You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geode.apache.org by Mike Stolz <mi...@apache.org> on 2018/04/26 18:05:31 UTC
[VOTE] Apache Geode 1.6.0 RC1
This is the first release candidate for Apache Geode, version 1.6.0.
Thanks to all the community members for their contributions to this
release!
*** Please download, test and vote by Monday, April 30, 1500 hrs US
Pacific. ***
It fixes 157 issues. Release notes can be found at:
https://cwiki.apache.org/confluence/display/GEODE/
Release+Notes#ReleaseNotes-1.6.0.
Note that we are voting upon the source tags: rel/v1.6.0.RC1
https://github.com/apache/geode/tree/rel/v1.6.0.RC1
https://github.com/apache/geode-examples/tree/rel/v1.6.0.RC1
Commit ID:
b4ba77f5131018d36b79608ef007dd3cbd761cd9 (geode)
45d174a1280e539108341b286ff79938f9729bc7 (geode-examples)
Source and binary files:
https://dist.apache.org/repos/dist/dev/geode/1.6.0.RC1
Maven staging repo:
https://repository.apache.org/content/repositories/orgapachegeode-1041
Geode's KEYS file containing PGP keys we use to sign the release:
https://github.com/apache/geode/blob/develop/KEYS
Release Signed with Fingerprint:
pub rsa4096 2018-04-12 [SC] [expires: 2022-04-12]
876331B45A97E382D1BDFB4444820F9CABF4396F
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Swapnil Bawaskar <sb...@pivotal.io>.
+1
On Tue, May 1, 2018 at 2:19 PM Dan Smith <ds...@pivotal.io> wrote:
> +1
>
> Ran geode-release-check, looks good to me.
>
> -Dan
>
> On Tue, May 1, 2018 at 11:55 AM, Anthony Baker <ab...@pivotal.io> wrote:
>
> > Ok, thanks Galen. AFAICT, the KEYS file being referred to is this one:
> > https://dist.apache.org/repos/dist/release/geode/KEYS <
> > https://dist.apache.org/repos/dist/release/geode/KEYS>. Other Apache
> > projects like Flink, Beam, Impala, or Kafka don’t version control their
> > KEYS file.
> >
> > @PMC - we need more reviews and votes to complete this release in a
> timely
> > manner. Please check it out.
> >
> > Anthony
> >
> >
> > > On May 1, 2018, at 11:42 AM, Galen O'Sullivan <go...@pivotal.io>
> > wrote:
> > >
> > > Thanks for the clarification, Anthony. The release signing page you
> > linked does say this:
> > >
> > > > Since the KEYS may be needed to check signatures for archived
> > releases, it is important that all keys that have ever been used to sign
> > releases are retained in the file. Entries should only be added (as
> > described above), not removed.
> > >
> > > > Your public key should be exported and the result appended to the
> > appropriate KEYS file(s).
> > >
> > > I think we should get Mike's key added to both the develop and release
> > branches. I would prefer if it was present in the release tag (it could
> be
> > confusing for someone checking release history).
> > >
> > > But I guess it shouldn't be too much of a problem if the key isn't in
> > KEYS on the release. It won't affect the binary.
> > >
> > > I'll change to a +0.
> > >
> > > Galen
> > >
> > > On 5/1/18 10:15 AM, Anthony Baker wrote:
> > >> Galen,
> > >>
> > >> Given the above information what are your thoughts?
> > >>
> > >> Anthony
> > >>
> > >>
> > >>> On Apr 30, 2018, at 3:01 PM, Anthony Baker <ab...@pivotal.io>
> wrote:
> > >>>
> > >>> Please review the ASF policy on signing releases [1]. I think these
> > points are pertinent:
> > >>>
> > >>> - The release manager signs the release. That provides the
> > verification that the release binaries were in fact created by the
> release
> > manager and have not been modified. Multiple signatures are not required
> > or even possible sometimes.
> > >>>
> > >>> - The KEYS file in git[2] is a convenience for keeping [3] up to
> > date. In fact, the KEYS file is a secondary check for a fingerprint at
> > id.apache.org (see [4] for how ASF checks signatures on releases).
