Re: PPMC docs query
Hola, I think for a while we used PPMC and (P)PMC interchange-ably. We've more or less standardized on PPMC now, so the docs should probably be updated. Yoav On 1/24/07, Henri Yandell <[EMAIL PROTECTED]> wrote: The PPMC docs ( http://incubator.apache.org/guides/ppmc.html ) currently say: "Only votes cast by (P)PMC members are binding. If the vote is positive, the contributor formally becomes an Apache committer. A (P)PMC member should then follow the documented procedures to complete the process, but please CC both the Incubator PMC and the PPMC when sending the necessary e-mails to root." What does (P)PMC mean? Should it be replaced with PPMC or PMC? Hen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: PPMC docs query
On 1/25/07, Yoav Shapira <[EMAIL PROTECTED]> wrote: Hola, I think for a while we used PPMC and (P)PMC interchange-ably. We've more or less standardized on PPMC now, so the docs should probably be updated. +1 probably needs a little care since some of the older guides use PMC to mean IPMC. i'd like each occurance of a term should link into the roles document. On 1/24/07, Henri Yandell <[EMAIL PROTECTED]> wrote: > The PPMC docs ( http://incubator.apache.org/guides/ppmc.html ) currently say: > > "Only votes cast by (P)PMC members are binding. If the vote is > positive, the contributor formally becomes an Apache committer. A > (P)PMC member should then follow the documented procedures to complete > the process, but please CC both the Incubator PMC and the PPMC when > sending the necessary e-mails to root." > > What does (P)PMC mean? Should it be replaced with PPMC or PMC? i suspect that i was trying to be clever (never a wise move) should be something like 'Either an IPMC or PPMC member should then' etc - robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
Matthias Wessendorf wrote: Hi Thilo, I was also getting me into the signing and since we (the Trinidad podling) use Maven2, I found this useful as well http://maven.apache.org/plugins/maven-gpg-plugin/ -M Thanks, I'll check that out. The documentation is a bit on the short side. Does it generate MD5 and SHA1 checksums as well? Thanks, Thilo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
here it goes http://people.apache.org/repo/m2-incubating-repository/org/apache/myfaces/trinidadbuild/maven-faces-plugin/incubator-m1-SNAPSHOT/ -M On 1/25/07, Thilo Goetz <[EMAIL PROTECTED]> wrote: Matthias Wessendorf wrote: > Hi Thilo, > > I was also getting me into the signing and since we (the Trinidad > podling) use Maven2, I found this useful as well > > http://maven.apache.org/plugins/maven-gpg-plugin/ > > -M Thanks, I'll check that out. The documentation is a bit on the short side. Does it generate MD5 and SHA1 checksums as well? Thanks, Thilo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Matthias Wessendorf http://tinyurl.com/fmywh further stuff: blog: http://jroller.com/page/mwessendorf mail: mwessendorf-at-gmail-dot-com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Write-up on release signing/verification
Hi, I have recently started to familiarize myself with release signing for the upcoming UIMA release. I have documented my experiences on our web site, for developers here: http://incubator.apache.org/uima/distribution.html (section "Signing a distribution") and for users here: http://incubator.apache.org/uima/downloads.html#VerifyDownload I would really appreciate it if someone more knowledgeable than myself could give this a quick read and point out any glaring mistakes. It's really short ;-) While I found good information on release signing on various Apache pages, I did not find corresponding information for users on what to do with the signature files. If anybody knows of such information, could you let me know so I can link to it from our pages. If there isn't, maybe what I wrote (after clean-up ;-) could be used as basis for a more general FAQ. Note that I don't have anything on cross-signing of keys and web of trust yet, I hope to add something on that at a later date. --Thilo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
Matthias Wessendorf wrote: here it goes http://people.apache.org/repo/m2-incubating-repository/org/apache/myfaces/trinidadbuild/maven-faces-plugin/incubator-m1-SNAPSHOT/ Hi Matthias, you certainly have an abundance of signature files there. maven-faces-plugin-incubator-m1-SNAPSHOT.jar.asc.asc.md5 seems a little excessive, surely? Or what am I missing here... --Thilo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
Hola, That's cool, and very considerate of you to take the time to document your process. Thank you. However, I'm not sure that we need to duplicate what's already documented and followed by most ASF projects: http://www.apache.org/dev/#releases and its links. Instead, we should work to update, amend, and extend that set of documents as applicable. Yoav On 1/25/07, Thilo Goetz <[EMAIL PROTECTED]> wrote: Hi, I have recently started to familiarize myself with release signing for the upcoming UIMA release. I have documented my experiences on our web site, for developers here: http://incubator.apache.org/uima/distribution.html (section "Signing a distribution") and for users here: http://incubator.apache.org/uima/downloads.html#VerifyDownload I would really appreciate it if someone more knowledgeable than myself could give this a quick read and point out any glaring mistakes. It's really short ;-) While I found good information on release signing on various Apache pages, I did not find corresponding information for users on what to do with the signature files. If anybody knows of such information, could you let me know so I can link to it from our pages. If there isn't, maybe what I wrote (after clean-up ;-) could be used as basis for a more general FAQ. Note that I don't have anything on cross-signing of keys and web of trust yet, I hope to add something on that at a later date. --Thilo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
