commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Porter <>
Subject Re: [all] Nightlies are back...mostly
Date Fri, 07 Jul 2006 03:24:45 GMT
On 7/07/2006 2:27 AM, Phil Steitz wrote:
> 2) Need to decide whether we want dated snaps or just overwriting.  If
> the latter, we would need a way to purge old stuff (like the crontab
> that runs on Minotaur that purges out the old nightly distros).

I generally prefer dated (just in case something is broken with today's, 
you can try yesterdays). However, it does give you the obligation to 
clean up afterwards (not necessarily a bad thing).

Neither work in Maven 2 if you are downloading from a Maven 1 repo at 
the moment (dated because there was never any facility for that, 
SNAPSHOT because of the bug Jorg mentioned).

> 3) Ensure that the deploy target hosts are set correctly in all of the
> POMs - maybe modify the script to check to avoid accidental
> deployments to java-repository.

+1, and also check that currentVersion endsWith -SNAPSHOT.

> 4) Someone needs to remind me (or just patch the script) of the
> correct maven 1 target to execute. (jar:snapshot-deploy or somesuch).

With the current plugins installed, jar:deploy will do a dated snapshot 
by default I think, based on the end of the version.

> 5) I either need to get over reservations about signing myself, or be
> OK with no sigs.  Is it OK to deploy unsigned stuff to the snapshot
> repo?   The same actually applies to the zips, tars being generated by
> the script now.

As Craig said, no need to sign them.

It's a false sense of security when they aren't any more secure (anyone 
that can compromise the machine can compromise the key being used to 
sign them if it is automated).

- Brett

Apache Maven -
Better Builds with Maven -

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message