You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ratis.apache.org by William Song <sz...@163.com> on 2023/03/15 12:55:22 UTC
[VOTE] Apache Ratis Thirdparty Release 1.0.4 rc0
Hi Apache Ratis Community,
I’m calling a vote for Apache Ratis Thirdparty Release 1.0.4 rc0.
The git tag to be voted upon:
https://github.com/apache/ratis-thirdparty/tree/1.0.4-rc0
The git commit hash:
eba95d9019473b825dfd555031e2a38c67efb266
Source tarball can be found at:
https://dist.apache.org/repos/dist/dev/ratis/thirdparty/1.0.4/rc0
The fingerprint of PGP key release artifacts are signed with:
DCE2 C33D 41C6 2578 969D BAFE 37D6 ECF8 4E78 BC92
My public key to verify signatures can be found in:
https://dist.apache.org/repos/dist/dev/ratis/KEYS
Maven artifacts are staged at:
https://repository.apache.org/content/repositories/orgapacheratis-1135
This vote will remain open for at lease 72 hours.
Please vote on releasing this ratis-thirdparty 1.0.4-rc0. Thank you in advance.
[ ] +1 approve
[ ] 0 no opinion
[ ] -1 disapprove (and reason why)
Starting with my +1(binding)
* Verified checksum, signature, git hash
* Compared tarball to repo at the given tag
* Built from source
* Built Ratis locally with 1.3.0-rc0 after updating component versions [1]
* Ran regular Ratis CI using the staged third-party jars [2]
Thanks,
-William
[1] https://github.com/SzyWilliam/ratis/commit/a0be4e888143f406ad04eed9d88c6d0c85ed1ed5
[2] https://github.com/SzyWilliam/ratis/actions/runs/4425429620
Re: [VOTE] Apache Ratis Thirdparty Release 1.0.4 rc0
Posted by William Song <sz...@163.com>.
Hi Attila,
Sorry that I used a wrong key to sign the artifacts. I’ll close this vote and start a new one.
Thanks very much for pointing out!
William
> 2023年3月16日 02:29,Attila Doroszlai <ad...@apache.org> 写道:
>
> Hi William,
>
> Thanks for working on the RC.
>
>> The fingerprint of PGP key release artifacts are signed with:
>> DCE2 C33D 41C6 2578 969D BAFE 37D6 ECF8 4E78 BC92
>>
>> My public key to verify signatures can be found in:
>> https://dist.apache.org/repos/dist/dev/ratis/KEYS
>
> I have imported your key from KEYS:
>
> $ curl -LO https://dist.apache.org/repos/dist/dev/ratis/KEYS
> $ gpg --import KEYS
> ...
> gpg: key 37D6ECF84E78BC92: public key "William Song (For Apache
> Project Release) <wi...@apache.org>" imported
> gpg: Total number processed: 11
> gpg: imported: 1
> gpg: unchanged: 10
>
> But am unable to verify the signature of the tarball:
>
> $ gpg --verify ratis-thirdparty-1.0.4-src.tar.gz.asc
> ratis-thirdparty-1.0.4-src.tar.gz
> gpg: Signature made Wed 15 Mar 2023 11:13:20 AM CET
> gpg: using EDDSA key 8F534410776FEDBE953CA795B5306339B3621069
> gpg: Can't check signature: No public key
>
> Am I missing something?
>
> -Attila
Re: [VOTE] Apache Ratis Thirdparty Release 1.0.4 rc0
Posted by Attila Doroszlai <ad...@apache.org>.
Hi William,
Thanks for working on the RC.
> The fingerprint of PGP key release artifacts are signed with:
> DCE2 C33D 41C6 2578 969D BAFE 37D6 ECF8 4E78 BC92
>
> My public key to verify signatures can be found in:
> https://dist.apache.org/repos/dist/dev/ratis/KEYS
I have imported your key from KEYS:
$ curl -LO https://dist.apache.org/repos/dist/dev/ratis/KEYS
$ gpg --import KEYS
...
gpg: key 37D6ECF84E78BC92: public key "William Song (For Apache
Project Release) <wi...@apache.org>" imported
gpg: Total number processed: 11
gpg: imported: 1
gpg: unchanged: 10
But am unable to verify the signature of the tarball:
$ gpg --verify ratis-thirdparty-1.0.4-src.tar.gz.asc
ratis-thirdparty-1.0.4-src.tar.gz
gpg: Signature made Wed 15 Mar 2023 11:13:20 AM CET
gpg: using EDDSA key 8F534410776FEDBE953CA795B5306339B3621069
gpg: Can't check signature: No public key
Am I missing something?
-Attila