Hi Thilo, I was also getting me into the signing and since we (the Trinidad podling) use Maven2, I found this useful as well http://maven.apache.org/plugins/maven-gpg-plugin/ -M On 1/25/07, Thilo Goetz <[EMAIL PROTECTED]> wrote: Hi, I have recently started to familiarize myself with release signing for the upcoming UIMA release. I have documented my experiences on our web site, for developers here: http://incubator.apache.org/uima/distribution.html (section "Signing a distribution") and for users here: http://incubator.apache.org/uima/downloads.html#VerifyDownload I would really appreciate it if someone more knowledgeable than myself could give this a quick read and point out any glaring mistakes. It's really short ;-) While I found good information on release signing on various Apache pages, I did not find corresponding information for users on what to do with the signature files. If anybody knows of such information, could you let me know so I can link to it from our pages. If there isn't, maybe what I wrote (after clean-up ;-) could be used as basis for a more general FAQ. Note that I don't have anything on cross-signing of keys and web of trust yet, I hope to add something on that at a later date. --Thilo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Matthias Wessendorf http://tinyurl.com/fmywh further stuff: blog: http://jroller.com/page/mwessendorf mail: mwessendorf-at-gmail-dot-com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
hello, I was wondering too, but it finally does something for maven-faces-plugin-incubator-m1-SNAPSHOT.jar.asc.md5 that's all I want for now. Perhaps I can exclude some of them in future ;) On 1/25/07, Thilo Goetz <[EMAIL PROTECTED]> wrote: Matthias Wessendorf wrote: > here it goes > > http://people.apache.org/repo/m2-incubating-repository/org/apache/myfaces/trinidadbuild/maven-faces-plugin/incubator-m1-SNAPSHOT/ > Hi Matthias, you certainly have an abundance of signature files there. maven-faces-plugin-incubator-m1-SNAPSHOT.jar.asc.asc.md5 seems a little excessive, surely? Or what am I missing here... --Thilo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Matthias Wessendorf http://tinyurl.com/fmywh further stuff: blog: http://jroller.com/page/mwessendorf mail: mwessendorf-at-gmail-dot-com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
Yoav Shapira wrote: Hola, That's cool, and very considerate of you to take the time to document your process. Thank you. However, I'm not sure that we need to duplicate what's already documented and followed by most ASF projects: http://www.apache.org/dev/#releases and its links. Instead, we should work to update, amend, and extend that set of documents as applicable. Yoav Hi Yoav, so what do you propose? The "signing releases" page does have all the info, but it's not very newbie friendly. The FAQ style is appropriate if you already know your stuff in principle, but want to look up something specific. I was trying to give a bit more of a sequential presentation. If there is a general place where this content should go, I'd be happy to help with that. The other question I had was about the user side of things. Is there a place where this has been described already? I'd be more than happy to just link to existing content, or help create content that describes the user side of things in a general way. --Thilo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
Hola, On 1/25/07, Thilo Goetz <[EMAIL PROTECTED]> wrote: so what do you propose? The "signing releases" page does have all the info, but it's not very newbie friendly. I propose that instead of rewriting a new set of docs from scratch, you (or whoever is interested) submit patches against the current http://www.apache.org/dev/release-signing.html and other related documents, that make the page conform with your vision of what's best, or newbie-friendly, or whatever criteria you wish to use. Just like any feature enhancement on any software product. It doesn't matter to me whether it's FAQ style or normative style or whatever, just that this info is in one central place, not duplicated all over the place. In other words, the DRY principle (http://www.artima.com/intv/dry.html). Yoav - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
On 1/25/07, Thilo Goetz <[EMAIL PROTECTED]> wrote: Matthias Wessendorf wrote: > here it goes > > http://people.apache.org/repo/m2-incubating-repository/org/apache/myfaces/trinidadbuild/maven-faces-plugin/incubator-m1-SNAPSHOT/ > Hi Matthias, you certainly have an abundance of signature files there. maven-faces-plugin-incubator-m1-SNAPSHOT.jar.asc.asc.md5 seems a little excessive, surely? Or what am I missing here... The gpg plugin does its deed by adding the sig to the list of artifacts associated with the (maven) module so it can piggyback on deploys etc., and m2 knows to sum all artifacts it deploys. So while summing sigs or signing sums is more of a disservice, in this case, thats the price of automation. -Rahul --Thilo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
