[Vote] cordova-plugin-inappbrowser@0.3.3

[Andrew Grieve <ag...@chromium.org>]

Please review and vote on the release of this inappbrowser release.

The plugin has been publish here:
https://dist.apache.org/repos/dist/dev/cordova/iab/

It is the same as the recently published 0.3.2, except with:
* CB-6172 Fix broken install on case-sensitive file-systems

The packages were published from their corresponding git tags:
    cordova-plugin-inappbrowser: 0.3.3 (a5dedae631)

Upon a successful vote I will upload the archives to dist/, upload them to
the Plugins Registry, and post the corresponding blog post.

Voting will go on for a minimum of 20 hours.

I vote +1.

Re: [Vote] cordova-plugin-inappbrowser@0.3.3

[Ian Clelland <ic...@chromium.org>]

+1


On Wed, Mar 5, 2014 at 10:47 PM, Carlos Santana <cs...@gmail.com>wrote:

> Thanks I just saw your tweet
>
>
> On Wed, Mar 5, 2014 at 10:42 PM, Andrew Grieve <ag...@chromium.org>
> wrote:
>
> > Just moved SetUpGpg wiki into coho as well since that's very release
> > process applicable. Problem is just that the github mirrors are not
> > up-to-date yet. You can see all the docs via apache's gitweb:
> >
> >
> >
> https://git-wip-us.apache.org/repos/asf?p=cordova-coho.git;a=blob;f=docs/setting-up-gpg.md
> >
> > I've tweeted my gpg fingerprint: https://twitter.com/GrieveAndrew. Just
> as
> > good as a phone call?
> >
> > If someone figures out how to use gpg --edit-key to fix up this message,
> > would be good to paste the commands into setting-up-gpg.md.
> >
> >
> >
> > On Wed, Mar 5, 2014 at 9:26 PM, Carlos Santana <cs...@gmail.com>
> > wrote:
> >
> > > I think I found the information here
> > > https://www.apache.org/info/verification.html
> > >
> > > Based on this *"Some people are satisfied by reading the key signature
> > over
> > > a telephone (voice verification). "*
> > >
> > > Should I give you a call Andrew? :-p
> > >
> > > By they way shouldn't the "KEYS" file be located in the download
> > directory
> > > also? https://dist.apache.org/repos/dist/dev/cordova/iab/
> > >
> > >
> > > --Carlos
> > >
> > >
> > >
> > > On Wed, Mar 5, 2014 at 9:02 PM, Carlos Santana <cs...@gmail.com>
> > > wrote:
> > >
> > > > With the new process in place, where is documentation on how to
> verify
> > > the
> > > > signing and key stuff
> > > >
> > > > Was not able to find in the repo:
> > > >
> > > > https://github.com/apache/cordova-coho/tree/master/docs
> > > >
> > > >
> > > >
> > > >
> > > > On Wed, Mar 5, 2014 at 5:01 PM, Ian Clelland <iclelland@chromium.org
> > > >wrote:
> > > >
> > > >> I've seen that before -- it just means that you haven't declared,
> > > >> explicitly or implicitly, that you trust that the signing key is