> > >>>
> > >>> To me I don’t see a strict necessity to include the KEYS file commit
> > in the release tag. It’s on the release branch and it will be merged to
> > /develop.
> > >>>
> > >>> $.02,
> > >>> Anthony
> > >>>
> > >>> [1] http://apache.org/dev/release-signing.html
> > >>> [2] https://github.com/apache/geode/blob/develop/KEYS
> > >>> [3] https://dist.apache.org/repos/dist/release/geode/KEYS
> > >>> [4] https://mirror-vm.apache.org/~henkp/checker/faq.html
> > >>>
> > >>>> On Apr 30, 2018, at 10:31 AM, Galen O'Sullivan <
> gosullivan@pivotal.io>
> > wrote:
> > >>>>
> > >>>> -1
> > >>>>
> > >>>> I don't see Mike's key in the KEYS file on either rel/v1.6.0.RC1 (
> > 5ce726bd7b4f8d2648fd011a807a1bcc624ddfa5) or on develop.
> > >>>>
> > >>>> It seems odd to me to add a new key and use it to sign the release
> > without using an already-existing key to sign the release as well. If
> > someone's trying to verify a source tag, there isn't a chain of
> signatures
> > with the last signer of the release signing a commit with the addition of
> > the next new key.
> > >>>>
> > >>>> Galen
> > >
> >
> >
>
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Dan Smith <ds...@pivotal.io>.
+1
Ran geode-release-check, looks good to me.
-Dan
On Tue, May 1, 2018 at 11:55 AM, Anthony Baker <ab...@pivotal.io> wrote:
> Ok, thanks Galen. AFAICT, the KEYS file being referred to is this one:
> https://dist.apache.org/repos/dist/release/geode/KEYS <
> https://dist.apache.org/repos/dist/release/geode/KEYS>. Other Apache
> projects like Flink, Beam, Impala, or Kafka don’t version control their
> KEYS file.
>
> @PMC - we need more reviews and votes to complete this release in a timely
> manner. Please check it out.
>
> Anthony
>
>
> > On May 1, 2018, at 11:42 AM, Galen O'Sullivan <go...@pivotal.io>
> wrote:
> >
> > Thanks for the clarification, Anthony. The release signing page you
> linked does say this:
> >
> > > Since the KEYS may be needed to check signatures for archived
> releases, it is important that all keys that have ever been used to sign
> releases are retained in the file. Entries should only be added (as
> described above), not removed.
> >
> > > Your public key should be exported and the result appended to the
> appropriate KEYS file(s).
> >
> > I think we should get Mike's key added to both the develop and release
> branches. I would prefer if it was present in the release tag (it could be
> confusing for someone checking release history).
> >
> > But I guess it shouldn't be too much of a problem if the key isn't in
> KEYS on the release. It won't affect the binary.
> >
> > I'll change to a +0.
> >
> > Galen
> >
> > On 5/1/18 10:15 AM, Anthony Baker wrote:
> >> Galen,
> >>
> >> Given the above information what are your thoughts?
> >>
> >> Anthony
> >>
> >>
> >>> On Apr 30, 2018, at 3:01 PM, Anthony Baker <ab...@pivotal.io> wrote:
> >>>
> >>> Please review the ASF policy on signing releases [1]. I think these
> points are pertinent:
> >>>
> >>> - The release manager signs the release. That provides the
> verification that the release binaries were in fact created by the release
> manager and have not been modified. Multiple signatures are not required
> or even possible sometimes.
> >>>
> >>> - The KEYS file in git[2] is a convenience for keeping [3] up to
> date. In fact, the KEYS file is a secondary check for a fingerprint at
> id.apache.org (see [4] for how ASF checks signatures on releases).
> >>>
> >>> To me I don’t see a strict necessity to include the KEYS file commit
> in the release tag. It’s on the release branch and it will be merged to
> /develop.