On 1/25/07, Yoav Shapira <[EMAIL PROTECTED]> wrote: Hola, On 1/25/07, Thilo Goetz <[EMAIL PROTECTED]> wrote: > so what do you propose? The "signing releases" page does have all the > info, but it's not very newbie friendly. I propose that instead of rewriting a new set of docs from scratch, you (or whoever is interested) submit patches against the current http://www.apache.org/dev/release-signing.html and other related documents, that make the page conform with your vision of what's best, or newbie-friendly, or whatever criteria you wish to use. Just like any feature enhancement on any software product. It doesn't matter to me whether it's FAQ style or normative style or whatever, just that this info is in one central place, not duplicated all over the place. In other words, the DRY principle (http://www.artima.com/intv/dry.html). +1 - robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
On 1/25/07, Thilo Goetz <[EMAIL PROTECTED]> wrote: Yoav Shapira wrote: > Hola, > That's cool, and very considerate of you to take the time to document > your process. Thank you. > > However, I'm not sure that we need to duplicate what's already > documented and followed by most ASF projects: > http://www.apache.org/dev/#releases and its links. Instead, we should > work to update, amend, and extend that set of documents as applicable. > > Yoav Hi Yoav, so what do you propose? The "signing releases" page does have all the info, but it's not very newbie friendly. The FAQ style is appropriate if you already know your stuff in principle, but want to look up something specific. I was trying to give a bit more of a sequential presentation. the problem i've always had with coming up with a sequential presentation is that i think that reading all the FAQs is the minimum learning required to create signatures safely. i tried to structure them as a non-linear tutorial (though i probably didn't succeed). i'm not sure it's wise to give a recipe for release managers to follow when they really need to spend some time reading. but many people think i've gone too far so please submit a patch The other question I had was about the user side of things. Is there a place where this has been described already? I'd be more than happy to just link to existing content, or help create content that describes the user side of things in a general way. please go ahead and create a patch :-) i worry about making inaccurate statements or misleading simplifications. the mechanical stuff is easy, the interpretation less so. for most users, signatures are no better than checksums but checksums are easier to understand. those users with a good understanding of cryptography wouldn't need any help. but again, i may well be over cautious - robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write-up on release signing/verification
On Jan 25, 2007, at 8:07 PM, robert burrell donkin wrote: On 1/25/07, Thilo Goetz <[EMAIL PROTECTED]> wrote: so what do you propose? please go ahead and create a patch :-) yay! We always need more (capable!) people to maintain these docs :) The apache website is maintained in xdoc form using anakia (much like the incubator site), at http://svn.apache.org/repos/asf/infrastructure/site/trunk patches should go into jira. See http://www.apache.org/dev/infra-site.html for more details. cheers! /LSD - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Board response to January Incubator PMC Report
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Incubator PMC, On behalf of the Board, I want to thank you for the latest status report. There was one part of the report we would like to follow-up on: The report on Heraldry mentions a "single large block checkin", "almost no activity" on the dev list, and license problems not being responded to "despite requests from the mentors". The Board requests that the Incubator PMC describe what action it plans to take about this situation in next month's report. Thank you, Cliff - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFuSlKy6dGskFZ6tsRAocZAKCfgV6Uu+4nvPox/H2tPKhhxIVfgwCfTwYY aIo4DiTXeg3EVhWAhuZDxRU= =qdaB - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFuSl9y6dGskFZ6tsRAm7wAJ9y/87YotQRj77N3WnBScnMSYzJ6gCgmflq LOFnvjPg3OvizHMXkA/FYZ4= =h+DV -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: PPMC docs query
On 1/25/07, robert burrell donkin <[EMAIL PROTECTED]> wrote: On 1/25/07, Yoav Shapira <[EMAIL PROTECTED]> wrote: > Hola, > I think for a while we used PPMC and (P)PMC interchange-ably. We've > more or less standardized on PPMC now, so the docs should probably be > updated. +1 probably needs a little care since some of the older guides use PMC to mean IPMC. i'd like each occurance of a term should link into the roles document. > On 1/24/07, Henri Yandell <[EMAIL PROTECTED]> wrote: > > The PPMC docs ( http://incubator.apache.org/guides/ppmc.html ) currently say: > > > > "Only votes cast by (P)PMC members are binding. If the vote is > > positive, the contributor formally becomes an Apache committer. A > > (P)PMC member should then follow the documented procedures to complete > > the process, but please CC both the Incubator PMC and the PPMC when > > sending the necessary e-mails to root." > > > > What does (P)PMC mean? Should it be replaced with PPMC or PMC? i suspect that i was trying to be clever (never a wise move) should be something like 'Either an IPMC or PPMC member should then' etc So to confirm I have this right... A PPMC can vote to add a new ASF committer. They don't need a binding IPMC vote (ie: no mentors, no [EMAIL PROTECTED] people). ? Hen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
