You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@iotdb.apache.org by Xiangdong Huang <sa...@gmail.com> on 2020/06/17 12:08:14 UTC
[discuss] Apache IoTDB 0.10.0 (incubating) RC4 release
Hi all,
We can discuss the issue of releasing v0.10.0 RC4 here.
This is the 4th release candidate of v0.10.0, I send the vote mail after a
6 hours cooling-off period after uploading the files to the dev SVN repo...
I hope this RC has no issues anymore...
Of course, if there is -1, I will release RC5 :)
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Re: [discuss] Apache IoTDB 0.10.0 (incubating) RC4 release
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
With some keys it may be a little easier than others as if they are from an apache address there is a higher implicit degree of trust. For example I’ve met Julian in person in the past and would sign his key online (hint hint).
Justin
Re: [discuss] Apache IoTDB 0.10.0 (incubating) RC4 release
Posted by Ray <ne...@163.com>.
Hi,
> Xiangdong: But I wonder even all committers having signed PGP keys, how to use that in the release verification stage?
Hope these two links [1][2] helpful.
From my understanding, checking signatures include two steps.
The first step is to verify the connection of the file and the key. The second step is to verify the connection of the key and the real person.
The second step is where the "trust path" comes into play - either I signed the key or someone I trusted signed the key.
> Chris: Would be great if the web-of trust could be extended to IoTDB RMs ...
+1. I realize I haven't performed the second step yet.
[1] https://www.apache.org/info/verification.html#CheckingSignatures
[2] https://gnupg.org/download/integrity_check.html
Regards,
Lei Rui
On 6/23/2020 23:24,Xiangdong Huang<sa...@gmail.com> wrote:
Hi Chris,
I personally would be a little hesitant to do it remotely ;-)
Well, I agree to doing that face to face in a physical meeting, but it is a
little hard in the current COVID-19 situation... (so we can postpone that.)
But I wonder even all committers having signed PGP keys, how to use that in
the release verification stage?
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Christofer Dutz <ch...@c-ware.de> 于2020年6月23日周二 下午11:14写道:
Hi Xiangdong,
well usually a key-signging is usually a physical meeting where you go
with your passport to be 100% sure you're talking to the right person and
signing the right person's key.
I personally would be a little hesitant to do it remotely ;-)
https://www.youtube.com/watch?v=dJJLqXVpVGY
If you folks meet in person, there should be no problem. However it would
only be useful, if there is some link to other Apache folks (Some of you
have keys signed by other Apache folks)
Chris
Am 23.06.20, 17:04 schrieb "Xiangdong Huang" <sa...@gmail.com>:
Hi all,
Thank all of you to attend the vote (maybe this is the first time that
we
receive more than 15 votes).
It is due to all of our mentors (and IPMCs) keep to appealing for more
PPMCs joining it.
It is also due to all active contributors in the community.
By the way, I notice that Chris gives the advise (I know Chris just
finished a milestone of PLC4x and then immediately began to verify
IoTDB's
release):
Would be great if the web-of trust could be extended to IoTDB RMs ...
As I know most of these guys, I can sign their pgp key, but how to use
their pgp key in the releasing verification stage?
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Xiangdong Huang <sa...@gmail.com> 于2020年6月22日周一 下午4:30写道:
Hi,
We have received 3 PPMC votes.
Will there be more PPMCs voting on this?
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Xiangdong Huang <sa...@gmail.com> 于2020年6月19日周五 下午9:40写道:
Hi,
The binary NOTICE is very likely to be missing content from other
Apache licensed NOTICE files.
Are there some more hints for this?
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Xiangdong Huang <sa...@gmail.com> 于2020年6月17日周三 下午8:08写道:
Hi all,
We can discuss the issue of releasing v0.10.0 RC4 here.
This is the 4th release candidate of v0.10.0, I send the vote mail
after
a 6 hours cooling-off period after uploading the files to the dev
SVN
repo... I hope this RC has no issues anymore...
