+1 for doing a release.
My Bintray account :
rdebusscher_at_gmail.com
Regards
Rudy
On 19 May 2016 at 19:15, Werner Keil <werner.keil_at_gmail.com> wrote:
> Ok sent you an invite.
>
> Werner Keil | JCP Executive Committee Member, JSR 363 Co Spec Lead |
> Eclipse UOMo Lead, Babel Language Champion | Apache Committer
>
> Twitter @wernerkeil | @UnitAPI | @JSR354 | @AgoravaProj | @DeviceMap
> | #DevOps | #EclipseUOMo
> Skype werner.keil | Google+ gplus.to/wernerkeil
>
>
>
> On Thu, May 19, 2016 at 7:08 PM, Ivar Grimstad <ivar.grimstad_at_gmail.com>
> wrote:
>
>> Hi Werner,
>>
>> My bintray account is ivargrimstad or ivar.grimstad_at_gmail.com
>>
>> Ivar
>>
>> On Thu, May 19, 2016 at 4:32 PM Werner Keil <werner.keil_at_gmail.com>
>> wrote:
>>
>>> I don't believe so. Anatole self-signed the javax.money artifacts and so
>>> did I (with a dedicated "uom" account but by myself) for javax.measure, so
>>> nothing has to be signed by Oracle even if it may be the Spec Lead.
>>> What Sonatype mandates is that every artifact (JAR, POM) has a .asc
>>> file, the others automatically generated by Maven if enabled also can't
>>> hurt.
>>> And with the account you intend to use, you need to ask for approval in
>>> its JIRA system to deploy into a particular groupID, but if you are EG
>>> member that should work. I never heard Sonatype to ask e.g. to enter the
>>> signing key into a "chain of trust" like you see at Apache.
>>>
>>> Kind Regards,
>>> Werner
>>>
>>>
>>> On Thu, May 19, 2016 at 4:27 PM, arjan tijms <arjan.tijms_at_gmail.com>
>>> wrote:
>>>
>>>> If we can just add the javax.security and org.glassfish.soteria group
>>>> ID to bintray/jfrog, then sure.
>>>>
>>>> Signing itself is not such an issue, but will just any signature be
>>>> accepted for the sync to Maven central, or does it really check it's a
>>>> registered signature from Oracle?
>>>>
>>>> I think MVC/Ozark just started using TravisCI, so for consistency we
>>>> might want to stick with that then.
>>>>
>>>> Kind regards,
>>>> Arjan Tijms
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, May 19, 2016 at 4:22 PM, Werner Keil <werner.keil_at_gmail.com>
>>>> wrote:
>>>>
>>>>> Having these kinds of repos we could also automatically push the
>>>>> snapshots to JFrog from a CI server.
>>>>> Either TravisCI or CircleCI (just got ~18 Mio. $ VC funding, so they
>>>>> hopefully won't go away that soon;-) look good for that.
>>>>>
>>>>> Werner
>>>>>
>>>>>
>>>>> On Thu, May 19, 2016 at 4:20 PM, Werner Keil <werner.keil_at_gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Anybody is welcome in the Bintray community. Being there allows you
>>>>>> to publish to bintray.com and JCenter. Maybe fewer (because you need
>>>>>> to sign the artifacts etc.) could then also sync important builds to
>>>>>> MavenCentral, but it may even be a first important step to have SNAPSHOTs
>>>>>> on https://oss.jfrog.org/artifactory/oss-snapshot-local/javax/
>>>>>> ("security" not there yet)
>>>>>>
>>>>>> Werner
>>>>>>
>>>>>>
>>>>>> On Thu, May 19, 2016 at 4:16 PM, arjan tijms <arjan.tijms_at_gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> On Thu, May 19, 2016 at 4:14 PM, Werner Keil <werner.keil_at_gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Btw, I noticed when referring to the JSR 375 Twitter accont, it's
>>>>>>>> not overly busy nor does it have many followers. Who maintains it or
>>>>>>>> created it?
