Hi all, I'm trying to figure out where this extra DEPENDENCIES file is coming from in the root of my source-release tarball using the latest ASF parent POM (org.apache:apache:pom:17) during a release.
This file seems to fail the apache-rat check, and makes the -source-release.tar.gz fail to match the SHA-1 git commit. Our project (Apache Accumulo) used to override the maven-assembly-plugin execution in the apache-release profile and build at the "validate" phase of the build lifecyle, but now we're deferring to the parent POM, which executes this assembly at the "package" phase. Some plugin appears to be modifying the source directory by adding this DEPENDENCIES file (which is empty, except for its header, because the root of our project doesn't have any dependencies) before the "package" phase, but I'm not sure which one. Has anybody seen this? Perhaps in another ASF project which depends on the ASF parent POM? -- Christopher L Tubbs II http://gravatar.com/ctubbsii --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
