You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@milagro.apache.org by John McCane-Whitney <jo...@qredo.com> on 2019/08/02 11:23:24 UTC
[DISCUSS] First Apache Milagro Incubating release of crypto-c &
crypto-js libraries
Hi all,
As proposed here by Brian Spector a couple of months ago, we'd like make our first ASF release, and as it's our first, I'm sending details of the proposed release as a [DISCUSS] item to solicit any feedback from you all about both the repos themselves and the release process described below. Apologies in advance for the lengthy email, however I think it'll help get this release completed successfully and then help with subsequent Milagro releases. Please respond with any feedback as soon as possible so we can take any required actions before I initiate the formal release process.
One outstanding question I have is whether I need to raise a ticket on https://issues.apache.org/jira/? On http://www.apache.org/legal/release-policy.html#heads-up it says: "Releases of more than 1GB of artifacts require a heads-up to Infrastructure in advance." Our release would total ~16Mb, but I've been using Apache Openwhisk as a guide, and they list raising such a ticket as one of the release requirements (even though their release are also way below 1GB).
1. REPOS
We intend to release two Apache Milagro Crypto repos as a single ASF release:
https://github.com/apache/incubator-milagro-crypto-c
milagro-crypto-c is a modern cryptographic C library that focuses on Elliptic Curve Cryptography but has support for legacy systems that require RSA. There is support for three different security levels; 128, 192 and 256 bit. It has been written only in C and has no external dependencies other than an entropy source. Measures have been taken in the code base to prevent side channel attacks. Pairing based cryptography (PBC) is a maturing field that has recently gained widespread acceptance. The library supports schemes that make use of PBC such as BLS for short signatures and MPIN for multi-factor authentication (MFA).
https://github.com/apache/incubator-milagro-crypto-js
milagro-crypto-js is the JavaScript equivalent of milagro-crypto-c. It has all the same functionality, API and even the intermediate calculated values in the functions are the same. This library allows you to run MFA using MPIN in the browser which, to the best of our knowledge, is the only such implementation of MFA in this context.
Both libraries have been under active development for many years and the APIs haven't changed in several months. There are extensive tests using third party test vectors and the tooling required to deploy this software into a modern software project. We believe that the code base has reached the point that we can perform a general availability (GA) releases.
Both releases will be from their respective master branches
I propose that both releases will be tagged as version 1.0.0, but would welcome alternative proposals.
2. TESTING
With help from Kealan McCusker & Howard Kitto, we've successfully followed all the installation instructions and ran all the tests as described in the repos' respective readmes on Linux, MacOS & Windows, but would appreciate it if anyone else could replicate these test for confirmation.
3. DISCLAIMER, LICENCE & NOTICE FILES
Both repos have the required disclaimer, notice and licence files in their root directories.
All source files have the appropriate licence header.
4. RELEASE FILES
Both repos will be included as zipped archives with standalone signatures and sha512 hash as per http://www.apache.org/dev/release-signing.html
The keys file will include all relevant public keys.
Files:
apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz
apache-milagro-crypto-c-1.0.0-incubating-src.asc
apache-milagro-crypto-c-1.0.0-incubating-src.sha512
apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz
apache-milagro-crypto-js-1.0.0-incubating-src.asc
apache-milagro-crypto-js-1.0.0-incubating-src.sha512
keys
5. STAGING DESTINATION
All the above files will be uploaded to:
https://dist.apache.org/repos/dist/dev/incubator/milagro
6. ROUND 1 VOTE
When: 24 hours after the above upload
To: dev@milagro.incubator.apache.org
Success: 3 x +1 votes
Voting period: 72 hours minimum
7. ROUND 2 VOTE
When: After round 1 voting approval
To: general@incubator.apache.org
Cc: dev@milagro.incubator.apache.org
Success: 3 x +1 votes
Voting period: 72 hours minimum
8. RELEASE DESTINATION
After round 2 approval, the files will be uploaded to:
http://www.apache.org/dist/incubator/milagro/
9. PROJECT WEBSITE
I'm currently working on updating https://milagro.apache.org as follows:
- include download links for the release
- add the standard Apache incubator disclaimer
- update the documentation for the two repos
10. ACKNOWLEDGMENTS
Many thanks to everyone that's contributed to these libraries - a list of contributors is in each repos' readme - but please feel free to add yourself if you've made a contribution.
