You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@airavata.apache.org by Shameera Rathnayaka <sh...@apache.org> on 2016/07/13 20:20:53 UTC
[DISCUSS] Apache Airavata release 0.16- RC1
Discussion thread for vote on Apache Airavata 0.16 release candidate.
If you have any questions or feedback or to post results of validating
the release, please reply to this thread. Once you verify the release,
please post your vote to the VOTE thread.
For reference, the Apache release guide -
http://www.apache.org/dev/release.html
Some tips to validate the release before you vote:
* Download the binary version and run the 5 minute or 10 minute
tutorial as described in README and website.
* Download the source files from compressed files and release tag and
build (which includes tests).
* Verify the distribution for the required LICENSE and NOTICE files
* Verify if all the staged files are signed and the signature is verifiable.
* Verify if the signing key in the project's KEYS file is hosted on a
public server
Thanks for your time in validating the release and voting,
Shameera Rathnayaka
(On Behalf of Airavata PMC)
Re: [DISCUSS] Apache Airavata release 0.16- RC1
Posted by Shameera Rathnayaka <sh...@gmail.com>.
Hi Suresh,
I had to create new gpg signature with 4096 length instead of my previous
signature which has 2048 length. I followed this
http://www.apache.org/dev/key-transition.html to perform the valid key
transition. Thank you for signing my new key.
Thanks,
Shameera
On Thu, Jul 14, 2016 at 1:04 PM Suresh Marru <sm...@apache.org> wrote:
> After reading [1] and [2], the warning is ok since we can verify your
> finger print and more over see your old key with full signatures. I also
> signed your new key and pushed to the key server.
>
> I looked through the source release and we are good with License and
> Notice files. The binary release will need updates to L&N files, but since
> these are convenience binaries, I will not block the release and instead
> raised a JIRA [3] for all us to address before next release.
>
> The binary package runs fine. I will send my vote on the vote thread.
>
> Suresh
>
> [1] - http://www.apache.org/info/verification.html
> [2] - https://dev.mysql.com/doc/refman/5.5/en/checking-gpg-signature.html
> [3] - https://issues.apache.org/jira/browse/AIRAVATA-2002
>
> On Jul 14, 2016, at 12:44 PM, Suresh Marru <sm...@apache.org> wrote:
>
> Hi Shameera,
>
> Thanks for putting together this release, very meticulously done.
>
> I verified the signatures and it shows some warnings, will dig into it to
> see if this is ok or a blocker:
>
> gpg: assuming signed data in './airavata-0.16-source-release.zip'
> gpg: Signature made Wed Jul 13 15:12:36 2016 EDT using RSA key ID 3DBF6C86
> gpg: requesting key 3DBF6C86 from hkps server hkps.pool.sks-keyservers.net
> gpg: key 3DBF6C86: public key "Shameera Rathnayaka (Personal Email
> Address) <sh...@gmail.com>" imported
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2018-08-19
> gpg: Total number processed: 1
> gpg: imported: 1 (RSA: 1)
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <
> shameerainfo@gmail.com>" [unknown]
> gpg: aka "Shameera Rathnayaka (CODE SIGNING KEY) <
> shameera@apache.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A F290 53C3 1FCF 3DBF 6C86
> gpg: assuming signed data in
> './apache-airavata-distribution-0.16-bin.tar.gz'
> gpg: Signature made Wed Jul 13 15:17:31 2016 EDT using RSA key ID 3DBF6C86
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <
> shameerainfo@gmail.com>" [unknown]
> gpg: aka "Shameera Rathnayaka (CODE SIGNING KEY) <
> shameera@apache.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A F290 53C3 1FCF 3DBF 6C86
> gpg: assuming signed data in './apache-airavata-distribution-0.16-bin.zip'
> gpg: Signature made Wed Jul 13 15:17:31 2016 EDT using RSA key ID 3DBF6C86
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <
> shameerainfo@gmail.com>" [unknown]
> gpg: aka "Shameera Rathnayaka (CODE SIGNING KEY) <
> shameera@apache.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A F290 53C3 1FCF 3DBF 6C86
>
> Suresh
>
>
> On Jul 13, 2016, at 4:20 PM, Shameera Rathnayaka <sh...@apache.org>
> wrote:
>
> Discussion thread for vote on Apache Airavata 0.16 release candidate.