> >>>
> >>> $.02,
> >>> Anthony
> >>>
> >>> [1] http://apache.org/dev/release-signing.html
> >>> [2] https://github.com/apache/geode/blob/develop/KEYS
> >>> [3] https://dist.apache.org/repos/dist/release/geode/KEYS
> >>> [4] https://mirror-vm.apache.org/~henkp/checker/faq.html
> >>>
> >>>> On Apr 30, 2018, at 10:31 AM, Galen O'Sullivan <go...@pivotal.io>
> wrote:
> >>>>
> >>>> -1
> >>>>
> >>>> I don't see Mike's key in the KEYS file on either rel/v1.6.0.RC1 (
> 5ce726bd7b4f8d2648fd011a807a1bcc624ddfa5) or on develop.
> >>>>
> >>>> It seems odd to me to add a new key and use it to sign the release
> without using an already-existing key to sign the release as well. If
> someone's trying to verify a source tag, there isn't a chain of signatures
> with the last signer of the release signing a commit with the addition of
> the next new key.
> >>>>
> >>>> Galen
> >
>
>
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Anthony Baker <ab...@pivotal.io>.
Ok, thanks Galen. AFAICT, the KEYS file being referred to is this one: https://dist.apache.org/repos/dist/release/geode/KEYS <https://dist.apache.org/repos/dist/release/geode/KEYS>. Other Apache projects like Flink, Beam, Impala, or Kafka don’t version control their KEYS file.
@PMC - we need more reviews and votes to complete this release in a timely manner. Please check it out.
Anthony
> On May 1, 2018, at 11:42 AM, Galen O'Sullivan <go...@pivotal.io> wrote:
>
> Thanks for the clarification, Anthony. The release signing page you linked does say this:
>
> > Since the KEYS may be needed to check signatures for archived releases, it is important that all keys that have ever been used to sign releases are retained in the file. Entries should only be added (as described above), not removed.
>
> > Your public key should be exported and the result appended to the appropriate KEYS file(s).
>
> I think we should get Mike's key added to both the develop and release branches. I would prefer if it was present in the release tag (it could be confusing for someone checking release history).
>
> But I guess it shouldn't be too much of a problem if the key isn't in KEYS on the release. It won't affect the binary.
>
> I'll change to a +0.
>
> Galen
>
> On 5/1/18 10:15 AM, Anthony Baker wrote:
>> Galen,
>>
>> Given the above information what are your thoughts?
>>
>> Anthony
>>
>>
>>> On Apr 30, 2018, at 3:01 PM, Anthony Baker <ab...@pivotal.io> wrote:
>>>
>>> Please review the ASF policy on signing releases [1]. I think these points are pertinent:
>>>
>>> - The release manager signs the release. That provides the verification that the release binaries were in fact created by the release manager and have not been modified. Multiple signatures are not required or even possible sometimes.
>>>
>>> - The KEYS file in git[2] is a convenience for keeping [3] up to date. In fact, the KEYS file is a secondary check for a fingerprint at id.apache.org (see [4] for how ASF checks signatures on releases).
>>>
>>> To me I don’t see a strict necessity to include the KEYS file commit in the release tag. It’s on the release branch and it will be merged to /develop.
>>>
>>> $.02,
>>> Anthony
>>>
>>> [1] http://apache.org/dev/release-signing.html
>>> [2] https://github.com/apache/geode/blob/develop/KEYS
>>> [3] https://dist.apache.org/repos/dist/release/geode/KEYS
>>> [4] https://mirror-vm.apache.org/~henkp/checker/faq.html
>>>
>>>> On Apr 30, 2018, at 10:31 AM, Galen O'Sullivan <go...@pivotal.io> wrote:
>>>>
>>>> -1
>>>>
>>>> I don't see Mike's key in the KEYS file on either rel/v1.6.0.RC1 (5ce726bd7b4f8d2648fd011a807a1bcc624ddfa5) or on develop.
>>>>
>>>> It seems odd to me to add a new key and use it to sign the release without using an already-existing key to sign the release as well. If someone's trying to verify a source tag, there isn't a chain of signatures with the last signer of the release signing a commit with the addition of the next new key.
>>>>
>>>> Galen
>
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Galen O'Sullivan <go...@pivotal.io>.