>>>>>>>>
>>>>>>>
>>>>>>> It's not me, wasn't it Rudy?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, May 19, 2016 at 4:11 PM, Werner Keil <werner.keil_at_gmail.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>> You may need to proof and point to being an EG member, either to
>>>>>>>>> jcp.org (the "source of truth" on that) or if they want the
>>>>>>>>> GitHub organization. That should be enough. Even in JSRs with a "less busy"
>>>>>>>>> Spec Lead than most of the EE ones right now, it is perfectly fine to have
>>>>>>>>> other committers and EG members help with that.
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Werner
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, May 19, 2016 at 4:08 PM, arjan tijms <
>>>>>>>>> arjan.tijms_at_gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> On Thu, May 19, 2016 at 3:53 PM, Werner Keil <
>>>>>>>>>> werner.keil_at_gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Bintray not only hosts a large Maven repo (Jcenter) it can
>>>>>>>>>>> (there you need another account, but should not need to be Spec Lead only,
>>>>>>>>>>> members of the EG usually qualify) sync with MavenCentral.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I wonder, does it accept artifacts for the javax.* group IDs?
>>>>>>>>>> Would you not somehow need to prove you are indeed associated with javax.*
>>>>>>>>>> and have the authorization to publish?
>>>>>>>>>>
>>>>>>>>>> Without that I guess everyone would be able to claim say
>>>>>>>>>> javax.foo, and sync that to Maven central, blocking or severely confusing
>>>>>>>>>> the integrity of that (parent) group ID?
>>>>>>>>>>
>>>>>>>>>> Kind regards,
>>>>>>>>>> Arjan Tijms
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Doing that with JSR 363 on a regular basis and other JSRs like
>>>>>>>>>>> 354 though it's mostly done by Anatole (because he set up automatic signing
>>>>>>>>>>> for MavenCentral)
>>>>>>>>>>>
>>>>>>>>>>> BinTray/JCenter require all projects to have source-jars, if
>>>>>>>>>>> synchronized with MavenCentral one should also sign the JARs and everything
>>>>>>>>>>> else as .asc.
>>>>>>>>>>>
>>>>>>>>>>> Beside that Bintray also hosts all sorts of other artifacts,
>>>>>>>>>>> Vagrant or Docker containers just to name a few, might come handy to some
>>>>>>>>>>> JSRs e.g. for ready to use demos or distributions of Soteria on preferred
>>>>>>>>>>> app servers;-D
>>>>>>>>>>>
>>>>>>>>>>> Cheers,
>>>>>>>>>>>
>>>>>>>>>>> Werner
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, May 19, 2016 at 2:45 PM, arjan tijms <
>>>>>>>>>>> arjan.tijms_at_gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>> Soteria and JSR 375 has been in development for quite some time
>>>>>>>>>>>> at 1.0-m01-SNAPSHOT.
>>>>>>>>>>>>
>>>>>>>>>>>> Although we didn't set specific goals for each milestone, it
>>>>>>>>>>>> may be a good idea to release what we have now as 1.0-m01 and set the next
>>>>>>>>>>>> version to 1.0-m02-SNAPSHOT.
>>>>>>>>>>>>
>>>>>>>>>>>> While updating the pom files is mostly trivial, it would make
>>>>>>>>>>>> sense to actually have version 1.0-m01 available in Maven central. This
>>>>>>>>>>>> will make it much easier for people to experiment with this milestone and
>>>>>>>>>>>> provide us with feedback.
>>>>>>>>>>>>
>>>>>>>>>>>> For this deployment we need someone from Oracle, as they own
>>>>>>>>>>>> the group IDs that we use.
>>>>>>>>>>>>
>>>>>>>>>>>> So:
>>>>>>>>>>>>
>>>>>>>>>>>> 1. What does everyone think about releasing a 1.0-m01?
>>>>>>>>>>>> 2. Alex, or Will, can either of you do the deployment to Maven
>>>>>>>>>>>> central?
>>>>>>>>>>>>
>>>>>>>>>>>> Kind regards,
>>>>>>>>>>>> Arjan Tijms
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>