>
> If you have any questions or feedback or to post results of validating the release, please reply to this thread. Once you verify the release, please post your vote to the VOTE thread.
>
> For reference, the Apache release guide - http://www.apache.org/dev/release.html
>
> Some tips to validate the release before you vote:
>
> * Download the binary version and run the 5 minute or 10 minute tutorial as described in README and website.
> * Download the source files from compressed files and release tag and build (which includes tests).
> * Verify the distribution for the required LICENSE and NOTICE files
> * Verify if all the staged files are signed and the signature is verifiable.
> * Verify if the signing key in the project's KEYS file is hosted on a public server
>
> Thanks for your time in validating the release and voting,
> Shameera Rathnayaka
> (On Behalf of Airavata PMC)
>
>
>
> --
Shameera Rathnayaka
Re: [DISCUSS] Apache Airavata release 0.16- RC1
Posted by Suresh Marru <sm...@apache.org>.
After reading [1] and [2], the warning is ok since we can verify your finger print and more over see your old key with full signatures. I also signed your new key and pushed to the key server.
I looked through the source release and we are good with License and Notice files. The binary release will need updates to L&N files, but since these are convenience binaries, I will not block the release and instead raised a JIRA [3] for all us to address before next release.
The binary package runs fine. I will send my vote on the vote thread.
Suresh
[1] - http://www.apache.org/info/verification.html <http://www.apache.org/info/verification.html>
[2] - https://dev.mysql.com/doc/refman/5.5/en/checking-gpg-signature.html <https://dev.mysql.com/doc/refman/5.5/en/checking-gpg-signature.html>
[3] - https://issues.apache.org/jira/browse/AIRAVATA-2002 <https://issues.apache.org/jira/browse/AIRAVATA-2002>
> On Jul 14, 2016, at 12:44 PM, Suresh Marru <sm...@apache.org> wrote:
>
> Hi Shameera,
>
> Thanks for putting together this release, very meticulously done.
>
> I verified the signatures and it shows some warnings, will dig into it to see if this is ok or a blocker:
>
> gpg: assuming signed data in './airavata-0.16-source-release.zip'
> gpg: Signature made Wed Jul 13 15:12:36 2016 EDT using RSA key ID 3DBF6C86
> gpg: requesting key 3DBF6C86 from hkps server hkps.pool.sks-keyservers.net <http://hkps.pool.sks-keyservers.net/>
> gpg: key 3DBF6C86: public key "Shameera Rathnayaka (Personal Email Address) <shameerainfo@gmail.com <ma...@gmail.com>>" imported
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2018-08-19
> gpg: Total number processed: 1
> gpg: imported: 1 (RSA: 1)
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <shameerainfo@gmail.com <ma...@gmail.com>>" [unknown]
> gpg: aka "Shameera Rathnayaka (CODE SIGNING KEY) <shameera@apache.org <ma...@apache.org>>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A F290 53C3 1FCF 3DBF 6C86
> gpg: assuming signed data in './apache-airavata-distribution-0.16-bin.tar.gz'
> gpg: Signature made Wed Jul 13 15:17:31 2016 EDT using RSA key ID 3DBF6C86
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <shameerainfo@gmail.com <ma...@gmail.com>>" [unknown]
> gpg: aka "Shameera Rathnayaka (CODE SIGNING KEY) <shameera@apache.org <ma...@apache.org>>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A F290 53C3 1FCF 3DBF 6C86
> gpg: assuming signed data in './apache-airavata-distribution-0.16-bin.zip'
> gpg: Signature made Wed Jul 13 15:17:31 2016 EDT using RSA key ID 3DBF6C86
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <shameerainfo@gmail.com <ma...@gmail.com>>" [unknown]
> gpg: aka "Shameera Rathnayaka (CODE SIGNING KEY) <shameera@apache.org <ma...@apache.org>>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A F290 53C3 1FCF 3DBF 6C86
>
> Suresh
>
>
>> On Jul 13, 2016, at 4:20 PM, Shameera Rathnayaka <shameera@apache.org <ma...@apache.org>> wrote:
>>
>> Discussion thread for vote on Apache Airavata 0.16 release candidate.