Thanks for the clarification, Anthony. The release signing page you
linked does say this:
> Since the KEYS may be needed to check signatures for archived
releases, it is important that all keys that have ever been used to sign
releases are retained in the file. Entries should only be added (as
described above), not removed.
> Your public key should be exported and the result appended to the
appropriate KEYS file(s).
I think we should get Mike's key added to both the develop and release
branches. I would prefer if it was present in the release tag (it could
be confusing for someone checking release history).
But I guess it shouldn't be too much of a problem if the key isn't in
KEYS on the release. It won't affect the binary.
I'll change to a +0.
Galen
On 5/1/18 10:15 AM, Anthony Baker wrote:
> Galen,
>
> Given the above information what are your thoughts?
>
> Anthony
>
>
>> On Apr 30, 2018, at 3:01 PM, Anthony Baker <ab...@pivotal.io> wrote:
>>
>> Please review the ASF policy on signing releases [1]. I think these points are pertinent:
>>
>> - The release manager signs the release. That provides the verification that the release binaries were in fact created by the release manager and have not been modified. Multiple signatures are not required or even possible sometimes.
>>
>> - The KEYS file in git[2] is a convenience for keeping [3] up to date. In fact, the KEYS file is a secondary check for a fingerprint at id.apache.org (see [4] for how ASF checks signatures on releases).
>>
>> To me I don’t see a strict necessity to include the KEYS file commit in the release tag. It’s on the release branch and it will be merged to /develop.
>>
>> $.02,
>> Anthony
>>
>> [1] http://apache.org/dev/release-signing.html
>> [2] https://github.com/apache/geode/blob/develop/KEYS
>> [3] https://dist.apache.org/repos/dist/release/geode/KEYS
>> [4] https://mirror-vm.apache.org/~henkp/checker/faq.html
>>
>>> On Apr 30, 2018, at 10:31 AM, Galen O'Sullivan <go...@pivotal.io> wrote:
>>>
>>> -1
>>>
>>> I don't see Mike's key in the KEYS file on either rel/v1.6.0.RC1 (5ce726bd7b4f8d2648fd011a807a1bcc624ddfa5) or on develop.
>>>
>>> It seems odd to me to add a new key and use it to sign the release without using an already-existing key to sign the release as well. If someone's trying to verify a source tag, there isn't a chain of signatures with the last signer of the release signing a commit with the addition of the next new key.
>>>
>>> Galen
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Anthony Baker <ab...@pivotal.io>.
Galen,
Given the above information what are your thoughts?
Anthony
> On Apr 30, 2018, at 3:01 PM, Anthony Baker <ab...@pivotal.io> wrote:
>
> Please review the ASF policy on signing releases [1]. I think these points are pertinent:
>
> - The release manager signs the release. That provides the verification that the release binaries were in fact created by the release manager and have not been modified. Multiple signatures are not required or even possible sometimes.
>
> - The KEYS file in git[2] is a convenience for keeping [3] up to date. In fact, the KEYS file is a secondary check for a fingerprint at id.apache.org (see [4] for how ASF checks signatures on releases).
>
> To me I don’t see a strict necessity to include the KEYS file commit in the release tag. It’s on the release branch and it will be merged to /develop.
>
> $.02,
> Anthony
>
> [1] http://apache.org/dev/release-signing.html
> [2] https://github.com/apache/geode/blob/develop/KEYS
> [3] https://dist.apache.org/repos/dist/release/geode/KEYS
> [4] https://mirror-vm.apache.org/~henkp/checker/faq.html
>
>> On Apr 30, 2018, at 10:31 AM, Galen O'Sullivan <go...@pivotal.io> wrote:
>>
>> -1
>>
>> I don't see Mike's key in the KEYS file on either rel/v1.6.0.RC1 (5ce726bd7b4f8d2648fd011a807a1bcc624ddfa5) or on develop.
>>
>> It seems odd to me to add a new key and use it to sign the release without using an already-existing key to sign the release as well. If someone's trying to verify a source tag, there isn't a chain of signatures with the last signer of the release signing a commit with the addition of the next new key.
