You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@river.apache.org by Peter Firmstone <ji...@zeus.net.au> on 2010/01/05 00:33:46 UTC
Apache River release 2.2.0 Vote
To Release Apache River 2.2.0, I need to create two zip files:
Apache-River-2.2.0-incubating-src.zip
Apache-River-2.2.0-incubating-bin.zip
But prior to doing so we need to vote for the release.
Following the vote, I'll create a new KEYS file to replace the existing
contained within the trunk directory, then committers can add their keys
to the file by:
$gpg --list-sigs Your Name >> KEYS
$gpg --armor --export Your Name >> KEYS
Please make sure your existing KEYS are at least 2056bit RSA, before
adding to the KEYS file.
If you need to generate a new key, please generate a new 4096 RSA key
and sign it with your old key, to maintain your ring of trust. See
http://www.apache.org/dev/release-signing.html#keys-policy for details.
Make sure to upload your new public key to the following public key servers:
$gpg --keyserver subkeys.pgp.net --send-keys KeyID
$gpg --keyserver pgp.mit.edu --send-keys KeyID
You can locate your key id with the following command:
$gpg --list-keys
Look for the KeyID in the output:
pub 4096R/KeyID Date
Is there a directory I can upload the signed release and checksums
before placing them on www.apache.org/dist/incubator/river for checking?
Best Regards,
Peter Firmstone.
Re: Apache River release 2.2.0 Vote - Update ASCII Signatures in
KEYS
Posted by Peter Firmstone <ji...@zeus.net.au>.
That Key needs to be 2048 bit or greater.
Peter Firmstone wrote:
> No Worries, will upload the final artifacts after the KEYS file has
> bee updated.
>
> We can vote then.
>
> In the mean time, I've just replaced the KEYS file, please add your
> signatures.
>
> Note the key strength for existing keys must be 2056 bit or greater,
> you may need to generate new key signatures, see my earlier email for
> details.
>
> Best Regards,
>
> Peter Firmstone.
>
>
>
> Niclas Hedhman wrote:
>> On Tue, Jan 5, 2010 at 7:33 AM, Peter Firmstone <ji...@zeus.net.au>
>> wrote:
>>
>>> To Release Apache River 2.2.0, I need to create two zip files:
>>>
>>> Apache-River-2.2.0-incubating-src.zip
>>> Apache-River-2.2.0-incubating-bin.zip
>>>
>>> But prior to doing so we need to vote for the release.
>>>
>>
>> To be a PITA; PMC vote on the "final artifact" that is to be placed on
>> Apache distribution, and not any Subversion content. This is done to
>> ensure consistency between the vote and the distributed artifact.
>>
>> So, I think what you are asking from the community is "[DISCUSS]
>> Release 2.2 ???" where actions needed from the PMC can be discussed
>> and acted upon, as you nicely tell everyone.
>>
>> Then you proceed as Craig said with cutting the artifacts and
>> uploading them together with Signatures (.ASC), checksums (.MD5, .SHA)
>> and RAT report (RAT is a tool to audit a release,
>> http://incubator.apache.org/rat/) and then call for "[VOTE] Release
>> 2.2", since you are still in Incubator, the vote happens here first
>> (with a notification to general@i.a.o) and then if it passes here, a
>> formality vote by the Incubator PMC (general@i.a.o) to make it
>> official.
>>
>>
>>> Is there a directory I can upload the signed release and checksums
>>> before
>>> placing them on www.apache.org/dist/incubator/river for checking?
>>>
>>
>> Yes, as Craig mentioned (perhaps less than obvious); when you log in
>> to people.apache.org you land in your home directory. In there, create
>> a directory named "public_html" and change the access flags (chmod +x
>> . && chmod +rx public_html) and it will be accessible by the public
>> from http://people.apache.org/~yourApacheId/
>>
>> As I said above, you need to cut and publish this to the PPMC/PMC
>> prior to the vote.
>>
>>
>> Cheers
>>
>
>
Re: Apache River release 2.2.0 Vote - Update ASCII Signatures in
KEYS
Posted by Peter Firmstone <ji...@zeus.net.au>.
No Worries, will upload the final artifacts after the KEYS file has bee
updated.
We can vote then.
In the mean time, I've just replaced the KEYS file, please add your
signatures.
Note the key strength for existing keys must be 2056 bit or greater, you
may need to generate new key signatures, see my earlier email for details.
Best Regards,
Peter Firmstone.
Niclas Hedhman wrote:
> On Tue, Jan 5, 2010 at 7:33 AM, Peter Firmstone <ji...@zeus.net.au> wrote:
>
>> To Release Apache River 2.2.0, I need to create two zip files:
>>
>> Apache-River-2.2.0-incubating-src.zip
>> Apache-River-2.2.0-incubating-bin.zip
>>
>> But prior to doing so we need to vote for the release.
>>
>
> To be a PITA; PMC vote on the "final artifact" that is to be placed on
> Apache distribution, and not any Subversion content. This is done to
> ensure consistency between the vote and the distributed artifact.
>
> So, I think what you are asking from the community is "[DISCUSS]
> Release 2.2 ???" where actions needed from the PMC can be discussed
> and acted upon, as you nicely tell everyone.
>
> Then you proceed as Craig said with cutting the artifacts and
> uploading them together with Signatures (.ASC), checksums (.MD5, .SHA)
> and RAT report (RAT is a tool to audit a release,
> http://incubator.apache.org/rat/) and then call for "[VOTE] Release
> 2.2", since you are still in Incubator, the vote happens here first
> (with a notification to general@i.a.o) and then if it passes here, a
> formality vote by the Incubator PMC (general@i.a.o) to make it
> official.
