Either way is fine with me. Is the issue that it is easier to build from the head? I think you can branch from a tag or hash?
Sent from my LG G3, an AT&T 4G LTE smartphone ------ Original message------ From: Christofer Dutz Date: Sun, Mar 29, 2015 3:15 AM To: dev@flex.apache.org; Subject:AW: Publish Maven artifacts for released versions of FlexUnit4? Hi Justin ... but I just noticed something else. As I added the release stuff to the build to the develop branch after the 4.2 release, I doubt I could actually safely release 4.2 revision with this. I would much more think that eventually releasing a 4.2.1 with maven artifacts instead and pack in the changes you and Alex provided since the release. What do you think? Think it would be the safer way. Chris -----Ursprüngliche Nachricht----- Von: Christofer Dutz [mailto:christofer.d...@c-ware.de] Gesendet: Sonntag, 29. März 2015 12:03 An: dev@flex.apache.org Betreff: AW: Publish Maven artifacts for released versions of FlexUnit4? Hi Justin, investigating it a little more ... ok now this is really strange. I do generate the poms to pom.xml and sign them, but they are renamed when uploading ... will change this ... thanks for reporting this :-) Chris [ C h r i s t o f e r D u t z ] C-Ware IT-Service Inhaber Dipl. Inf. Christofer Dutz Alleestraße 23, 64367 Mühltal fon: 0 61 54 / 5779991 mobil: 0171 / 7 444 2 33 email: christofer.d...@c-ware.de http://www.c-ware.de FA Darmstadt: 07 813 60581 -----Ursprüngliche Nachricht----- Von: Christofer Dutz [mailto:christofer.d...@c-ware.de] Gesendet: Sonntag, 29. März 2015 11:30 An: dev@flex.apache.org Betreff: AW: Publish Maven artifacts for released versions of FlexUnit4? Oh ... thanks for that hint Justin. I added the signature stuff to the Ant scripts quite some time ago. For this I had to manually sign all artifacts. Will double-check to make sure the poms are signed too. Chris -----Ursprüngliche Nachricht----- Von: Justin Mclean [mailto:jus...@classsoftware.com] Gesendet: Sonntag, 29. März 2015 00:27 An: dev@flex.apache.org Betreff: Re: Publish Maven artifacts for released versions of FlexUnit4? Hi, > Could you guys please double check the artifacts ... I guess the main question is how do we confirm what source code this was compiled from? > I know this is not an official release, but I still thing the signatures need > verification. May be the way it been deployed? but the the jar sigs and md5 hashes are ok (and using an Apache email). but the pom file signature isn't. for file in *.asc; do echo $file; gpg --verify $file; done flexUnitTasks-4.2.0-javadoc.jar.asc gpg: Signature made Sun 29 Mar 04:03:33 2015 AEDT using RSA key ID 5C60D6B9 gpg: Good signature from "Christofer Dutz (Apache Comitter) <cd...@apache.org>" flexUnitTasks-4.2.0-sources.jar.asc gpg: Signature made Sun 29 Mar 04:03:27 2015 AEDT using RSA key ID 5C60D6B9 gpg: Good signature from "Christofer Dutz (Apache Comitter) <cd...@apache.org>" flexUnitTasks-4.2.0.jar.asc gpg: Signature made Sun 29 Mar 04:03:13 2015 AEDT using RSA key ID 5C60D6B9 gpg: Good signature from "Christofer Dutz (Apache Comitter) <cd...@apache.org>" flexUnitTasks-4.2.0.pom.asc gpg: no signed data gpg: can't hash datafile: No data Thanks, Justin