>>
>> Galen
>
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Anthony Baker <ab...@pivotal.io>.
Please review the ASF policy on signing releases [1]. I think these points are pertinent:
- The release manager signs the release. That provides the verification that the release binaries were in fact created by the release manager and have not been modified. Multiple signatures are not required or even possible sometimes.
- The KEYS file in git[2] is a convenience for keeping [3] up to date. In fact, the KEYS file is a secondary check for a fingerprint at id.apache.org (see [4] for how ASF checks signatures on releases).
To me I don’t see a strict necessity to include the KEYS file commit in the release tag. It’s on the release branch and it will be merged to /develop.
$.02,
Anthony
[1] http://apache.org/dev/release-signing.html
[2] https://github.com/apache/geode/blob/develop/KEYS
[3] https://dist.apache.org/repos/dist/release/geode/KEYS
[4] https://mirror-vm.apache.org/~henkp/checker/faq.html
> On Apr 30, 2018, at 10:31 AM, Galen O'Sullivan <go...@pivotal.io> wrote:
>
> -1
>
> I don't see Mike's key in the KEYS file on either rel/v1.6.0.RC1 (5ce726bd7b4f8d2648fd011a807a1bcc624ddfa5) or on develop.
>
> It seems odd to me to add a new key and use it to sign the release without using an already-existing key to sign the release as well. If someone's trying to verify a source tag, there isn't a chain of signatures with the last signer of the release signing a commit with the addition of the next new key.
>
> Galen
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Galen O'Sullivan <go...@pivotal.io>.
-1
I don't see Mike's key in the KEYS file on either rel/v1.6.0.RC1
(5ce726bd7b4f8d2648fd011a807a1bcc624ddfa5) or on develop.
It seems odd to me to add a new key and use it to sign the release
without using an already-existing key to sign the release as well. If
someone's trying to verify a source tag, there isn't a chain of
signatures with the last signer of the release signing a commit with the
addition of the next new key.
Galen
On 4/26/18 11:05 AM, Mike Stolz wrote:
> This is the first release candidate for Apache Geode, version 1.6.0.
> Thanks to all the community members for their contributions to this
> release!
>
> *** Please download, test and vote by Monday, April 30, 1500 hrs US
> Pacific. ***
>
> It fixes 157 issues. Release notes can be found at:
> https://cwiki.apache.org/confluence/display/GEODE/
> Release+Notes#ReleaseNotes-1.6.0.
>
> Note that we are voting upon the source tags: rel/v1.6.0.RC1
> https://github.com/apache/geode/tree/rel/v1.6.0.RC1
> https://github.com/apache/geode-examples/tree/rel/v1.6.0.RC1
>
> Commit ID:
> b4ba77f5131018d36b79608ef007dd3cbd761cd9 (geode)
> 45d174a1280e539108341b286ff79938f9729bc7 (geode-examples)
>
> Source and binary files:
> https://dist.apache.org/repos/dist/dev/geode/1.6.0.RC1
>
> Maven staging repo:
> https://repository.apache.org/content/repositories/orgapachegeode-1041
>
>
>
> Geode's KEYS file containing PGP keys we use to sign the release:
> https://github.com/apache/geode/blob/develop/KEYS
>
> Release Signed with Fingerprint:
>
> pub rsa4096 2018-04-12 [SC] [expires: 2022-04-12]
>
> 876331B45A97E382D1BDFB4444820F9CABF4396F
>
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Anthony Baker <ab...@pivotal.io>.
Deleted my local copy of ‘rel/v1.6.0.RC1’ and refetched. The tag now correctly points to this commit: 5ce726bd7
With that change, I’ll vote +1.
Aside on voting: for releases a -1 doesn’t automatically veto the release candidate [1]. It is, however, a strong signal that the community may not have consensus and should consider carefully before continuing forward.
Anthony
[1] https://www.apache.org/foundation/glossary.html#MajorityApproval
> On Apr 27, 2018, at 2:21 PM, Mike Stolz <mi...@apache.org> wrote:
>
> Thanks for catching that tag error Anthony.
