You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Kiran Ayyagari <ka...@apache.org> on 2015/08/09 13:54:43 UTC
[VOTE] Release Apache Mavibot 1.0.0-M8
Hello Dev,
This is the eighth release of Apache Mavibot, the MVCC BTree in Java !
This release contains complete support for free page management (reusing
the copied and unused pages)
Please cast your vote !
The revision :
http://svn.apache.org/r1694862
The SVN tag:
https://svn.apache.org/repos/asf/directory/mavibot/tags/1.0.0-M8/
The source and binary distribution packages:
https://people.apache.org/~kayyagari/mavibot-1.0.0-M8/
The staging repository:
https://repository.apache.org/content/repositories/orgapachedirectory-1040/
Please cast your votes:
[ ] +1 Release Mavibot 1.0.0-M8
[ ] 0 abstain
[ ] -1 Do not release Mavibot 1.0.0-M8
--
Kiran Ayyagari
http://keydap.com
Re: [VOTE] Release Apache Mavibot 1.0.0-M8
Posted by Kiran Ayyagari <ka...@apache.org>.
I am closing this vote, it was passed with 4 binding votes.
Stefan
Emmanuel
Shawn
Kiran
I'll publish the artifacts, update the website, and prepare the annoucemail.
thank you all.
On Mon, Aug 10, 2015 at 11:24 PM, Shawn McKinney <sm...@apache.org>
wrote:
> +1
>
> Built from source using Java 8 on ubuntu14.
>
> Next I’ll test with fortress using apacheds/mavibot M8. Will let you know
> how it goes but no reason to hold up the vote.
>
> Shawn
>
> > On Aug 10, 2015, at 1:43 AM, Emmanuel Lécharny <el...@gmail.com>
> wrote:
> >
> > My +1.
> >
> >
> > I do agree that a 4096 keys is better for releases, although the current
> > requirement is "Committers with a DSA key or an RSA key of length *less
> > than* 2048 bits should generate a new key for signing releases" .
> >
> > Kiran's ky is 2048 bits long, whihc is strictly speaking, the bare
> > minimum to cut a release. I suspect this will not hold for ever, it's
> > probably a good move to generate this 4096 bits long key before the next
> > release.
> >
> >
> > Packages and tag checked, signature checked.
> >
> > Note that the sign.sh script is not part of the release, and it's hust a
> > tool that is provided to release managers, for convenience. Also note
> > that the XXX.asc files get signed too, which is unnecessary : tis is a
> > by-product of the release+sign.sh script. I usually remove them before
> > pushing the package son people.a.o...
> >
> > Thanks Kiran !
> >
>
>
--
Kiran Ayyagari
http://keydap.com
Re: [VOTE] Release Apache Mavibot 1.0.0-M8
Posted by Shawn McKinney <sm...@apache.org>.
+1
Built from source using Java 8 on ubuntu14.
Next I’ll test with fortress using apacheds/mavibot M8. Will let you know how it goes but no reason to hold up the vote.
Shawn
> On Aug 10, 2015, at 1:43 AM, Emmanuel Lécharny <el...@gmail.com> wrote:
>
> My +1.
>
>
> I do agree that a 4096 keys is better for releases, although the current
> requirement is "Committers with a DSA key or an RSA key of length *less
> than* 2048 bits should generate a new key for signing releases" .
>
> Kiran's ky is 2048 bits long, whihc is strictly speaking, the bare
> minimum to cut a release. I suspect this will not hold for ever, it's
> probably a good move to generate this 4096 bits long key before the next
> release.
>
>
> Packages and tag checked, signature checked.
>
> Note that the sign.sh script is not part of the release, and it's hust a
> tool that is provided to release managers, for convenience. Also note
> that the XXX.asc files get signed too, which is unnecessary : tis is a
> by-product of the release+sign.sh script. I usually remove them before
> pushing the package son people.a.o...
>
> Thanks Kiran !
>
Re: [VOTE] Release Apache Mavibot 1.0.0-M8
Posted by Emmanuel Lécharny <el...@gmail.com>.
My +1.
I do agree that a 4096 keys is better for releases, although the current
requirement is "Committers with a DSA key or an RSA key of length *less
than* 2048 bits should generate a new key for signing releases" .
Kiran's ky is 2048 bits long, whihc is strictly speaking, the bare
minimum to cut a release. I suspect this will not hold for ever, it's
probably a good move to generate this 4096 bits long key before the next
release.
Packages and tag checked, signature checked.
Note that the sign.sh script is not part of the release, and it's hust a
tool that is provided to release managers, for convenience. Also note
that the XXX.asc files get signed too, which is unnecessary : tis is a
by-product of the release+sign.sh script. I usually remove them before
pushing the package son people.a.o...
Thanks Kiran !
Re: [VOTE] Release Apache Mavibot 1.0.0-M8
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
+1
* Built from source tar.gz
* Verified checksums and signatures
Kind Regards,
Stefan
PS: The API and ApacheDS release process mention a "sign.sh" which
generates signatures and checksums for distribution packages. Please
update the Mavibot release documentation to use that script too.
On 08/09/2015 04:55 PM, Kiran Ayyagari wrote:
> Hi Stefan,
>
> On Sun, Aug 9, 2015 at 9:09 PM, Stefan Seelmann <ma...@stefan-seelmann.de>
> wrote:
>
>> Hi Kiran,
>>
>> The packages are signed with key A591AB7A which is only 2048 bits DSA
>> key. According to [1] minimum strength should be 4096 RSA. I'm not sure
>> if that is a blocker but please consider to use another key for next
>> release.
>>
>> yes, I realized it very late at the time of closing repo in Nexus,
> I will use a different key from the next release.
