On 4 April 2013 05:25, Mladen Turk <mt...@apache.org> wrote: > On 04/03/2013 08:29 PM, sebb wrote: > >> On 3 April 2013 11:19, Mladen Turk <mt...@apache.org> wrote: >> >>> >>>>> Unfortunately that also detaches the archives from the hash generation >>>> process. >>>> So you need to add code (e.g. antrun) to create the hashes. >>>> >>>> >>>> That's fine. I know how to use md5sum and gpg. No need for ant :) >>> >>> >>> The build process is supposed to be reproducibleby others, so the Maven >> issues need to be fixed. >> >> > Why? It's a RM's job to sign the files at the time he proposes a vote. > That's the only time this stuff is needed. >
The sigs and hashes are only generated when the release profile is used. > The best would be to have some sort of 'dist' target that would prepare > the stuff for non-maven publishing. Other then that there is no reason > to sign or hash the files (as part of standard build process) > > See above - that already happens. > > >> >>> Anyhow, gpg sign fails for commons-parent #28. #27 and earlier work. >>> >>> >>> First I've heard of that. >> CP 28 has been used successfully elsewhere AFAIK. >> >> > I'm using Fedora18. I'll try on other OS's. > > > > Regards > -- > ^TM > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > dev-unsubscribe@commons.**apache.org<dev-unsubscr...@commons.apache.org> > For additional commands, e-mail: dev-h...@commons.apache.org > >