>
> I fixed it to have the SHA matching the build.
>
> If you're good with this could you change your -1 to a +1 so the vote can
> continue?
>
> On Thu, Apr 26, 2018 at 2:05 PM, Mike Stolz <mi...@apache.org> wrote:
>
>> This is the first release candidate for Apache Geode, version 1.6.0.
>> Thanks to all the community members for their contributions to this
>> release!
>>
>> *** Please download, test and vote by Monday, April 30, 1500 hrs US
>> Pacific. ***
>>
>> It fixes 157 issues. Release notes can be found at:
>> https://cwiki.apache.org/confluence/display/GEODE/Release+
>> Notes#ReleaseNotes-1.6.0.
>>
>> Note that we are voting upon the source tags: rel/v1.6.0.RC1
>> https://github.com/apache/geode/tree/rel/v1.6.0.RC1
>> https://github.com/apache/geode-examples/tree/rel/v1.6.0.RC1
>>
>> Commit ID:
>> b4ba77f5131018d36b79608ef007dd3cbd761cd9 (geode)
>> 45d174a1280e539108341b286ff79938f9729bc7 (geode-examples)
>>
>> Source and binary files:
>> https://dist.apache.org/repos/dist/dev/geode/1.6.0.RC1
>>
>> Maven staging repo:
>> https://repository.apache.org/content/repositories/orgapachegeode-1041
>>
>>
>>
>> Geode's KEYS file containing PGP keys we use to sign the release:
>> https://github.com/apache/geode/blob/develop/KEYS
>>
>> Release Signed with Fingerprint:
>>
>> pub rsa4096 2018-04-12 [SC] [expires: 2022-04-12]
>>
>> 876331B45A97E382D1BDFB4444820F9CABF4396F
>>
>>
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Mike Stolz <mi...@apache.org>.
Thanks for catching that tag error Anthony.
I fixed it to have the SHA matching the build.
If you're good with this could you change your -1 to a +1 so the vote can
continue?
On Thu, Apr 26, 2018 at 2:05 PM, Mike Stolz <mi...@apache.org> wrote:
> This is the first release candidate for Apache Geode, version 1.6.0.
> Thanks to all the community members for their contributions to this
> release!
>
> *** Please download, test and vote by Monday, April 30, 1500 hrs US
> Pacific. ***
>
> It fixes 157 issues. Release notes can be found at:
> https://cwiki.apache.org/confluence/display/GEODE/Release+
> Notes#ReleaseNotes-1.6.0.
>
> Note that we are voting upon the source tags: rel/v1.6.0.RC1
> https://github.com/apache/geode/tree/rel/v1.6.0.RC1
> https://github.com/apache/geode-examples/tree/rel/v1.6.0.RC1
>
> Commit ID:
> b4ba77f5131018d36b79608ef007dd3cbd761cd9 (geode)
> 45d174a1280e539108341b286ff79938f9729bc7 (geode-examples)
>
> Source and binary files:
> https://dist.apache.org/repos/dist/dev/geode/1.6.0.RC1
>
> Maven staging repo:
> https://repository.apache.org/content/repositories/orgapachegeode-1041
>
>
>
> Geode's KEYS file containing PGP keys we use to sign the release:
> https://github.com/apache/geode/blob/develop/KEYS
>
> Release Signed with Fingerprint:
>
> pub rsa4096 2018-04-12 [SC] [expires: 2022-04-12]
>
> 876331B45A97E382D1BDFB4444820F9CABF4396F
>
>
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Anthony Baker <ab...@pivotal.io>.
