Re: [NEW TARBALLS] Re: 1.6.8 up for signing / testing

From: Hyrum K. Wright <hyrum_wright_at_mail.utexas.edu>
Date: Thu, 14 Jan 2010 11:33:25 -0600

On Jan 14, 2010, at 6:33 AM, Mark Phippard wrote:

> On Wed, Jan 13, 2010 at 11:19 AM, Hyrum K. Wright
> <hyrum_wright_at_mail.utexas.edu> wrote:
>
>> Given this feedback, and the fact that it's a patch release with supposed minimal changes between releases, I agree we should
>> step back to Neon 0.28.3. I've rerolled the tarballs and replaced them at the download site with the new deps tarballs.
>
> I just read this more closely and fear I have led you astray. I only
> used Neon 0.28.3 because that happened to be the version I had sitting
> in an old working copy (I had just deleted all of the old deps zip
> files before starting the tests). However, there have been security
> fixes in Neon since that release, so we should include the latest
> version - 0.28.7 (or 0.29.3). I suspect that is the version we would
> have included with 1.6.6, but maybe not.

Turns out I updated the script, but didn't bother to re-run it. Gah.

> Can't we just copy/rename the 1.6.6 deps tarballs?

I don't see a problem with this. We can even borrow the signatures from those files, yes?

> Are we (thankfully in my opinion) going to drop the deps tarballs when
> we start releasing at ASF?

I don't know the party line on this, but I certainly hope it is the case.

-Hyrum
Received on 2010-01-14 18:34:05 CET

This message: [ Message body ]
Next message: Mark Phippard: "Re: Subversion in 2010"
Previous message: C. Michael Pilato: "Re: [PATCH] Fix #3544 - svn update does not restore excluded files"
In reply to: Mark Phippard: "Re: [NEW TARBALLS] Re: 1.6.8 up for signing / testing"
Next in thread: Branko Čibej: "Re: [NEW TARBALLS] Re: 1.6.8 up for signing / testing"
Reply: Branko Čibej: "Re: [NEW TARBALLS] Re: 1.6.8 up for signing / testing"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]