Of course, if there is -1, I will release RC5 :)
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Re: [discuss] Apache IoTDB 0.10.0 (incubating) RC4 release
Posted by Julian Feinauer <j....@pragmaticminds.de>.
Hi,
I think virtual keysigning is possible if there is some kind of trust.
I, for example, would feel comfortable enough to sign a key from people I know via a Websession.
If official documents are prepared and scanned it can be done.
In the end, everybody has to decide which key he wants to sign and which dont.
Julian
Am 24.06.20, 02:12 schrieb "Justin Mclean" <ju...@classsoftware.com>:
Hi,
There’s an option the sign a release with multiple keys but few projects do that, and it’s usually just the release manager.
Justin
Re: [discuss] Apache IoTDB 0.10.0 (incubating) RC4 release
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
There’s an option the sign a release with multiple keys but few projects do that, and it’s usually just the release manager.
Justin
Re: [discuss] Apache IoTDB 0.10.0 (incubating) RC4 release
Posted by Xiangdong Huang <sa...@gmail.com>.
Hi Chris,
> I personally would be a little hesitant to do it remotely ;-)
Well, I agree to doing that face to face in a physical meeting, but it is a
little hard in the current COVID-19 situation... (so we can postpone that.)
But I wonder even all committers having signed PGP keys, how to use that in
the release verification stage?
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Christofer Dutz <ch...@c-ware.de> 于2020年6月23日周二 下午11:14写道:
> Hi Xiangdong,
>
> well usually a key-signging is usually a physical meeting where you go
> with your passport to be 100% sure you're talking to the right person and
> signing the right person's key.
>
> I personally would be a little hesitant to do it remotely ;-)
> https://www.youtube.com/watch?v=dJJLqXVpVGY
>
> If you folks meet in person, there should be no problem. However it would
> only be useful, if there is some link to other Apache folks (Some of you
> have keys signed by other Apache folks)
>
> Chris
>
>
> Am 23.06.20, 17:04 schrieb "Xiangdong Huang" <sa...@gmail.com>:
>
> Hi all,
>
> Thank all of you to attend the vote (maybe this is the first time that
> we
> receive more than 15 votes).
>
> It is due to all of our mentors (and IPMCs) keep to appealing for more
> PPMCs joining it.
>
> It is also due to all active contributors in the community.
>
> By the way, I notice that Chris gives the advise (I know Chris just
> finished a milestone of PLC4x and then immediately began to verify
> IoTDB's
> release):
>
> > Would be great if the web-of trust could be extended to IoTDB RMs ...
>
> As I know most of these guys, I can sign their pgp key, but how to use
> their pgp key in the releasing verification stage?
>
> Best,
> -----------------------------------
> Xiangdong Huang
> School of Software, Tsinghua University
>
> 黄向东
> 清华大学 软件学院
>
>
> Xiangdong Huang <sa...@gmail.com> 于2020年6月22日周一 下午4:30写道:
>
> > Hi,
> >
> > We have received 3 PPMC votes.
> > Will there be more PPMCs voting on this?
> >
> > Best,
> > -----------------------------------
> > Xiangdong Huang
> > School of Software, Tsinghua University
> >
> > 黄向东
> > 清华大学 软件学院
> >
> >
> > Xiangdong Huang <sa...@gmail.com> 于2020年6月19日周五 下午9:40写道:
> >
> >> Hi,
> >>
> >> > The binary NOTICE is very likely to be missing content from other
> >> Apache licensed NOTICE files.
> >>
> >> Are there some more hints for this?
> >>
> >> Best,
> >> -----------------------------------
> >> Xiangdong Huang
> >> School of Software, Tsinghua University
> >>
> >> 黄向东
> >> 清华大学 软件学院
> >>
> >>
> >> Xiangdong Huang <sa...@gmail.com> 于2020年6月17日周三 下午8:08写道:
> >>
> >>> Hi all,
> >>>
> >>> We can discuss the issue of releasing v0.10.0 RC4 here.