- checked signatures
- checked hashes
- build from source
- ran examples
The tag for the geode repo differs from the source and binary release archives:
~/working/apache-geode-1.6.0$ bin/gfsh version --full
Build-Date: 2018-04-23 14:04:21 -0400
Build-Id: mikestolz 0
Build-Java-Version: 1.8.0_151
Build-Platform: Mac OS X 10.13.4 x86_64
Product-Name: Apache Geode
Product-Version: 1.6.0
Source-Date: 2018-04-19 18:12:58 -0400
Source-Repository: release/1.6.0
Source-Revision: 5ce726bd7b4f8d2648fd011a807a1bcc624ddfa5
Native version: native code unavailable
Running on: /10.118.20.97, 8 cpu(s), x86_64 Mac OS X 10.13.4
~/code/incubator-geode (release/1.6.0)$ git tag -v rel/v1.6.0.RC1
object b4ba77f5131018d36b79608ef007dd3cbd761cd9
type commit
tag rel/v1.6.0.RC1
tagger Mike Stolz <mi...@new-host-5.home> 1524691173 -0400
Release candidate 1 for 1.6.0
gpg: Signature made Wed Apr 25 14:19:33 2018 PDT
gpg: using RSA key 44820F9CABF4396F
gpg: Good signature from "Mike Stolz <mi...@apache.org>" [undefined]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8763 31B4 5A97 E382 D1BD FB44 4482 0F9C ABF4 396F
Given that the delta is a change to the KEYS file, I think the simplest thing is to reset the tag to 5ce726bd7b4f8d2648fd011a807a1bcc624ddfa5 and update the VOTE thread.
-1, willing to change that if we can fix the tag.
@Mike, you might want to sign your key and upload it again to avoid the warning.
Anthony
> On Apr 26, 2018, at 11:05 AM, Mike Stolz <mi...@apache.org> wrote:
>
> This is the first release candidate for Apache Geode, version 1.6.0.
> Thanks to all the community members for their contributions to this
> release!
>
> *** Please download, test and vote by Monday, April 30, 1500 hrs US
> Pacific. ***
>
> It fixes 157 issues. Release notes can be found at:
> https://cwiki.apache.org/confluence/display/GEODE/
> Release+Notes#ReleaseNotes-1.6.0.
>
> Note that we are voting upon the source tags: rel/v1.6.0.RC1
> https://github.com/apache/geode/tree/rel/v1.6.0.RC1
> https://github.com/apache/geode-examples/tree/rel/v1.6.0.RC1
>
> Commit ID:
> b4ba77f5131018d36b79608ef007dd3cbd761cd9 (geode)
> 45d174a1280e539108341b286ff79938f9729bc7 (geode-examples)
>
> Source and binary files:
> https://dist.apache.org/repos/dist/dev/geode/1.6.0.RC1
>
> Maven staging repo:
> https://repository.apache.org/content/repositories/orgapachegeode-1041
>
>
>
> Geode's KEYS file containing PGP keys we use to sign the release:
> https://github.com/apache/geode/blob/develop/KEYS
>
> Release Signed with Fingerprint:
>
> pub rsa4096 2018-04-12 [SC] [expires: 2022-04-12]
>
> 876331B45A97E382D1BDFB4444820F9CABF4396F
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Michael Stolz <ms...@pivotal.io>.
Yeah, looks like a copy and paste issue that caused the link to get wrapped
to a new line.
Sorry.
--
Mike Stolz
Principal Engineer, GemFire Product Lead
Mobile: +1-631-835-4771
Download the GemFire book here.
<https://content.pivotal.io/ebooks/scaling-data-services-with-pivotal-gemfire>
On Thu, Apr 26, 2018 at 5:17 PM, Diane Hardman <dh...@pivotal.io> wrote:
> Here is the correct link to the Release notes:
> https://cwiki.apache.org/confluence/display/GEODE/
> Release+Notes#ReleaseNotes-1.6.0
>
> On Thu, Apr 26, 2018 at 2:13 PM, Diane Hardman <dh...@pivotal.io>
> wrote:
>
> > The link to the Release notes seems to be incorrect.
> >
> >
> >
> > On Thu, Apr 26, 2018 at 11:05 AM, Mike Stolz <mi...@apache.org>
> wrote:
> >
> >> This is the first release candidate for Apache Geode, version 1.6.0.
> >> Thanks to all the community members for their contributions to this
> >> release!
> >>
> >> *** Please download, test and vote by Monday, April 30, 1500 hrs US
> >> Pacific. ***
> >>
> >> It fixes 157 issues. Release notes can be found at:
> >> https://cwiki.apache.org/confluence/display/GEODE/
> >> Release+Notes#ReleaseNotes-1.6.0.