> > really
> > > >> Andrew's.
> > > >>
> > > >> The important line should be above that, and should say
> > > >>
> > > >> gpg: Good signature from "Andrew Grieve (CODE SIGNING KEY) <
> > > >> agrieve@apache.org>"
> > > >>
> > > >> What you can do right now is run "gpg --fingerprint", and then have
> > > Andrew
> > > >> do that same, and verify that they match. Then you can safely ignore
> > the
> > > >> message :)
> > > >>
> > > >> The long term solution is to get Andrew's (and Steven's, and anyone
> > > >> else's)
> > > >> public key signed by some Apache folks. Apparently there's a key
> > signing
> > > >> party at every ApacheCon, so that'll be a good time to do it.
> > > >>
> > > >>
> > > >> --------
> > > >> Instead of ignoring the message, you can also sign the key with your
> > > own:
> > > >>
> > > >> $ gpg --edit-key agrieve@apache.org
> > > >> > sign
> > > >> > save
> > > >>
> > > >>
> > > >>
> > > >> On Wed, Mar 5, 2014 at 3:19 PM, Michal Mocny <mm...@chromium.org>
> > > wrote:
> > > >>
> > > >> > +1
> > > >> >
> > > >> > However, gpg --verify gives me:
> > > >> >
> > > >> > gpg: WARNING: This key is not certified with a trusted signature!
> > > >> > gpg:          There is no indication that the signature belongs to
> > the
> > > >> > owner.
> > > >> >
> > > >> > I don't recall seeing this before. I had to add your new key to
> > verify
> > > >> this
> > > >> > time.
> > > >> >
> > > >> > -Michal
> > > >> >
> > > >> >
> > > >> > On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve <
> agrieve@chromium.org
> > >
> > > >> > wrote:
> > > >> >
> > > >> > > Please review and vote on the release of this inappbrowser
> > release.
> > > >> > >
> > > >> > > The plugin has been publish here:
> > > >> > > https://dist.apache.org/repos/dist/dev/cordova/iab/
> > > >> > >
> > > >> > > It is the same as the recently published 0.3.2, except with:
> > > >> > > * CB-6172 Fix broken install on case-sensitive file-systems
> > > >> > >
> > > >> > > The packages were published from their corresponding git tags:
> > > >> > >     cordova-plugin-inappbrowser: 0.3.3 (a5dedae631)
> > > >> > >
> > > >> > > Upon a successful vote I will upload the archives to dist/,
> upload
> > > >> them
> > > >> > to
> > > >> > > the Plugins Registry, and post the corresponding blog post.
> > > >> > >
> > > >> > > Voting will go on for a minimum of 20 hours.
> > > >> > >
> > > >> > > I vote +1.
> > > >> > >
> > > >> >
> > > >>
> > > >
> > > >
> > > >
> > > > --
> > > > Carlos Santana
> > > > <cs...@gmail.com>
> > > >
> > >
> > >
> > >
> > > --
> > > Carlos Santana
> > > <cs...@gmail.com>
> > >
> >
>
>
>
> --
> Carlos Santana
> <cs...@gmail.com>
>