Regards,
John
John McCane-Whitney
Director of Product at Qredo Ltd
T: +44 7966 490687
1 Primrose Street
London, UK EC2A 2EX
https://qredo.com
Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
Re: [DISCUSS] First Apache Milagro Incubating release of crypto-c &
crypto-js libraries
Posted by Howard Kitto <ho...@qredo.com>.
Thanks John
I’d like to lend my support to this proposal. I’m relatively new to this project but I’ve been using both the C and JavaScript libraries extensively and have yet to find any issues with either of them.
Well done for pushing this forward!
Howard
> On 2 Aug 2019, at 12:23, John McCane-Whitney <jo...@qredo.com> wrote:
>
> Hi all,
>
> As proposed here by Brian Spector a couple of months ago, we'd like make our first ASF release, and as it's our first, I'm sending details of the proposed release as a [DISCUSS] item to solicit any feedback from you all about both the repos themselves and the release process described below. Apologies in advance for the lengthy email, however I think it'll help get this release completed successfully and then help with subsequent Milagro releases. Please respond with any feedback as soon as possible so we can take any required actions before I initiate the formal release process.
>
> One outstanding question I have is whether I need to raise a ticket on https://issues.apache.org/jira/? On http://www.apache.org/legal/release-policy.html#heads-up it says: "Releases of more than 1GB of artifacts require a heads-up to Infrastructure in advance." Our release would total ~16Mb, but I've been using Apache Openwhisk as a guide, and they list raising such a ticket as one of the release requirements (even though their release are also way below 1GB).
>
> 1. REPOS
>
> We intend to release two Apache Milagro Crypto repos as a single ASF release:
>
> https://github.com/apache/incubator-milagro-crypto-c
>
> milagro-crypto-c is a modern cryptographic C library that focuses on Elliptic Curve Cryptography but has support for legacy systems that require RSA. There is support for three different security levels; 128, 192 and 256 bit. It has been written only in C and has no external dependencies other than an entropy source. Measures have been taken in the code base to prevent side channel attacks. Pairing based cryptography (PBC) is a maturing field that has recently gained widespread acceptance. The library supports schemes that make use of PBC such as BLS for short signatures and MPIN for multi-factor authentication (MFA).
>
> https://github.com/apache/incubator-milagro-crypto-js
>
> milagro-crypto-js is the JavaScript equivalent of milagro-crypto-c. It has all the same functionality, API and even the intermediate calculated values in the functions are the same. This library allows you to run MFA using MPIN in the browser which, to the best of our knowledge, is the only such implementation of MFA in this context.
>
> Both libraries have been under active development for many years and the APIs haven't changed in several months. There are extensive tests using third party test vectors and the tooling required to deploy this software into a modern software project. We believe that the code base has reached the point that we can perform a general availability (GA) releases.
>
> Both releases will be from their respective master branches
>
> I propose that both releases will be tagged as version 1.0.0, but would welcome alternative proposals.
>
> 2. TESTING
>
> With help from Kealan McCusker & Howard Kitto, we've successfully followed all the installation instructions and ran all the tests as described in the repos' respective readmes on Linux, MacOS & Windows, but would appreciate it if anyone else could replicate these test for confirmation.
>
> 3. DISCLAIMER, LICENCE & NOTICE FILES
>
> Both repos have the required disclaimer, notice and licence files in their root directories.
>
> All source files have the appropriate licence header.
>
> 4. RELEASE FILES
>
> Both repos will be included as zipped archives with standalone signatures and sha512 hash as per http://www.apache.org/dev/release-signing.html
>
> The keys file will include all relevant public keys.
>
> Files:
>
> apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz
> apache-milagro-crypto-c-1.0.0-incubating-src.asc
> apache-milagro-crypto-c-1.0.0-incubating-src.sha512
> apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz
> apache-milagro-crypto-js-1.0.0-incubating-src.asc
> apache-milagro-crypto-js-1.0.0-incubating-src.sha512
> keys
>
> 5. STAGING DESTINATION
>
> All the above files will be uploaded to:
>
> https://dist.apache.org/repos/dist/dev/incubator/milagro
>
> 6. ROUND 1 VOTE
>
> When: 24 hours after the above upload
> To: dev@milagro.incubator.apache.org
> Success: 3 x +1 votes
> Voting period: 72 hours minimum
>
> 7. ROUND 2 VOTE
>
> When: After round 1 voting approval
> To: general@incubator.apache.org
> Cc: dev@milagro.incubator.apache.org
> Success: 3 x +1 votes
> Voting period: 72 hours minimum
>
> 8. RELEASE DESTINATION
>
> After round 2 approval, the files will be uploaded to:
>
> http://www.apache.org/dist/incubator/milagro/
>
> 9. PROJECT WEBSITE
>
> I'm currently working on updating https://milagro.apache.org as follows:
>
> - include download links for the release
> - add the standard Apache incubator disclaimer
> - update the documentation for the two repos
>
> 10. ACKNOWLEDGMENTS
>
> Many thanks to everyone that's contributed to these libraries - a list of contributors is in each repos' readme - but please feel free to add yourself if you've made a contribution.
