Tison: STOP cross-posting between private and public lists. You have been
advised to stop doing so once, and this is now TWICE. No more.
Regards,
Greg Stein
Infrastructure Administrator, ASF
On Mon, Jul 3, 2023 at 6:01 AM tison wrote:
> Hi Daniel,
>
> Thanks for your information! That can be a
Hi
If we want that jar under asf package on maven central, yes, a new version
is required a vote on dev first, then incubator.
Meanwhile, if we have all mentors(ipmc members as well) voted, we just need
to carry votes to incubator mail list, and another 3 days.
Just one thing, if the jar has depe
Adding the Pekko mentors to the thread if that's ok.
It's not a blocker for us to use a snapshot version of the
Pekko-specific build tool but it would be tidier if we could release a
stable version to Maven Central. If this requires us to release a
source artifact via the full voting procedure the
One of my Pekko colleagues found that this process is documented. I
wasn't aware that this approach has been approved as long as the
security team signs off.
https://infra.apache.org/release-signing.html#automated-release-signing
On Mon, 3 Jul 2023 at 12:04, tison wrote:
>
> Update mailing list.
Update mailing list. Or if I should start a new thread totally?
Best,
tison.
tison 于2023年7月3日周一 19:00写道:
> Hi Daniel,
>
> Thanks for your information! That can be an alternative for the signing
> key.
>
> Right now the blocker I met is 403 from the Nexus server which I suspect
> is the lack of
Hi Daniel,
Thanks for your information! That can be an alternative for the signing key.
Right now the blocker I met is 403 from the Nexus server which I suspect is
the lack of permissions from the Nexus credentials. Could you confirm or
correct it?
Best,
tison.
tison 于2023年7月3日周一 18:58写道:
>
Hi PJ,
Thanks for sharing your thoughts!
For signing key, it's a resolved topic from my perspective. I use -
1. A signing key commented with OPENDAL CODE AUTO SIGNING KEY[1]
2. Load the key from our 1password service, while since it's a specific
key, I feel comfortable to pass it to INFRA member
On 2023-07-03 12:52, PJ Fanning wrote:
Adding the Incubator general list.
My view would be that non-snapshot binary artifacts should be signed
with a personal signing key - ideally the signing key that was used to
release the related source release. Unfortunately, this would mean
adding a user's
Adding the Incubator general list.
My view would be that non-snapshot binary artifacts should be signed
with a personal signing key - ideally the signing key that was used to
release the related source release. Unfortunately, this would mean
adding a user's signing key to the Apache GitHub account
+1 binding
I checked
- GPG sign matched
- Checksum verified
- LICENSE and NOTICE exist
- DISCLIAIMER exists
- Compile from source
Best,
tison.
Xuanwo 于2023年7月3日周一 00:18写道:
> Carry my non-binding vote from the OpenDAL Community:
>
> - [x] Download links are valid.
> - [x] Checksums and signat
10 matches
Mail list logo
