On 25 February 2012 09:59, Gilles Sadowski <gil...@harfang.homelinux.org> wrote:
> Hello.
>
>> >
>> > How do we proceed from here in order to release 3.0? Cf. ticket MATH-746,
>> > "Things to do before releasing 3.0".
>>
>> Sorry for being late on this.
>>
>> >
>> > Can we start to talk about an expected release date?
>>
>> I guess you did a wonderful job for closing everything. As it is clean
>> enough, I think we could even skip the step of using a release branch
>> and we could simply tag the release candidates from the trunk. This
>> would simply imply refraining from any change which is not related to
>> the release for a few days.
>>
>> Someone has to volunteer to act as the release manager. The task is
>> simply to perform the few commands described for example here:
>> <http://wiki.apache.org/commons/UsingNexus>. The release manager also
>> signs the packages using a gpg key, which should be put in the global
>> KEYS file. This file can be retrieved using the following svn command:
>>
>> svn checkout --depth=immediates \
>>   https://[your-commiter-id]@svn.apache.org/repos/asf/commons/trunks-proper
>>
>> The artifacts for the release candidate must be made available and a
>> VOTE thread must be started on the dev list for at least 72 hours (see
>> <http://www.apache.org/foundation/voting.html>). There can be several
>> release candidate before a version finally goes out (when I release
>> version 2.0 I think, we needed 6 candidates ...). When the vote passes,
>> the exact artifacts which were used for voting will be published by
>> uploading the source and binary zip and tar files and by promoting the
>> maven artifacts with Nexus. Not a single bit is changed (this would
>> change the gpg signatures). This means that for example the release date
>> which appears in the release notes must be estimated before the vote
>> taking the voting delay into account (plus one or two days as a safety
>> margin) and it must be updated as each release candidate is cut.
>>
>> So there is no predefined release date until the vote finally passes.
>>
>> At the pace at which you go now, I would say we could target a first
>> release candidate early next week.
>>
>> Any volunteer as release manager ?
>
> OK, I started to try the commands listed in the "UsingNexus" file. Not
> everything works directly... [maven2 could not find a plugin, which led me

Which plugin?

> to upgrade to maven3, which printed a warning about "parent" being a broken
> project, etc.]
>
> I don't know maven (apart from the basics to build CM) so, it is not always
> obvious which are the mandatory steps and what result must be observed in
> order to check that everything went fine...
>
> For the encryption key: I was always advised against writing a passphrase in
> clear in a file; maven seems to support asking for the passphrase but when
> it prints:
> ---CUT---
> Enter passphrase: gpg: gpg-agent is not available in this session
> ---CUT---
> When I enter the passphrase, it just prints that same message again...

Works for me using Maven 2.2.1 and 3.0.4

Which version of gpg have you installed locally?

To test it out, just use

mvn gpg:sign

It will fail later as it needs package first.

> [I guess I'll create a dummy key and store the passphrase in "settings.xml"
> just for this to work...]

You can use encrypted passwords:

http://maven.apache.org/guides/mini/guide-encryption.html

Better than plain text, but still not ideal if your host is not
physically secure.

Can also store the master key on a removable USB stick.

>
> Regards,
> Gilles
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> For additional commands, e-mail: dev-h...@commons.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Reply via email to