Re: [Vote] cordova-plugin-inappbrowser@0.3.3

[Carlos Santana <cs...@gmail.com>]

Thanks I just saw your tweet


On Wed, Mar 5, 2014 at 10:42 PM, Andrew Grieve <ag...@chromium.org> wrote:

> Just moved SetUpGpg wiki into coho as well since that's very release
> process applicable. Problem is just that the github mirrors are not
> up-to-date yet. You can see all the docs via apache's gitweb:
>
>
> https://git-wip-us.apache.org/repos/asf?p=cordova-coho.git;a=blob;f=docs/setting-up-gpg.md
>
> I've tweeted my gpg fingerprint: https://twitter.com/GrieveAndrew. Just as
> good as a phone call?
>
> If someone figures out how to use gpg --edit-key to fix up this message,
> would be good to paste the commands into setting-up-gpg.md.
>
>
>
> On Wed, Mar 5, 2014 at 9:26 PM, Carlos Santana <cs...@gmail.com>
> wrote:
>
> > I think I found the information here
> > https://www.apache.org/info/verification.html
> >
> > Based on this *"Some people are satisfied by reading the key signature
> over
> > a telephone (voice verification). "*
> >
> > Should I give you a call Andrew? :-p
> >
> > By they way shouldn't the "KEYS" file be located in the download
> directory
> > also? https://dist.apache.org/repos/dist/dev/cordova/iab/
> >
> >
> > --Carlos
> >
> >
> >
> > On Wed, Mar 5, 2014 at 9:02 PM, Carlos Santana <cs...@gmail.com>
> > wrote:
> >
> > > With the new process in place, where is documentation on how to verify
> > the
> > > signing and key stuff
> > >
> > > Was not able to find in the repo:
> > >
> > > https://github.com/apache/cordova-coho/tree/master/docs
> > >
> > >
> > >
> > >
> > > On Wed, Mar 5, 2014 at 5:01 PM, Ian Clelland <iclelland@chromium.org
> > >wrote:
> > >
> > >> I've seen that before -- it just means that you haven't declared,
> > >> explicitly or implicitly, that you trust that the signing key is
> really
> > >> Andrew's.
> > >>
> > >> The important line should be above that, and should say
> > >>
> > >> gpg: Good signature from "Andrew Grieve (CODE SIGNING KEY) <
> > >> agrieve@apache.org>"
> > >>
> > >> What you can do right now is run "gpg --fingerprint", and then have
> > Andrew
> > >> do that same, and verify that they match. Then you can safely ignore
> the
> > >> message :)
> > >>
> > >> The long term solution is to get Andrew's (and Steven's, and anyone
> > >> else's)
> > >> public key signed by some Apache folks. Apparently there's a key
> signing
> > >> party at every ApacheCon, so that'll be a good time to do it.
> > >>
> > >>
> > >> --------
> > >> Instead of ignoring the message, you can also sign the key with your
> > own:
> > >>
> > >> $ gpg --edit-key agrieve@apache.org
> > >> > sign
> > >> > save
> > >>
> > >>
> > >>
> > >> On Wed, Mar 5, 2014 at 3:19 PM, Michal Mocny <mm...@chromium.org>
> > wrote:
> > >>
> > >> > +1
> > >> >
> > >> > However, gpg --verify gives me:
> > >> >
> > >> > gpg: WARNING: This key is not certified with a trusted signature!
> > >> > gpg:          There is no indication that the signature belongs to
> the
> > >> > owner.
> > >> >
> > >> > I don't recall seeing this before. I had to add your new key to
> verify
> > >> this
> > >> > time.
> > >> >
> > >> > -Michal
> > >> >
> > >> >
> > >> > On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve <agrieve@chromium.org
> >
> > >> > wrote:
> > >> >
> > >> > > Please review and vote on the release of this inappbrowser
> release.
> > >> > >
> > >> > > The plugin has been publish here:
> > >> > > https://dist.apache.org/repos/dist/dev/cordova/iab/
> > >> > >
> > >> > > It is the same as the recently published 0.3.2, except with:
> > >> > > * CB-6172 Fix broken install on case-sensitive file-systems
> > >> > >
> > >> > > The packages were published from their corresponding git tags:
> > >> > >     cordova-plugin-inappbrowser: 0.3.3 (a5dedae631)
> > >> > >
> > >> > > Upon a successful vote I will upload the archives to dist/, upload
> > >> them
> > >> > to
> > >> > > the Plugins Registry, and post the corresponding blog post.
> > >> > >
> > >> > > Voting will go on for a minimum of 20 hours.
> > >> > >
> > >> > > I vote +1.
> > >> > >
> > >> >
> > >>
> > >
> > >
> > >
> > > --
> > > Carlos Santana
> > > <cs...@gmail.com>
> > >
> >
> >
> >
> > --
> > Carlos Santana
> > <cs...@gmail.com>
> >
>



-- 
Carlos Santana
<cs...@gmail.com>

Re: [Vote] cordova-plugin-inappbrowser@0.3.3

[Andrew Grieve <ag...@chromium.org>]

Just moved SetUpGpg wiki into coho as well since that's very release
process applicable. Problem is just that the github mirrors are not
up-to-date yet. You can see all the docs via apache's gitweb:

https://git-wip-us.apache.org/repos/asf?p=cordova-coho.git;a=blob;f=docs/setting-up-gpg.md

I've tweeted my gpg fingerprint: https://twitter.com/GrieveAndrew. Just as
good as a phone call?

If someone figures out how to use gpg --edit-key to fix up this message,
would be good to paste the commands into setting-up-gpg.md.



