On 20/06/2008, Noah Slater <[EMAIL PROTECTED]> wrote: > On Fri, Jun 20, 2008 at 04:05:47PM +0100, sebb wrote: > > Assuming you are referring to the artefacts at: > > > > http://people.apache.org/~nslater/dist/ > > > Yes, the artifacts are the same as in the original proposal. > > > > 1) there is only a tar.gz archive - it is normal to provide zip > > archives as well. > > > I had missed this fact, providing a zip archive will be no problem. > > > > 2) the md5 and sha hash files have an unusual format; most automatic > > hash checkers expect the hashes without embedded spaces. > > > I took the release signing from the following document: > > http://www.apache.org/dev/release-signing.html > > Which states: > > gpg --print-md MD5 [fileName] > [fileName].md5 > gpg --print-md SHA1 [fileName] > [fileName].sha > > I changed this slightly to: > > gpg --print-md MD5 < [fileName] > [fileName].md5 > gpg --print-md SHA1 < [fileName] > [fileName].sha > > Are either of these the correct method to use? > > Should md5sum and sha1sum be used instead? If this is the case I am guessing > I > should propose a correction of the release signing documentation. > > Are these issues significant enough to block the release?
Lack of zip is signifcant, IMO. Hashes - not critical. You could just use an editor to remove the spaces. Or use gpg --print-md SHA1 < [fileName] | sed -e's/ //g' > [fileName].sha At least the data is all on one line, unlike some I have seen ... > > Thanks, > > -- > Noah Slater, http://people.apache.org/~nslater/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
