-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/08/14 11:31, Thierry Carrez wrote:
Ihar Hrachyshka wrote:
On 08/08/14 17:57, Chuck Short wrote:
An issue was discovered with Keystone 2014.1.2 stable release tarball shortly after it was uploaded on the release page at: https://launchpad.net/keystone/icehouse/2014.1.2
A new tarball corresponding to 2014.1.2 code was generated and uploaded: md5sum: c8a85fc2ac76679eb1b674e0c2c65e36 keystone-2014.1.2.tar.gz sha1sum: c1d481d8b330e50da5ace19c23e5909c04fa1cba keystone-2014.1.2.tar.gz
Please double-check that you got the right one.
I wonder whether it's better to handle those kind of issues with releasing another minor release like 2014.1.2.1 for that specific package. Modifying tarballs in place sounds similar to e.g. amending git commit in place instead of fixing an issue in consequent patches.
I agree. Alan and I made a judgment call based on the number of downloads, the time the tarball was up, and the fact that only Keystone was affected... but I think we made the wrong choice. The delete/recreate tag created more pain, made us think we fixed it while we didn't, and screwed a number of git checkouts.
Lesson learned: in such cases in the future, just tag a point point release (which is what we ended up doing to fix the mess anyway).
Thanks for info. Have we noted anywhere the fact that downstream should use 'unexpected' tag? I don't see anything at [1]. [1]: https://wiki.openstack.org/wiki/ReleaseNotes/2014.1.2#OpenStack_Identity_.28... /Ihar -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJT6JVOAAoJEC5aWaUY1u57fD0H/RUOs6gICAqHbGOO+h/OTc5N AJ+maQn7ekCLTLD1qXSJ6GLl1gJIWViUIIg/k3/WVakgsGg4KZr8GlSWSzZVnO9m 3pjogaOzFkIj9YlCqjPQCP1JA0JuxkyPc6YvgSau/99s1oxQhqymc8yzClh316W3 FTcU5ub0o1W/DkeGG/fGafYn0j5Pp7MRsc+bhsOJtcFiStgLP5hIf9YD1GPuzMo5 /neSrIgyeduf705RVnVb4P9WkI5HwufuDxao0lqRQlgsolk6ljKiYwzIH8ol7RVD 4RPdEm4eGcFUamYjLszwHNfNgKHzP22FetAZDZZG5v94AcdwoZxfXuHOQti2K0M= =MhsR -----END PGP SIGNATURE-----