>
> Regards,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> 1 Primrose Street
> London, UK EC2A 2EX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system.
>
Re: [DISCUSS] First Apache Milagro Incubating release of crypto-c &
crypto-js libraries
Posted by Kealan McCusker <ke...@gmail.com>.
Hi John
Yes, I think it is about time that these libraries were released!
I would also like to acknowledge the many contributions to these libraries
over the last few years. It is a real
pity that the commit history has been lost. If you are a contributor then
please add yourself to the list in the
README and we will merge the PR.
Regards
Kealan
On Fri, 2 Aug 2019 at 12:23, John McCane-Whitney <jo...@qredo.com> wrote:
> Hi all,
>
> As proposed here by Brian Spector a couple of months ago, we'd like make
> our first ASF release, and as it's our first, I'm sending details of the
> proposed release as a [DISCUSS] item to solicit any feedback from you all
> about both the repos themselves and the release process described below.
> Apologies in advance for the lengthy email, however I think it'll help get
> this release completed successfully and then help with subsequent Milagro
> releases. Please respond with any feedback as soon as possible so we can
> take any required actions before I initiate the formal release process.
>
> One outstanding question I have is whether I need to raise a ticket on
> https://issues.apache.org/jira/? On
> http://www.apache.org/legal/release-policy.html#heads-up it says:
> "Releases of more than 1GB of artifacts require a heads-up to
> Infrastructure in advance." Our release would total ~16Mb, but I've been
> using Apache Openwhisk as a guide, and they list raising such a ticket as
> one of the release requirements (even though their release are also way
> below 1GB).
>
> 1. REPOS
>
> We intend to release two Apache Milagro Crypto repos as a single ASF
> release:
>
> https://github.com/apache/incubator-milagro-crypto-c
>
> milagro-crypto-c is a modern cryptographic C library that focuses on
> Elliptic Curve Cryptography but has support for legacy systems that require
> RSA. There is support for three different security levels; 128, 192 and 256
> bit. It has been written only in C and has no external dependencies other
> than an entropy source. Measures have been taken in the code base to
> prevent side channel attacks. Pairing based cryptography (PBC) is a
> maturing field that has recently gained widespread acceptance. The library
> supports schemes that make use of PBC such as BLS for short signatures and
> MPIN for multi-factor authentication (MFA).
>
> https://github.com/apache/incubator-milagro-crypto-js
>
> milagro-crypto-js is the JavaScript equivalent of milagro-crypto-c. It has
> all the same functionality, API and even the intermediate calculated values
> in the functions are the same. This library allows you to run MFA using
> MPIN in the browser which, to the best of our knowledge, is the only such
> implementation of MFA in this context.
>
> Both libraries have been under active development for many years and the
> APIs haven't changed in several months. There are extensive tests using
> third party test vectors and the tooling required to deploy this software
> into a modern software project. We believe that the code base has reached
> the point that we can perform a general availability (GA) releases.
>
> Both releases will be from their respective master branches
>
> I propose that both releases will be tagged as version 1.0.0, but would
> welcome alternative proposals.
>
> 2. TESTING
>
> With help from Kealan McCusker & Howard Kitto, we've successfully followed
> all the installation instructions and ran all the tests as described in the
> repos' respective readmes on Linux, MacOS & Windows, but would appreciate
> it if anyone else could replicate these test for confirmation.
>
> 3. DISCLAIMER, LICENCE & NOTICE FILES
>
> Both repos have the required disclaimer, notice and licence files in their
> root directories.
>
> All source files have the appropriate licence header.
>
> 4. RELEASE FILES
>
> Both repos will be included as zipped archives with standalone signatures
> and sha512 hash as per http://www.apache.org/dev/release-signing.html
>
> The keys file will include all relevant public keys.
