Hey Sean, The release script generates hashes in two places (take a look a bit further down in the script), one for the published artifacts and the other for the binaries. In the case of the binaries we use SHA512 because, AFAIK, the ASF does not require you to use SHA1 and SHA512 is better. In the case of the published Maven artifacts we use SHA1 because my understanding is this is what Maven requires. However, it does appear that the format is now one that maven cannot parse.
Anyways, it seems fine to just change the format of the hash per your PR. - Patrick On Tue, Jan 27, 2015 at 5:00 AM, Sean Owen <so...@cloudera.com> wrote: > I think there are several signing / hash issues that should be fixed > before this release. > > Hashes: > > http://issues.apache.org/jira/browse/SPARK-5308 > https://github.com/apache/spark/pull/4161 > > The hashes here are correct, but have two issues: > > As noted in the JIRA, the format of the hash file is "nonstandard" -- > at least, doesn't match what Maven outputs, and apparently which tools > like Leiningen expect, which is just the hash with no file name or > spaces. There are two ways to fix that: different command-line tools > (see PR), or, just ask Maven to generate these hashes (a different, > easy PR). > > However, is the script I modified above used to generate these hashes? > It's generating SHA1 sums, but the output in this release candidate > has (correct) SHA512 sums. > > This may be more than a nuisance, since last time for some reason > Maven Central did not register the project hashes. > > http://search.maven.org/#artifactdetails%7Corg.apache.spark%7Cspark-core_2.10%7C1.2.0%7Cjar > does not show them but they exist: > http://www.us.apache.org/dist/spark/spark-1.2.0/ > > It may add up to a problem worth rooting out before this release. > > > Signing: > > As noted in https://issues.apache.org/jira/browse/SPARK-5299 there are > two signing keys in > https://people.apache.org/keys/committer/pwendell.asc (9E4FE3AF, > 00799F7E) but only one is in http://www.apache.org/dist/spark/KEYS > > However, these artifacts seem to be signed by FC8ED089 which isn't in either. > > Details details, but I'd say non-binding -1 at the moment. > > > On Tue, Jan 27, 2015 at 7:02 AM, Patrick Wendell <pwend...@gmail.com> wrote: >> Please vote on releasing the following candidate as Apache Spark version >> 1.2.1! >> >> The tag to be voted on is v1.2.1-rc1 (commit 3e2d7d3): >> https://git-wip-us.apache.org/repos/asf?p=spark.git;a=commit;h=3e2d7d310b76c293b9ac787f204e6880f508f6ec >> >> The release files, including signatures, digests, etc. can be found at: >> http://people.apache.org/~pwendell/spark-1.2.1-rc1/ >> >> Release artifacts are signed with the following key: >> https://people.apache.org/keys/committer/pwendell.asc >> >> The staging repository for this release can be found at: >> https://repository.apache.org/content/repositories/orgapachespark-1061/ >> >> The documentation corresponding to this release can be found at: >> http://people.apache.org/~pwendell/spark-1.2.1-rc1-docs/ >> >> Please vote on releasing this package as Apache Spark 1.2.1! >> >> The vote is open until Friday, January 30, at 07:00 UTC and passes >> if a majority of at least 3 +1 PMC votes are cast. >> >> [ ] +1 Release this package as Apache Spark 1.2.1 >> [ ] -1 Do not release this package because ... >> >> For a list of fixes in this release, see http://s.apache.org/Mpn. >> >> To learn more about Apache Spark, please see >> http://spark.apache.org/ >> >> - Patrick >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@spark.apache.org >> For additional commands, e-mail: dev-h...@spark.apache.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@spark.apache.org For additional commands, e-mail: dev-h...@spark.apache.org
