On Mar 15, 2007, at 3:49 PM, robert burrell donkin wrote:
> On 3/13/07, Jeremy Boynes <jboynes@apache.org> wrote:
>> The Tuscany community recently voted to release version 1.0-
>> incubating of our implementation of the API classes for the OSOA
>> specification V1.0:
>> http://mail-archives.apache.org/mod_mbox/ws-tuscany-dev/200703.mbox/%
>> 3c2BAE6905-FBDA-4788-A01D-E135733A0D1B@apache.org%3e
>>
>> The source archives and RAT reports can be found at:
>> http://people.apache.org/~jboynes/sca-api-r1.0-1.0-incubating
>> and the binary in the Maven repo at:
>> http://people.apache.org/repo/m2-incubating-repository/org/osoa/
>> sca-api-r1.0/1.0-incubating
>
> ok except for the signature issue
>
> major issues
> ==========
>
> gpg --verify sca-api-r1.0-1.0-incubating.jar.asc sca-api-r1.0-1.0-
> incubating.jar
> gpg: Signature made Sun Mar 4 01:53:25 2007 GMT using DSA key ID
> 11007026
> gpg: BAD signature from "Jeremy Boynes <jeremy@boynes.com>"
>
> MD5 sums look right
There appears to be a bug in the gpg plugin for mvn. When I did this
release I used gpg:sign as a goal on the command line and that
consistently generates invalid keys for all except the last artifact
(in this case the JavaDoc) even in the local repo. When I did the
kernel modules I added a profile to the build which includes gpg:sign
and for those all artifacts seem to have valid signatures.
Rather than resign the deployed artifacts (just in case there is
something squiffy going on), I'll pull them down, add a profile to
the pom and then redeploy them.
--
Jeremy
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
|