>
> Files:
>
> apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz
> apache-milagro-crypto-c-1.0.0-incubating-src.asc
> apache-milagro-crypto-c-1.0.0-incubating-src.sha512
> apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz
> apache-milagro-crypto-js-1.0.0-incubating-src.asc
> apache-milagro-crypto-js-1.0.0-incubating-src.sha512
> keys
>
> 5. STAGING DESTINATION
>
> All the above files will be uploaded to:
>
> https://dist.apache.org/repos/dist/dev/incubator/milagro
>
> 6. ROUND 1 VOTE
>
> When: 24 hours after the above upload
> To: dev@milagro.incubator.apache.org
> Success: 3 x +1 votes
> Voting period: 72 hours minimum
>
> 7. ROUND 2 VOTE
>
> When: After round 1 voting approval
> To: general@incubator.apache.org
> Cc: dev@milagro.incubator.apache.org
> Success: 3 x +1 votes
> Voting period: 72 hours minimum
>
> 8. RELEASE DESTINATION
>
> After round 2 approval, the files will be uploaded to:
>
> http://www.apache.org/dist/incubator/milagro/
>
> 9. PROJECT WEBSITE
>
> I'm currently working on updating https://milagro.apache.org as follows:
>
> - include download links for the release
> - add the standard Apache incubator disclaimer
> - update the documentation for the two repos
>
> 10. ACKNOWLEDGMENTS
>
> Many thanks to everyone that's contributed to these libraries - a list of
> contributors is in each repos' readme - but please feel free to add
> yourself if you've made a contribution.
>
> Regards,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> 1 Primrose Street
> London, UK EC2A 2EX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered
> number 7834052). This e-mail and any attachments are confidential, and are
> intended only for the named addressee(s). If you are not the intended
> recipient you may not copy, disclose to anyone else or otherwise use the
> content of this e-mail or any attachment thereto and should notify the
> sender immediately and delete them from your system.
>
>
Re: [DISCUSS] First Apache Milagro Incubating release of crypto-c &
crypto-js libraries
Posted by Brian Spector <br...@qredo.com>.
Let's get it done! This is great, thanks for the effort, John.
Brian
On 04/08/2019, 10:00, "Stanislav Mihaylov" <sm...@gmail.com> wrote:
Thanks John, it looks great!
Regards,
Stan
On Fri, Aug 2, 2019 at 2:23 PM John McCane-Whitney <jo...@qredo.com> wrote:
> Hi all,
>
> As proposed here by Brian Spector a couple of months ago, we'd like make
> our first ASF release, and as it's our first, I'm sending details of the
> proposed release as a [DISCUSS] item to solicit any feedback from you all
> about both the repos themselves and the release process described below.
> Apologies in advance for the lengthy email, however I think it'll help get
> this release completed successfully and then help with subsequent Milagro
> releases. Please respond with any feedback as soon as possible so we can
> take any required actions before I initiate the formal release process.
>
> One outstanding question I have is whether I need to raise a ticket on
> https://issues.apache.org/jira/? On
> http://www.apache.org/legal/release-policy.html#heads-up it says:
> "Releases of more than 1GB of artifacts require a heads-up to
> Infrastructure in advance." Our release would total ~16Mb, but I've been
> using Apache Openwhisk as a guide, and they list raising such a ticket as
> one of the release requirements (even though their release are also way
> below 1GB).
>
> 1. REPOS
>
> We intend to release two Apache Milagro Crypto repos as a single ASF
> release:
>
> https://github.com/apache/incubator-milagro-crypto-c
>
> milagro-crypto-c is a modern cryptographic C library that focuses on
> Elliptic Curve Cryptography but has support for legacy systems that require
> RSA. There is support for three different security levels; 128, 192 and 256
> bit. It has been written only in C and has no external dependencies other
> than an entropy source. Measures have been taken in the code base to
> prevent side channel attacks. Pairing based cryptography (PBC) is a
> maturing field that has recently gained widespread acceptance. The library
> supports schemes that make use of PBC such as BLS for short signatures and
> MPIN for multi-factor authentication (MFA).
>
> https://github.com/apache/incubator-milagro-crypto-js
>
> milagro-crypto-js is the JavaScript equivalent of milagro-crypto-c. It has
> all the same functionality, API and even the intermediate calculated values
> in the functions are the same. This library allows you to run MFA using
> MPIN in the browser which, to the best of our knowledge, is the only such
> implementation of MFA in this context.
