On 04/03/2013 08:29 PM, sebb wrote:
On 3 April 2013 11:19, Mladen Turk <mt...@apache.org> wrote:
Unfortunately that also detaches the archives from the hash generation
process.
So you need to add code (e.g. antrun) to create the hashes.
That's fine. I know how to use md5sum and gpg. No need for ant :)
The build process is supposed to be reproducibleby others, so the Maven
issues need to be fixed.
Why? It's a RM's job to sign the files at the time he proposes a vote.
That's the only time this stuff is needed.
The best would be to have some sort of 'dist' target that would prepare
the stuff for non-maven publishing. Other then that there is no reason
to sign or hash the files (as part of standard build process)
Anyhow, gpg sign fails for commons-parent #28. #27 and earlier work.
First I've heard of that.
CP 28 has been used successfully elsewhere AFAIK.
I'm using Fedora18. I'll try on other OS's.
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
