment-1377129473 FYI, here is Apache ORC 1.8.2 RC1 vote artifact, @steveloughran . - https://repository.apache.org/content/repositories/orgapacheorc-1064/org/apache/orc/orc-core/1.8.2/ -- This

[GitHub] [hadoop] dongjoon-hyun commented on pull request #5281: HADOOP-18590. Publish SBOM artifacts

dongjoon-hyun commented on PR #5281: URL: https://github.com/apache/hadoop/pull/5281#issuecomment-1376959730 Hi, @steveloughran . Basically, these are SBOM for jars. So, this PR aims to use `Maven Central` as the `SBOM` repository along with the release jars. As I described in the PR descri

[GitHub] [hadoop] dongjoon-hyun commented on pull request #5281: HADOOP-18590. Publish SBOM artifacts

dongjoon-hyun commented on PR #5281: URL: https://github.com/apache/hadoop/pull/5281#issuecomment-1376556280 Thank you so much, @cnauroth and @sunchao ! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to

[GitHub] [hadoop] dongjoon-hyun commented on pull request #5281: HADOOP-18590. Publish SBOM artifacts

dongjoon-hyun commented on PR #5281: URL: https://github.com/apache/hadoop/pull/5281#issuecomment-1374790483 [Apache Yetus(Jenkins) error: unit](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5281/1/artifact/out/patch-unit-root.txt) job seems to pass although it has a `red-x` ma

[GitHub] [hadoop] dongjoon-hyun commented on pull request #5281: HADOOP-18590. Publish SBOM artifacts

dongjoon-hyun commented on PR #5281: URL: https://github.com/apache/hadoop/pull/5281#issuecomment-1374361679 Thank you, @sunchao ! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific com

[GitHub] [hadoop] dongjoon-hyun commented on pull request #5281: HADOOP-18590. Publish SBOM artifacts

dongjoon-hyun commented on PR #5281: URL: https://github.com/apache/hadoop/pull/5281#issuecomment-1374263495 Thank you, @cnauroth ! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific co

[GitHub] [hadoop] dongjoon-hyun commented on pull request #5281: HADOOP-18590. Publish SBOM artifacts

dongjoon-hyun commented on PR #5281: URL: https://github.com/apache/hadoop/pull/5281#issuecomment-1374107916 cc @steveloughran , @sunchao , @snmvaughan -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to