>
>
>> Please also add your key(s) to our KEYS file [2].
>>
>> just added
>
>> The source and binary packages at
>> https://people.apache.org/~kayyagari/mavibot-1.0.0-M8/ miss the md5 and
>> sha1 checksum, can you please add them? I hope those are automatically
>> generated during the release process?
>>
> they weren't generated automatically, I have just added them manually.
>
> All,
>
> Please let me know if signing with 2048 bit key is not acceptable, I
> will regenerate the packages.
>
> thanks Stefan.
>
>>
>> Kind Regards,
>> Stefan
>>
>> [1] https://www.apache.org/dev/release-signing.html
>> [2] https://dist.apache.org/repos/dist/release/directory/KEYS
>>
>>
>> On 08/09/2015 01:54 PM, Kiran Ayyagari wrote:
>>> Hello Dev,
>>>
>>> This is the eighth release of Apache Mavibot, the MVCC BTree in Java !
>>>
>>> This release contains complete support for free page management (reusing
>>> the copied and unused pages)
>>>
>>> Please cast your vote !
>>>
>>> The revision :
>>>
>>> http://svn.apache.org/r1694862
>>>
>>> The SVN tag:
>>> https://svn.apache.org/repos/asf/directory/mavibot/tags/1.0.0-M8/
>>>
>>> The source and binary distribution packages:
>>> https://people.apache.org/~kayyagari/mavibot-1.0.0-M8/
>>>
>>> The staging repository:
>>>
>> https://repository.apache.org/content/repositories/orgapachedirectory-1040/
>>>
>>> Please cast your votes:
>>> [ ] +1 Release Mavibot 1.0.0-M8
>>> [ ] 0 abstain
>>> [ ] -1 Do not release Mavibot 1.0.0-M8
>>>
>>
>>
>
>
Re: [VOTE] Release Apache Mavibot 1.0.0-M8
Posted by Kiran Ayyagari <ka...@apache.org>.
Hi Stefan,
On Sun, Aug 9, 2015 at 9:09 PM, Stefan Seelmann <ma...@stefan-seelmann.de>
wrote:
> Hi Kiran,
>
> The packages are signed with key A591AB7A which is only 2048 bits DSA
> key. According to [1] minimum strength should be 4096 RSA. I'm not sure
> if that is a blocker but please consider to use another key for next
> release.
>
> yes, I realized it very late at the time of closing repo in Nexus,
I will use a different key from the next release.
> Please also add your key(s) to our KEYS file [2].
>
> just added
> The source and binary packages at
> https://people.apache.org/~kayyagari/mavibot-1.0.0-M8/ miss the md5 and
> sha1 checksum, can you please add them? I hope those are automatically
> generated during the release process?
>
they weren't generated automatically, I have just added them manually.
All,
Please let me know if signing with 2048 bit key is not acceptable, I
will regenerate the packages.
thanks Stefan.
>
> Kind Regards,
> Stefan
>
> [1] https://www.apache.org/dev/release-signing.html
> [2] https://dist.apache.org/repos/dist/release/directory/KEYS
>
>
> On 08/09/2015 01:54 PM, Kiran Ayyagari wrote:
> > Hello Dev,
> >
> > This is the eighth release of Apache Mavibot, the MVCC BTree in Java !
> >
> > This release contains complete support for free page management (reusing
> > the copied and unused pages)
> >
> > Please cast your vote !
> >
> > The revision :
> >
> > http://svn.apache.org/r1694862
> >
> > The SVN tag:
> > https://svn.apache.org/repos/asf/directory/mavibot/tags/1.0.0-M8/
> >
> > The source and binary distribution packages:
> > https://people.apache.org/~kayyagari/mavibot-1.0.0-M8/
> >
> > The staging repository:
> >
> https://repository.apache.org/content/repositories/orgapachedirectory-1040/
> >
> > Please cast your votes:
> > [ ] +1 Release Mavibot 1.0.0-M8
> > [ ] 0 abstain
> > [ ] -1 Do not release Mavibot 1.0.0-M8
> >
>
>
--
Kiran Ayyagari
http://keydap.com
Re: [VOTE] Release Apache Mavibot 1.0.0-M8
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
Hi Kiran,
The packages are signed with key A591AB7A which is only 2048 bits DSA
key. According to [1] minimum strength should be 4096 RSA. I'm not sure
if that is a blocker but please consider to use another key for next
release.
Please also add your key(s) to our KEYS file [2].
The source and binary packages at
https://people.apache.org/~kayyagari/mavibot-1.0.0-M8/ miss the md5 and
sha1 checksum, can you please add them? I hope those are automatically
generated during the release process?
Kind Regards,
Stefan
[1] https://www.apache.org/dev/release-signing.html
[2] https://dist.apache.org/repos/dist/release/directory/KEYS
On 08/09/2015 01:54 PM, Kiran Ayyagari wrote:
> Hello Dev,
>
> This is the eighth release of Apache Mavibot, the MVCC BTree in Java !
>
> This release contains complete support for free page management (reusing
> the copied and unused pages)
>
> Please cast your vote !
>
> The revision :
>
> http://svn.apache.org/r1694862
>
> The SVN tag:
> https://svn.apache.org/repos/asf/directory/mavibot/tags/1.0.0-M8/
>
> The source and binary distribution packages:
> https://people.apache.org/~kayyagari/mavibot-1.0.0-M8/
>
> The staging repository:
> https://repository.apache.org/content/repositories/orgapachedirectory-1040/
>
> Please cast your votes:
> [ ] +1 Release Mavibot 1.0.0-M8
> [ ] 0 abstain
> [ ] -1 Do not release Mavibot 1.0.0-M8
>