>
> Both libraries have been under active development for many years and the
> APIs haven't changed in several months. There are extensive tests using
> third party test vectors and the tooling required to deploy this software
> into a modern software project. We believe that the code base has reached
> the point that we can perform a general availability (GA) releases.
>
> Both releases will be from their respective master branches
>
> I propose that both releases will be tagged as version 1.0.0, but would
> welcome alternative proposals.
>
> 2. TESTING
>
> With help from Kealan McCusker & Howard Kitto, we've successfully followed
> all the installation instructions and ran all the tests as described in the
> repos' respective readmes on Linux, MacOS & Windows, but would appreciate
> it if anyone else could replicate these test for confirmation.
>
> 3. DISCLAIMER, LICENCE & NOTICE FILES
>
> Both repos have the required disclaimer, notice and licence files in their
> root directories.
>
> All source files have the appropriate licence header.
>
> 4. RELEASE FILES
>
> Both repos will be included as zipped archives with standalone signatures
> and sha512 hash as per http://www.apache.org/dev/release-signing.html
>
> The keys file will include all relevant public keys.
>
> Files:
>
> apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz
> apache-milagro-crypto-c-1.0.0-incubating-src.asc
> apache-milagro-crypto-c-1.0.0-incubating-src.sha512
> apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz
> apache-milagro-crypto-js-1.0.0-incubating-src.asc
> apache-milagro-crypto-js-1.0.0-incubating-src.sha512
> keys
>
> 5. STAGING DESTINATION
>
> All the above files will be uploaded to:
>
> https://dist.apache.org/repos/dist/dev/incubator/milagro
>
> 6. ROUND 1 VOTE
>
> When: 24 hours after the above upload
> To: dev@milagro.incubator.apache.org
> Success: 3 x +1 votes
> Voting period: 72 hours minimum
>
> 7. ROUND 2 VOTE
>
> When: After round 1 voting approval
> To: general@incubator.apache.org
> Cc: dev@milagro.incubator.apache.org
> Success: 3 x +1 votes
> Voting period: 72 hours minimum
>
> 8. RELEASE DESTINATION
>
> After round 2 approval, the files will be uploaded to:
>
> http://www.apache.org/dist/incubator/milagro/
>
> 9. PROJECT WEBSITE
>
> I'm currently working on updating https://milagro.apache.org as follows:
>
> - include download links for the release
> - add the standard Apache incubator disclaimer
> - update the documentation for the two repos
>
> 10. ACKNOWLEDGMENTS
>
> Many thanks to everyone that's contributed to these libraries - a list of
> contributors is in each repos' readme - but please feel free to add
> yourself if you've made a contribution.
>
> Regards,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> 1 Primrose Street
> London, UK EC2A 2EX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered
> number 7834052). This e-mail and any attachments are confidential, and are
> intended only for the named addressee(s). If you are not the intended
> recipient you may not copy, disclose to anyone else or otherwise use the
> content of this e-mail or any attachment thereto and should notify the
> sender immediately and delete them from your system.
>
>
Re: [DISCUSS] First Apache Milagro Incubating release of crypto-c &
crypto-js libraries
Posted by Stanislav Mihaylov <sm...@gmail.com>.
Thanks John, it looks great!
Regards,
Stan
On Fri, Aug 2, 2019 at 2:23 PM John McCane-Whitney <jo...@qredo.com> wrote:
> Hi all,
>
> As proposed here by Brian Spector a couple of months ago, we'd like make
> our first ASF release, and as it's our first, I'm sending details of the
> proposed release as a [DISCUSS] item to solicit any feedback from you all
> about both the repos themselves and the release process described below.
> Apologies in advance for the lengthy email, however I think it'll help get
> this release completed successfully and then help with subsequent Milagro
> releases. Please respond with any feedback as soon as possible so we can
> take any required actions before I initiate the formal release process.
>
> One outstanding question I have is whether I need to raise a ticket on
> https://issues.apache.org/jira/? On
> http://www.apache.org/legal/release-policy.html#heads-up it says:
> "Releases of more than 1GB of artifacts require a heads-up to
> Infrastructure in advance." Our release would total ~16Mb, but I've been
> using Apache Openwhisk as a guide, and they list raising such a ticket as
> one of the release requirements (even though their release are also way
> below 1GB).