> >>>
> >>> This is the 4th release candidate of v0.10.0, I send the vote mail
> after
> >>> a 6 hours cooling-off period after uploading the files to the dev
> SVN
> >>> repo... I hope this RC has no issues anymore...
> >>>
> >>> Of course, if there is -1, I will release RC5 :)
> >>>
> >>> Best,
> >>> -----------------------------------
> >>> Xiangdong Huang
> >>> School of Software, Tsinghua University
> >>>
> >>> 黄向东
> >>> 清华大学 软件学院
> >>>
> >>
>
>
Re: [discuss] Apache IoTDB 0.10.0 (incubating) RC4 release
Posted by Christofer Dutz <ch...@c-ware.de>.
Hi Xiangdong,
well usually a key-signging is usually a physical meeting where you go with your passport to be 100% sure you're talking to the right person and signing the right person's key.
I personally would be a little hesitant to do it remotely ;-)
https://www.youtube.com/watch?v=dJJLqXVpVGY
If you folks meet in person, there should be no problem. However it would only be useful, if there is some link to other Apache folks (Some of you have keys signed by other Apache folks)
Chris
Am 23.06.20, 17:04 schrieb "Xiangdong Huang" <sa...@gmail.com>:
Hi all,
Thank all of you to attend the vote (maybe this is the first time that we
receive more than 15 votes).
It is due to all of our mentors (and IPMCs) keep to appealing for more
PPMCs joining it.
It is also due to all active contributors in the community.
By the way, I notice that Chris gives the advise (I know Chris just
finished a milestone of PLC4x and then immediately began to verify IoTDB's
release):
> Would be great if the web-of trust could be extended to IoTDB RMs ...
As I know most of these guys, I can sign their pgp key, but how to use
their pgp key in the releasing verification stage?
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Xiangdong Huang <sa...@gmail.com> 于2020年6月22日周一 下午4:30写道:
> Hi,
>
> We have received 3 PPMC votes.
> Will there be more PPMCs voting on this?
>
> Best,
> -----------------------------------
> Xiangdong Huang
> School of Software, Tsinghua University
>
> 黄向东
> 清华大学 软件学院
>
>
> Xiangdong Huang <sa...@gmail.com> 于2020年6月19日周五 下午9:40写道:
>
>> Hi,
>>
>> > The binary NOTICE is very likely to be missing content from other
>> Apache licensed NOTICE files.
>>
>> Are there some more hints for this?
>>
>> Best,
>> -----------------------------------
>> Xiangdong Huang
>> School of Software, Tsinghua University
>>
>> 黄向东
>> 清华大学 软件学院
>>
>>
>> Xiangdong Huang <sa...@gmail.com> 于2020年6月17日周三 下午8:08写道:
>>
>>> Hi all,
>>>
>>> We can discuss the issue of releasing v0.10.0 RC4 here.
>>>
>>> This is the 4th release candidate of v0.10.0, I send the vote mail after
>>> a 6 hours cooling-off period after uploading the files to the dev SVN
>>> repo... I hope this RC has no issues anymore...
>>>
>>> Of course, if there is -1, I will release RC5 :)
>>>
>>> Best,
>>> -----------------------------------
>>> Xiangdong Huang
>>> School of Software, Tsinghua University
>>>
>>> 黄向东
>>> 清华大学 软件学院
>>>
>>
Re: [discuss] Apache IoTDB 0.10.0 (incubating) RC4 release
Posted by Xiangdong Huang <sa...@gmail.com>.
Hi all,
Thank all of you to attend the vote (maybe this is the first time that we
receive more than 15 votes).
It is due to all of our mentors (and IPMCs) keep to appealing for more
PPMCs joining it.
It is also due to all active contributors in the community.
By the way, I notice that Chris gives the advise (I know Chris just
finished a milestone of PLC4x and then immediately began to verify IoTDB's
release):
> Would be great if the web-of trust could be extended to IoTDB RMs ...