>
>
>> Is there a directory I can upload the signed release and checksums before
>> placing them on www.apache.org/dist/incubator/river for checking?
>>
>
> Yes, as Craig mentioned (perhaps less than obvious); when you log in
> to people.apache.org you land in your home directory. In there, create
> a directory named "public_html" and change the access flags (chmod +x
> . && chmod +rx public_html) and it will be accessible by the public
> from http://people.apache.org/~yourApacheId/
>
> As I said above, you need to cut and publish this to the PPMC/PMC
> prior to the vote.
>
>
> Cheers
>
Re: Apache River release 2.2.0 Vote
Posted by Niclas Hedhman <ni...@hedhman.org>.
On Tue, Jan 5, 2010 at 7:33 AM, Peter Firmstone <ji...@zeus.net.au> wrote:
> To Release Apache River 2.2.0, I need to create two zip files:
>
> Apache-River-2.2.0-incubating-src.zip
> Apache-River-2.2.0-incubating-bin.zip
>
> But prior to doing so we need to vote for the release.
To be a PITA; PMC vote on the "final artifact" that is to be placed on
Apache distribution, and not any Subversion content. This is done to
ensure consistency between the vote and the distributed artifact.
So, I think what you are asking from the community is "[DISCUSS]
Release 2.2 ???" where actions needed from the PMC can be discussed
and acted upon, as you nicely tell everyone.
Then you proceed as Craig said with cutting the artifacts and
uploading them together with Signatures (.ASC), checksums (.MD5, .SHA)
and RAT report (RAT is a tool to audit a release,
http://incubator.apache.org/rat/) and then call for "[VOTE] Release
2.2", since you are still in Incubator, the vote happens here first
(with a notification to general@i.a.o) and then if it passes here, a
formality vote by the Incubator PMC (general@i.a.o) to make it
official.
> Is there a directory I can upload the signed release and checksums before
> placing them on www.apache.org/dist/incubator/river for checking?
Yes, as Craig mentioned (perhaps less than obvious); when you log in
to people.apache.org you land in your home directory. In there, create
a directory named "public_html" and change the access flags (chmod +x
. && chmod +rx public_html) and it will be accessible by the public
from http://people.apache.org/~yourApacheId/
As I said above, you need to cut and publish this to the PPMC/PMC
prior to the vote.
Cheers
--
Niclas Hedhman, Software Developer
http://www.qi4j.org - New Energy for Java
I live here; http://tinyurl.com/2qq9er
I work here; http://tinyurl.com/2ymelc
I relax here; http://tinyurl.com/2cgsug
Re: Apache River release 2.2.0 Vote
Posted by Peter Firmstone <ji...@zeus.net.au>.
Thanks Craig.
Craig L Russell wrote:
> Hi Peter,
>
> To stage your release, you should use your own apache public_html
> directory, e.g. on
> people.apache.org/~peter_firmstone/public_html/river_2.2.0_first_try/
>
> Craig
>
> On Jan 4, 2010, at 3:33 PM, Peter Firmstone wrote:
>
>> Is there a directory I can upload the signed release and checksums
>> before placing them on www.apache.org/dist/incubator/river for checking?
>>
>> Best Regards,
>>
>> Peter Firmstone.
>
> Craig L Russell
> Architect, Sun Java Enterprise System http://db.apache.org/jdo
> 408 276-5638 mailto:Craig.Russell@sun.com
> P.S. A good JDO? O, Gasp!
>
>
Re: Apache River release 2.2.0 Vote
Posted by Craig L Russell <Cr...@Sun.COM>.
Hi Peter,
To stage your release, you should use your own apache public_html
directory, e.g. on people.apache.org/~peter_firmstone/public_html/
river_2.2.0_first_try/
Craig
On Jan 4, 2010, at 3:33 PM, Peter Firmstone wrote:
> Is there a directory I can upload the signed release and checksums
> before placing them on www.apache.org/dist/incubator/river for
> checking?
>
> Best Regards,
>
> Peter Firmstone.
Craig L Russell
Architect, Sun Java Enterprise System http://db.apache.org/jdo
408 276-5638 mailto:Craig.Russell@sun.com
P.S. A good JDO? O, Gasp!
Re: Apache River release 2.2.0 Vote
Posted by Gregg Wonderly <gr...@wonderly.org>.
+1
Peter Firmstone wrote:
> To Release Apache River 2.2.0, I need to create two zip files:
>
> Apache-River-2.2.0-incubating-src.zip
> Apache-River-2.2.0-incubating-bin.zip
>
> But prior to doing so we need to vote for the release.
>
> Following the vote, I'll create a new KEYS file to replace the existing
> contained within the trunk directory, then committers can add their keys
> to the file by:
>
> $gpg --list-sigs Your Name >> KEYS
> $gpg --armor --export Your Name >> KEYS
>
> Please make sure your existing KEYS are at least 2056bit RSA, before
> adding to the KEYS file.
>
> If you need to generate a new key, please generate a new 4096 RSA key
> and sign it with your old key, to maintain your ring of trust. See
> http://www.apache.org/dev/release-signing.html#keys-policy for details.
>
> Make sure to upload your new public key to the following public key
> servers:
>
> $gpg --keyserver subkeys.pgp.net --send-keys KeyID $gpg --keyserver
> pgp.mit.edu --send-keys KeyID
>
> You can locate your key id with the following command:
>
> $gpg --list-keys
>
> Look for the KeyID in the output:
>
> pub 4096R/KeyID Date
>
> Is there a directory I can upload the signed release and checksums
> before placing them on www.apache.org/dist/incubator/river for checking?
>
> Best Regards,
>
> Peter Firmstone.
>
>
>