>
> 1. REPOS
>
> We intend to release two Apache Milagro Crypto repos as a single ASF
> release:
>
> https://github.com/apache/incubator-milagro-crypto-c
>
> milagro-crypto-c is a modern cryptographic C library that focuses on
> Elliptic Curve Cryptography but has support for legacy systems that require
> RSA. There is support for three different security levels; 128, 192 and 256
> bit. It has been written only in C and has no external dependencies other
> than an entropy source. Measures have been taken in the code base to
> prevent side channel attacks. Pairing based cryptography (PBC) is a
> maturing field that has recently gained widespread acceptance. The library
> supports schemes that make use of PBC such as BLS for short signatures and
> MPIN for multi-factor authentication (MFA).
>
> https://github.com/apache/incubator-milagro-crypto-js
>
> milagro-crypto-js is the JavaScript equivalent of milagro-crypto-c. It has
> all the same functionality, API and even the intermediate calculated values
> in the functions are the same. This library allows you to run MFA using
> MPIN in the browser which, to the best of our knowledge, is the only such
> implementation of MFA in this context.
>
> Both libraries have been under active development for many years and the
> APIs haven't changed in several months. There are extensive tests using
> third party test vectors and the tooling required to deploy this software
> into a modern software project. We believe that the code base has reached
> the point that we can perform a general availability (GA) releases.
>
> Both releases will be from their respective master branches
>
> I propose that both releases will be tagged as version 1.0.0, but would
> welcome alternative proposals.
>
> 2. TESTING
>
> With help from Kealan McCusker & Howard Kitto, we've successfully followed
> all the installation instructions and ran all the tests as described in the
> repos' respective readmes on Linux, MacOS & Windows, but would appreciate
> it if anyone else could replicate these test for confirmation.
>
> 3. DISCLAIMER, LICENCE & NOTICE FILES
>
> Both repos have the required disclaimer, notice and licence files in their
> root directories.
>
> All source files have the appropriate licence header.
>
> 4. RELEASE FILES
>
> Both repos will be included as zipped archives with standalone signatures
> and sha512 hash as per http://www.apache.org/dev/release-signing.html
>
> The keys file will include all relevant public keys.
>
> Files:
>
> apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz
> apache-milagro-crypto-c-1.0.0-incubating-src.asc
> apache-milagro-crypto-c-1.0.0-incubating-src.sha512
> apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz
> apache-milagro-crypto-js-1.0.0-incubating-src.asc
> apache-milagro-crypto-js-1.0.0-incubating-src.sha512
> keys
>
> 5. STAGING DESTINATION
>
> All the above files will be uploaded to:
>
> https://dist.apache.org/repos/dist/dev/incubator/milagro
>
> 6. ROUND 1 VOTE
>
> When: 24 hours after the above upload
> To: dev@milagro.incubator.apache.org
> Success: 3 x +1 votes
> Voting period: 72 hours minimum
>
> 7. ROUND 2 VOTE
>
> When: After round 1 voting approval
> To: general@incubator.apache.org
> Cc: dev@milagro.incubator.apache.org
> Success: 3 x +1 votes
> Voting period: 72 hours minimum
>
> 8. RELEASE DESTINATION
>
> After round 2 approval, the files will be uploaded to:
>
> http://www.apache.org/dist/incubator/milagro/
>
> 9. PROJECT WEBSITE
>
> I'm currently working on updating https://milagro.apache.org as follows:
>
> - include download links for the release
> - add the standard Apache incubator disclaimer
> - update the documentation for the two repos
>
> 10. ACKNOWLEDGMENTS
>
> Many thanks to everyone that's contributed to these libraries - a list of
> contributors is in each repos' readme - but please feel free to add
> yourself if you've made a contribution.
>
> Regards,
>
> John
>
> John McCane-Whitney
> Director of Product at Qredo Ltd
> T: +44 7966 490687
> 1 Primrose Street
> London, UK EC2A 2EX
> https://qredo.com
> Qredo Ltd is a limited company registered in England and Wales (registered
> number 7834052). This e-mail and any attachments are confidential, and are
> intended only for the named addressee(s). If you are not the intended
> recipient you may not copy, disclose to anyone else or otherwise use the
> content of this e-mail or any attachment thereto and should notify the
> sender immediately and delete them from your system.
>
>