As I know most of these guys, I can sign their pgp key, but how to use
their pgp key in the releasing verification stage?
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Xiangdong Huang <sa...@gmail.com> 于2020年6月22日周一 下午4:30写道:
> Hi,
>
> We have received 3 PPMC votes.
> Will there be more PPMCs voting on this?
>
> Best,
> -----------------------------------
> Xiangdong Huang
> School of Software, Tsinghua University
>
> 黄向东
> 清华大学 软件学院
>
>
> Xiangdong Huang <sa...@gmail.com> 于2020年6月19日周五 下午9:40写道:
>
>> Hi,
>>
>> > The binary NOTICE is very likely to be missing content from other
>> Apache licensed NOTICE files.
>>
>> Are there some more hints for this?
>>
>> Best,
>> -----------------------------------
>> Xiangdong Huang
>> School of Software, Tsinghua University
>>
>> 黄向东
>> 清华大学 软件学院
>>
>>
>> Xiangdong Huang <sa...@gmail.com> 于2020年6月17日周三 下午8:08写道:
>>
>>> Hi all,
>>>
>>> We can discuss the issue of releasing v0.10.0 RC4 here.
>>>
>>> This is the 4th release candidate of v0.10.0, I send the vote mail after
>>> a 6 hours cooling-off period after uploading the files to the dev SVN
>>> repo... I hope this RC has no issues anymore...
>>>
>>> Of course, if there is -1, I will release RC5 :)
>>>
>>> Best,
>>> -----------------------------------
>>> Xiangdong Huang
>>> School of Software, Tsinghua University
>>>
>>> 黄向东
>>> 清华大学 软件学院
>>>
>>
Re: [discuss] Apache IoTDB 0.10.0 (incubating) RC4 release
Posted by Xiangdong Huang <sa...@gmail.com>.
Hi,
We have received 3 PPMC votes.
Will there be more PPMCs voting on this?
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Xiangdong Huang <sa...@gmail.com> 于2020年6月19日周五 下午9:40写道:
> Hi,
>
> > The binary NOTICE is very likely to be missing content from other Apache
> licensed NOTICE files.
>
> Are there some more hints for this?
>
> Best,
> -----------------------------------
> Xiangdong Huang
> School of Software, Tsinghua University
>
> 黄向东
> 清华大学 软件学院
>
>
> Xiangdong Huang <sa...@gmail.com> 于2020年6月17日周三 下午8:08写道:
>
>> Hi all,
>>
>> We can discuss the issue of releasing v0.10.0 RC4 here.
>>
>> This is the 4th release candidate of v0.10.0, I send the vote mail after
>> a 6 hours cooling-off period after uploading the files to the dev SVN
>> repo... I hope this RC has no issues anymore...
>>
>> Of course, if there is -1, I will release RC5 :)
>>
>> Best,
>> -----------------------------------
>> Xiangdong Huang
>> School of Software, Tsinghua University
>>
>> 黄向东
>> 清华大学 软件学院
>>
>
Re: [discuss] Apache IoTDB 0.10.0 (incubating) RC4 release
Posted by Xiangdong Huang <sa...@gmail.com>.
Hi,
> The binary NOTICE is very likely to be missing content from other Apache
licensed NOTICE files.
Are there some more hints for this?
Best,
-----------------------------------
Xiangdong Huang
School of Software, Tsinghua University
黄向东
清华大学 软件学院
Xiangdong Huang <sa...@gmail.com> 于2020年6月17日周三 下午8:08写道:
> Hi all,
>
> We can discuss the issue of releasing v0.10.0 RC4 here.
>
> This is the 4th release candidate of v0.10.0, I send the vote mail after a
> 6 hours cooling-off period after uploading the files to the dev SVN repo...
> I hope this RC has no issues anymore...
>
> Of course, if there is -1, I will release RC5 :)
>
> Best,
> -----------------------------------
> Xiangdong Huang
> School of Software, Tsinghua University
>
> 黄向东
> 清华大学 软件学院
>