>>
>> If you have any questions or feedback or to post results of validating the release, please reply to this thread. Once you verify the release, please post your vote to the VOTE thread.
>>
>> For reference, the Apache release guide - http://www.apache.org/dev/release.html <http://www.apache.org/dev/release.html>
>>
>> Some tips to validate the release before you vote:
>>
>> * Download the binary version and run the 5 minute or 10 minute tutorial as described in README and website.
>> * Download the source files from compressed files and release tag and build (which includes tests).
>> * Verify the distribution for the required LICENSE and NOTICE files
>> * Verify if all the staged files are signed and the signature is verifiable.
>> * Verify if the signing key in the project's KEYS file is hosted on a public server
>>
>> Thanks for your time in validating the release and voting,
>> Shameera Rathnayaka
>> (On Behalf of Airavata PMC)
>
Re: [DISCUSS] Apache Airavata release 0.16- RC1
Posted by Suresh Marru <sm...@apache.org>.
Hi Shameera,
Thanks for putting together this release, very meticulously done.
I verified the signatures and it shows some warnings, will dig into it to see if this is ok or a blocker:
gpg: assuming signed data in './airavata-0.16-source-release.zip'
gpg: Signature made Wed Jul 13 15:12:36 2016 EDT using RSA key ID 3DBF6C86
gpg: requesting key 3DBF6C86 from hkps server hkps.pool.sks-keyservers.net
gpg: key 3DBF6C86: public key "Shameera Rathnayaka (Personal Email Address) <sh...@gmail.com>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2018-08-19
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <sh...@gmail.com>" [unknown]
gpg: aka "Shameera Rathnayaka (CODE SIGNING KEY) <sh...@apache.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A F290 53C3 1FCF 3DBF 6C86
gpg: assuming signed data in './apache-airavata-distribution-0.16-bin.tar.gz'
gpg: Signature made Wed Jul 13 15:17:31 2016 EDT using RSA key ID 3DBF6C86
gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <sh...@gmail.com>" [unknown]
gpg: aka "Shameera Rathnayaka (CODE SIGNING KEY) <sh...@apache.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A F290 53C3 1FCF 3DBF 6C86
gpg: assuming signed data in './apache-airavata-distribution-0.16-bin.zip'
gpg: Signature made Wed Jul 13 15:17:31 2016 EDT using RSA key ID 3DBF6C86
gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <sh...@gmail.com>" [unknown]
gpg: aka "Shameera Rathnayaka (CODE SIGNING KEY) <sh...@apache.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A F290 53C3 1FCF 3DBF 6C86
Suresh
> On Jul 13, 2016, at 4:20 PM, Shameera Rathnayaka <sh...@apache.org> wrote:
>
> Discussion thread for vote on Apache Airavata 0.16 release candidate.
>
> If you have any questions or feedback or to post results of validating the release, please reply to this thread. Once you verify the release, please post your vote to the VOTE thread.
>
> For reference, the Apache release guide - http://www.apache.org/dev/release.html <http://www.apache.org/dev/release.html>
>
> Some tips to validate the release before you vote:
>
> * Download the binary version and run the 5 minute or 10 minute tutorial as described in README and website.
> * Download the source files from compressed files and release tag and build (which includes tests).
> * Verify the distribution for the required LICENSE and NOTICE files
> * Verify if all the staged files are signed and the signature is verifiable.
> * Verify if the signing key in the project's KEYS file is hosted on a public server
>
> Thanks for your time in validating the release and voting,
> Shameera Rathnayaka
> (On Behalf of Airavata PMC)