Hi, > The binaries are not created by first creating the source package, > unpacking it and compiling it. You were a Flex SDK RM at least once, did > you not understand what you were signing?
Every time I made the release I made it from the source on my local machine on a clean tagged branch. I understood 100% what I was signing (for instance see [1][2]) and write most of the scripts to do help make builds [3][4] and contributed a lot to the wiki on the instructions on how the build the SDK. [4] I was a Flex SDK RM 1/2 dozen times probably more and more than a dozen releases in this project. So I have no idea why you would say “did you not understand what you were signing?” and IMO that was uncalled for. > I'm not sure there is a workaround to convert those files back > to UTF8 or not. Even if you did find a way it would likely change the md5s and make the signatures invalid as converting to UTF8 modifies the file by adding a byte order mark at the front of the file. Thanks, Justin 1. http://www.apache.org/legal/release-policy.html#owned-controlled-hardware <http://www.apache.org/legal/release-policy.html#owned-controlled-hardware> 2. http://www.apache.org/legal/release-policy.html#compiled-packages <http://www.apache.org/legal/release-policy.html#compiled-packages> 3. https://github.com/apache/flex-sdk/commits/develop/build <https://github.com/apache/flex-sdk/commits/develop/build> 4. https://github.com/apache/flex-sdk/commit/0d69cbea6cea4f70872b8e40436894bcec400adc#diff-b0da275520918e23dd615e2a747528f1 4. https://cwiki.apache.org/confluence/display/FLEX/The+SDK+Release+Manager's+Guide
