+1 and cool ☺️
Le 7 juin 2016 10:42, "Paul King" a écrit :
> Nice work Cédric, thanks for being release manager.
>
> Cheers, Paul.
>
> On Tue, Jun 7, 2016 at 6:33 PM, Cédric Champeau
> wrote:
> > Hi all,
> >
> > The vote for releasing Apache Groovy 2.4.7 has passed:
> >
> > - 9 +1 votes (5 bindi
Nice work Cédric, thanks for being release manager.
Cheers, Paul.
On Tue, Jun 7, 2016 at 6:33 PM, Cédric Champeau
wrote:
> Hi all,
>
> The vote for releasing Apache Groovy 2.4.7 has passed:
>
> - 9 +1 votes (5 binding)
> - 0 neutral vote
> - 0 negative vote
>
> Vote thread:
> https://mail-archiv
Hi all,
The vote for releasing Apache Groovy 2.4.7 has passed:
- 9 +1 votes (5 binding)
- 0 neutral vote
- 0 negative vote
Vote thread:
https://mail-archives.apache.org/mod_mbox/groovy-dev/201606.mbox/%3CCADQzvmkixhBk_Hi%3Dpn64S6qnkuG85%2BBA0GN%2B4XR91OHjdv_Hdw%40mail.gmail.com%3E
As such, I'm
dev/groovy/KEYS
>>
>> Please vote on releasing this package as Apache Groovy 2.4.7.
>>
>> The vote is open for the next 72 hours and passes if a majority of at
>> least three +1 PPMC votes are cast.
>>
>> [ ] +1 Release Apache Groovy 2.4.7
>> [ ] 0 I don't have a strong opinion about this, but I assume it's ok
>> [ ] -1 Do not release Apache Groovy 2.4.7
>>
>> Here is my vote:
>>
>> +1 (binding)
> Release artifacts are signed with the following key:
> https://dist.apache.org/repos/dist/dev/groovy/KEYS
>
> Please vote on releasing this package as Apache Groovy 2.4.7.
>
> The vote is open for the next 72 hours and passes if a majority of at
> least three +1 PPMC votes are c
Maven has a way of signing artifacts and publishing checksums. In fact, it is
one of the requirement we stick to in Apache Bigtop (see [1])
Maven has verify plugin for this purpose [2].
[1]
https://repo.maven.apache.org/maven2/org/apache/bigtop/itest/itest-common/1.1.0/
[2] https://maven.apache.
elease artifacts are signed with the following key:
> https://dist.apache.org/repos/dist/dev/groovy/KEYS
>
> Please vote on releasing this package as Apache Groovy 2.4.7.
>
> The vote is open for the next 72 hours and passes if a majority of at
> least three +1 PPMC votes are cast
On 6/4/16 2:54 AM, Russel Winder wrote:
>
> For those who download and check signatures, SHA1 and MD5 are
> unreliable and provide very weak confidence.
>
> I am not sure what stance Gradle, Maven, and Ant take on signature
> checking, do they do any signature checking at all?
>
The only signature
On 6/4/16 2:54 AM, Russel Winder wrote:
>
> For those who download and check signatures, SHA1 and MD5 are
> unreliable and provide very weak confidence.
>
> I am not sure what stance Gradle, Maven, and Ant take on signature
> checking, do they do any signature checking at all?
The only signature
+1
On 4 Jun 2016 11:54, "Russel Winder" wrote:
> On Sat, 2016-06-04 at 10:53 +0200, jim northrop wrote:
> > what does this mean to the avg hacker ? do we need to fix our kit
> > anyway ?
> >
>
> For those who download and check signatures, SHA1 and MD5 are
> unreliable and provide very weak confi
On Sat, 2016-06-04 at 10:53 +0200, jim northrop wrote:
> what does this mean to the avg hacker ? do we need to fix our kit
> anyway ?
>
For those who download and check signatures, SHA1 and MD5 are
unreliable and provide very weak confidence.
I am not sure what stance Gradle, Maven, and Ant take
what does this mean to the avg hacker ? do we need to fix our kit anyway ?
On 4 June 2016 at 10:50, Russel Winder wrote:
> On Fri, 2016-06-03 at 16:20 -0700, Konstantin Boudnik wrote:
> > +1 [binding]
> >
> > signature is ok
> > sha1 is ok
> > rat is ok
> > builds and produces functional binarie
On Fri, 2016-06-03 at 19:20 +0200, Cédric Champeau wrote:
> […]
>
> [ ] +1 Release Apache Groovy 2.4.7
> [ ] 0 I don't have a strong opinion about this, but I assume it's ok
> [ ] -1 Do not release Apache Groovy 2.4.7
I cannot check the artefacts directly myself just n
On Fri, 2016-06-03 at 16:20 -0700, Konstantin Boudnik wrote:
> +1 [binding]
>
> signature is ok
> sha1 is ok
> rat is ok
> builds and produces functional binaries
>
> One small note: sha1 and md5 aren't considered secure, it'd make
> sense to
> switch into gpg generated checksums, perhaps. I can
epos/dist/dev/groovy/KEYS
Please vote on releasing this package as Apache Groovy 2.4.7.
The vote is open for the next 72 hours and passes if a majority of at
least three +1 PPMC votes are cast.
[ ] +1 Release Apache Groovy 2.4.7
[ ] 0 I don't have a strong opinion about this, but I assum
ase artifacts are signed with the following key:
> https://dist.apache.org/repos/dist/dev/groovy/KEYS
>
> Please vote on releasing this package as Apache Groovy 2.4.7.
>
> The vote is open for the next 72 hours and passes if a majority of at least
> three +1 PPMC votes are ca
> > Release artifacts are signed with the following key:
> > https://dist.apache.org/repos/dist/dev/groovy/KEYS
> >
> > Please vote on releasing this package as Apache Groovy 2.4.7.
> >
> > The vote is open for the next 72 hours and passes if a majority of at
> least
The vote is open for the next 72 hours and passes if a majority of at least
> three +1 PPMC votes are cast.
>
> [ ] +1 Release Apache Groovy 2.4.7
> [ ] 0 I don't have a strong opinion about this, but I assume it's ok
> [ ] -1 Do not release Apache Groovy 2.4.7
>
> Here is my vote:
>
> +1 (binding)
signature.asc
Description: Digital signature
ttps://dist.apache.org/repos/dist/dev/groovy/KEYS
Please vote on releasing this package as Apache Groovy 2.4.7.
The vote is open for the next 72 hours and passes if a majority of at
least three +1 PPMC votes are cast.
[ ] +1 Release Apache Groovy 2.4.7
[ ] 0 I don't have a strong opinion about th
sing this package as Apache Groovy 2.4.7.
The vote is open for the next 72 hours and passes if a majority of at least
three +1 PPMC votes are cast.
[ ] +1 Release Apache Groovy 2.4.7
[ ] 0 I don't have a strong opinion about this, but I assume it's ok
[ ] -1 Do not release Apache Groovy
20 matches
Mail list logo
