On Fri, Feb 7, 2025 at 5:40 PM Piotr P. Karwasz <pi...@mailing.copernik.eu> wrote: > > Hi Gary, > > On 31.01.2025 16:38, Gary Gregory wrote: > > Please review the release candidate and vote. > > This vote will close no sooner than 72 hours from now. > > > > [ ] +1 Release these artifacts > > [ ] +0 OK, but... > > [ ] -0 OK, but really should fix... > > [ ] -1 I oppose this release because... > > The binary distribution contains `findsecbugs-plugin-1.13.0.jar`, which > is a third-party library under LGPL-3.0. > > I checked the rest (hashes, signatures, reproducibility) and everything > checks out except this detail. How do you plan to proceed?
Hi Piotr, Nice find! :-) I fixed the offending files (zip and tar). Committed SVN revision 74783 (no longer revision 74565): -rw-r--r--@ 1 garygregory staff 1145477 Feb 7 18:02 commons-logging-1.3.5-bin.tar.gz -rw-r--r--@ 1 garygregory staff 488 Feb 7 18:26 commons-logging-1.3.5-bin.tar.gz.asc -rw-r--r--@ 1 garygregory staff 163 Feb 7 18:13 commons-logging-1.3.5-bin.tar.gz.sha512 -rw-r--r--@ 1 garygregory staff 1216474 Feb 7 17:57 commons-logging-1.3.5-bin.zip -rw-r--r--@ 1 garygregory staff 488 Feb 7 18:27 commons-logging-1.3.5-bin.zip.asc -rw-r--r--@ 1 garygregory staff 129 Feb 7 17:55 commons-logging-1.3.5-bin.zip.sha512 SHA512s are now: 54470384fb55eb58da991d2f046f98dd666a3e19eae88ae8e7e1b2c0dfd4f1dc57f697e328cc21540272bdca72ad19284f3e3146bbf0a4b4d0ce534a9a1d31b6 commons-logging-1.3.5-bin.tar.gz 8c4397e18a15223dd1e7b3e3a985e465adacb96127b6716ec233f842906e591c90dae9b7d6ff5d6261d967baf164b10bec9a8643dc27c7ee55243f8da863d45a commons-logging-1.3.5-bin.zip I've fixed zip and tar generation locally. ASC files are also up to date. Gary > > Piotr > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org >
