On 02/05/2012 15:41, René Mulder wrote:
+1
although i wasnt able to check the signatures (no practical PGP knowledge),
i was able to build from various sources, perform apache-rat:check and
found the LICENCE and NOTICE files in the wars.
Hi Rene,
check [1] for this (for example).
Regards.
[1] http://www.apache.org/dev/release-signing#verifying-signature
On 02/05/2012 13:50, Francesco Chicchiriccò wrote:
Discussion thread for vote on 1.0.0-RC1-incubating release, with SVN
source tag (r1332998).
For more information on the release process, check out
http://www.apache.org/dev/release.html
Some of the things to check before voting are:
- does "mvn apache-rat:check" pass on the source
- can you build the contents of source release (both .zip and .tar.gz)
and SVN tag
- do all of the staged jars/wars/tar.gz/zips contain the required
LICENSE and NOTICE files
- are all of the staged jars/wars/tar.gz/zips signed and the signature
verifiable
- is the signing key in the project's KEYS file and on a public server
(i.e. http://www.apache.org/dist/incubator/syncope/)
Regards.
--
Francesco Chicchiriccò
Apache Cocoon PMC and Apache Syncope PPMC Member
http://people.apache.org/~ilgrosso/