On Wed, Mar 5, 2014 at 9:26 PM, Carlos Santana <cs...@gmail.com> wrote:

> I think I found the information here
> https://www.apache.org/info/verification.html
>
> Based on this *"Some people are satisfied by reading the key signature over
> a telephone (voice verification). "*
>
> Should I give you a call Andrew? :-p
>
> By they way shouldn't the "KEYS" file be located in the download directory
> also? https://dist.apache.org/repos/dist/dev/cordova/iab/
>
>
> --Carlos
>
>
>
> On Wed, Mar 5, 2014 at 9:02 PM, Carlos Santana <cs...@gmail.com>
> wrote:
>
> > With the new process in place, where is documentation on how to verify
> the
> > signing and key stuff
> >
> > Was not able to find in the repo:
> >
> > https://github.com/apache/cordova-coho/tree/master/docs
> >
> >
> >
> >
> > On Wed, Mar 5, 2014 at 5:01 PM, Ian Clelland <iclelland@chromium.org
> >wrote:
> >
> >> I've seen that before -- it just means that you haven't declared,
> >> explicitly or implicitly, that you trust that the signing key is really
> >> Andrew's.
> >>
> >> The important line should be above that, and should say
> >>
> >> gpg: Good signature from "Andrew Grieve (CODE SIGNING KEY) <
> >> agrieve@apache.org>"
> >>
> >> What you can do right now is run "gpg --fingerprint", and then have
> Andrew
> >> do that same, and verify that they match. Then you can safely ignore the
> >> message :)
> >>
> >> The long term solution is to get Andrew's (and Steven's, and anyone
> >> else's)
> >> public key signed by some Apache folks. Apparently there's a key signing
> >> party at every ApacheCon, so that'll be a good time to do it.
> >>
> >>
> >> --------
> >> Instead of ignoring the message, you can also sign the key with your
> own:
> >>
> >> $ gpg --edit-key agrieve@apache.org
> >> > sign
> >> > save
> >>
> >>
> >>
> >> On Wed, Mar 5, 2014 at 3:19 PM, Michal Mocny <mm...@chromium.org>
> wrote:
> >>
> >> > +1
> >> >
> >> > However, gpg --verify gives me:
> >> >
> >> > gpg: WARNING: This key is not certified with a trusted signature!
> >> > gpg:          There is no indication that the signature belongs to the
> >> > owner.
> >> >
> >> > I don't recall seeing this before. I had to add your new key to verify
> >> this
> >> > time.
> >> >
> >> > -Michal
> >> >
> >> >
> >> > On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve <ag...@chromium.org>
> >> > wrote:
> >> >
> >> > > Please review and vote on the release of this inappbrowser release.
> >> > >
> >> > > The plugin has been publish here:
> >> > > https://dist.apache.org/repos/dist/dev/cordova/iab/
> >> > >
> >> > > It is the same as the recently published 0.3.2, except with:
> >> > > * CB-6172 Fix broken install on case-sensitive file-systems
> >> > >
> >> > > The packages were published from their corresponding git tags:
> >> > >     cordova-plugin-inappbrowser: 0.3.3 (a5dedae631)
> >> > >
> >> > > Upon a successful vote I will upload the archives to dist/, upload
> >> them
> >> > to
> >> > > the Plugins Registry, and post the corresponding blog post.
> >> > >
> >> > > Voting will go on for a minimum of 20 hours.
> >> > >
> >> > > I vote +1.
> >> > >
> >> >
> >>
> >
> >
> >
> > --
> > Carlos Santana
> > <cs...@gmail.com>
> >
>
>
>
> --
> Carlos Santana
> <cs...@gmail.com>
>

Re: [Vote] cordova-plugin-inappbrowser@0.3.3

[Carlos Santana <cs...@gmail.com>]

I think I found the information here
https://www.apache.org/info/verification.html

Based on this *"Some people are satisfied by reading the key signature over
a telephone (voice verification). "*

Should I give you a call Andrew? :-p

By they way shouldn't the "KEYS" file be located in the download directory
also? https://dist.apache.org/repos/dist/dev/cordova/iab/


--Carlos



On Wed, Mar 5, 2014 at 9:02 PM, Carlos Santana <cs...@gmail.com> wrote:

> With the new process in place, where is documentation on how to verify the
> signing and key stuff
>
> Was not able to find in the repo:
>
> https://github.com/apache/cordova-coho/tree/master/docs
>
>
>
>
> On Wed, Mar 5, 2014 at 5:01 PM, Ian Clelland <ic...@chromium.org>wrote:
>
>> I've seen that before -- it just means that you haven't declared,
>> explicitly or implicitly, that you trust that the signing key is really
>> Andrew's.
>>
>> The important line should be above that, and should say
>>
>> gpg: Good signature from "Andrew Grieve (CODE SIGNING KEY) <
>> agrieve@apache.org>"
>>
>> What you can do right now is run "gpg --fingerprint", and then have Andrew
>> do that same, and verify that they match. Then you can safely ignore the
>> message :)
>>
>> The long term solution is to get Andrew's (and Steven's, and anyone
>> else's)
>> public key signed by some Apache folks. Apparently there's a key signing
>> party at every ApacheCon, so that'll be a good time to do it.
>>
>>
>> --------
>> Instead of ignoring the message, you can also sign the key with your own:
>>
>> $ gpg --edit-key agrieve@apache.org
>> > sign
>> > save
>>
>>
>>
>> On Wed, Mar 5, 2014 at 3:19 PM, Michal Mocny <mm...@chromium.org> wrote:
>>
>> > +1
>> >
>> > However, gpg --verify gives me:
>> >
>> > gpg: WARNING: This key is not certified with a trusted signature!
>> > gpg:          There is no indication that the signature belongs to the
>> > owner.
>> >
>> > I don't recall seeing this before. I had to add your new key to verify
>> this
>> > time.
>> >
>> > -Michal
>> >
>> >
>> > On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve <ag...@chromium.org>
>> > wrote:
>> >
>> > > Please review and vote on the release of this inappbrowser release.
>> > >
>> > > The plugin has been publish here:
>> > > https://dist.apache.org/repos/dist/dev/cordova/iab/
>> > >
>> > > It is the same as the recently published 0.3.2, except with:
>> > > * CB-6172 Fix broken install on case-sensitive file-systems
>> > >
>> > > The packages were published from their corresponding git tags:
>> > >     cordova-plugin-inappbrowser: 0.3.3 (a5dedae631)
>> > >
>> > > Upon a successful vote I will upload the archives to dist/, upload
>> them
>> > to
>> > > the Plugins Registry, and post the corresponding blog post.
>> > >
>> > > Voting will go on for a minimum of 20 hours.
>> > >
>> > > I vote +1.
>> > >
>> >
>>
>
>
>
> --
> Carlos Santana
> <cs...@gmail.com>
>



-- 
Carlos Santana
<cs...@gmail.com>

Re: [Vote] cordova-plugin-inappbrowser@0.3.3

[Carlos Santana <cs...@gmail.com>]

With the new process in place, where is documentation on how to verify the
signing and key stuff

Was not able to find in the repo:

https://github.com/apache/cordova-coho/tree/master/docs




On Wed, Mar 5, 2014 at 5:01 PM, Ian Clelland <ic...@chromium.org> wrote:

> I've seen that before -- it just means that you haven't declared,
> explicitly or implicitly, that you trust that the signing key is really
> Andrew's.
>
> The important line should be above that, and should say
>
> gpg: Good signature from "Andrew Grieve (CODE SIGNING KEY) <
> agrieve@apache.org>"
>
> What you can do right now is run "gpg --fingerprint", and then have Andrew
> do that same, and verify that they match. Then you can safely ignore the
> message :)
>
> The long term solution is to get Andrew's (and Steven's, and anyone else's)
> public key signed by some Apache folks. Apparently there's a key signing
> party at every ApacheCon, so that'll be a good time to do it.
>
>
> --------
> Instead of ignoring the message, you can also sign the key with your own:
>
> $ gpg --edit-key agrieve@apache.org
> > sign
> > save
>
>
>
> On Wed, Mar 5, 2014 at 3:19 PM, Michal Mocny <mm...@chromium.org> wrote:
>
> > +1
> >
> > However, gpg --verify gives me:
> >
> > gpg: WARNING: This key is not certified with a trusted signature!
> > gpg:          There is no indication that the signature belongs to the
> > owner.
> >
> > I don't recall seeing this before. I had to add your new key to verify
> this
> > time.
> >
> > -Michal
> >
> >
> > On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve <ag...@chromium.org>
> > wrote:
> >
> > > Please review and vote on the release of this inappbrowser release.
> > >
> > > The plugin has been publish here:
> > > https://dist.apache.org/repos/dist/dev/cordova/iab/
> > >
> > > It is the same as the recently published 0.3.2, except with:
> > > * CB-6172 Fix broken install on case-sensitive file-systems
> > >
> > > The packages were published from their corresponding git tags:
> > >     cordova-plugin-inappbrowser: 0.3.3 (a5dedae631)
> > >
> > > Upon a successful vote I will upload the archives to dist/, upload them
> > to
> > > the Plugins Registry, and post the corresponding blog post.
> > >
> > > Voting will go on for a minimum of 20 hours.
> > >
> > > I vote +1.
> > >
> >
>



-- 
Carlos Santana
<cs...@gmail.com>

Re: [Vote] cordova-plugin-inappbrowser@0.3.3

[Ian Clelland <ic...@chromium.org>]

I've seen that before -- it just means that you haven't declared,
explicitly or implicitly, that you trust that the signing key is really
Andrew's.

The important line should be above that, and should say

gpg: Good signature from "Andrew Grieve (CODE SIGNING KEY) <
agrieve@apache.org>"

What you can do right now is run "gpg --fingerprint", and then have Andrew
do that same, and verify that they match. Then you can safely ignore the
message :)

The long term solution is to get Andrew's (and Steven's, and anyone else's)
public key signed by some Apache folks. Apparently there's a key signing
party at every ApacheCon, so that'll be a good time to do it.


--------
Instead of ignoring the message, you can also sign the key with your own:

$ gpg --edit-key agrieve@apache.org
> sign
> save



On Wed, Mar 5, 2014 at 3:19 PM, Michal Mocny <mm...@chromium.org> wrote:

> +1
>
> However, gpg --verify gives me:
>
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
>
> I don't recall seeing this before. I had to add your new key to verify this
> time.
>
> -Michal
>
>
> On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve <ag...@chromium.org>
> wrote:
>
> > Please review and vote on the release of this inappbrowser release.
> >
> > The plugin has been publish here:
> > https://dist.apache.org/repos/dist/dev/cordova/iab/
> >
> > It is the same as the recently published 0.3.2, except with:
> > * CB-6172 Fix broken install on case-sensitive file-systems
> >
> > The packages were published from their corresponding git tags:
> >     cordova-plugin-inappbrowser: 0.3.3 (a5dedae631)
> >
> > Upon a successful vote I will upload the archives to dist/, upload them
> to
> > the Plugins Registry, and post the corresponding blog post.
> >
> > Voting will go on for a minimum of 20 hours.
> >
> > I vote +1.
> >
>

Re: [Vote] cordova-plugin-inappbrowser@0.3.3

[Michal Mocny <mm...@chromium.org>]

+1

However, gpg --verify gives me:

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.

I don't recall seeing this before. I had to add your new key to verify this
time.

-Michal


On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve <ag...@chromium.org> wrote:

> Please review and vote on the release of this inappbrowser release.
>
> The plugin has been publish here:
> https://dist.apache.org/repos/dist/dev/cordova/iab/
>
> It is the same as the recently published 0.3.2, except with:
> * CB-6172 Fix broken install on case-sensitive file-systems
>
> The packages were published from their corresponding git tags:
>     cordova-plugin-inappbrowser: 0.3.3 (a5dedae631)
>
> Upon a successful vote I will upload the archives to dist/, upload them to
> the Plugins Registry, and post the corresponding blog post.
>
> Voting will go on for a minimum of 20 hours.
>
> I vote +1.
>