> >>
> >> Note that we are voting upon the source tags: rel/v1.6.0.RC1
> >> https://github.com/apache/geode/tree/rel/v1.6.0.RC1
> >> https://github.com/apache/geode-examples/tree/rel/v1.6.0.RC1
> >>
> >> Commit ID:
> >> b4ba77f5131018d36b79608ef007dd3cbd761cd9 (geode)
> >> 45d174a1280e539108341b286ff79938f9729bc7 (geode-examples)
> >>
> >> Source and binary files:
> >> https://dist.apache.org/repos/dist/dev/geode/1.6.0.RC1
> >>
> >> Maven staging repo:
> >> https://repository.apache.org/content/repositories/orgapachegeode-1041
> >>
> >>
> >>
> >> Geode's KEYS file containing PGP keys we use to sign the release:
> >> https://github.com/apache/geode/blob/develop/KEYS
> >>
> >> Release Signed with Fingerprint:
> >>
> >> pub rsa4096 2018-04-12 [SC] [expires: 2022-04-12]
> >>
> >> 876331B45A97E382D1BDFB4444820F9CABF4396F
> >>
> >
> >
>
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Diane Hardman <dh...@pivotal.io>.
Here is the correct link to the Release notes:
https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-1.6.0
On Thu, Apr 26, 2018 at 2:13 PM, Diane Hardman <dh...@pivotal.io> wrote:
> The link to the Release notes seems to be incorrect.
>
>
>
> On Thu, Apr 26, 2018 at 11:05 AM, Mike Stolz <mi...@apache.org> wrote:
>
>> This is the first release candidate for Apache Geode, version 1.6.0.
>> Thanks to all the community members for their contributions to this
>> release!
>>
>> *** Please download, test and vote by Monday, April 30, 1500 hrs US
>> Pacific. ***
>>
>> It fixes 157 issues. Release notes can be found at:
>> https://cwiki.apache.org/confluence/display/GEODE/
>> Release+Notes#ReleaseNotes-1.6.0.
>>
>> Note that we are voting upon the source tags: rel/v1.6.0.RC1
>> https://github.com/apache/geode/tree/rel/v1.6.0.RC1
>> https://github.com/apache/geode-examples/tree/rel/v1.6.0.RC1
>>
>> Commit ID:
>> b4ba77f5131018d36b79608ef007dd3cbd761cd9 (geode)
>> 45d174a1280e539108341b286ff79938f9729bc7 (geode-examples)
>>
>> Source and binary files:
>> https://dist.apache.org/repos/dist/dev/geode/1.6.0.RC1
>>
>> Maven staging repo:
>> https://repository.apache.org/content/repositories/orgapachegeode-1041
>>
>>
>>
>> Geode's KEYS file containing PGP keys we use to sign the release:
>> https://github.com/apache/geode/blob/develop/KEYS
>>
>> Release Signed with Fingerprint:
>>
>> pub rsa4096 2018-04-12 [SC] [expires: 2022-04-12]
>>
>> 876331B45A97E382D1BDFB4444820F9CABF4396F
>>
>
>
Re: [VOTE] Apache Geode 1.6.0 RC1
Posted by Diane Hardman <dh...@pivotal.io>.
The link to the Release notes seems to be incorrect.
On Thu, Apr 26, 2018 at 11:05 AM, Mike Stolz <mi...@apache.org> wrote:
> This is the first release candidate for Apache Geode, version 1.6.0.
> Thanks to all the community members for their contributions to this
> release!
>
> *** Please download, test and vote by Monday, April 30, 1500 hrs US
> Pacific. ***
>
> It fixes 157 issues. Release notes can be found at:
> https://cwiki.apache.org/confluence/display/GEODE/
> Release+Notes#ReleaseNotes-1.6.0.
>
> Note that we are voting upon the source tags: rel/v1.6.0.RC1
> https://github.com/apache/geode/tree/rel/v1.6.0.RC1
> https://github.com/apache/geode-examples/tree/rel/v1.6.0.RC1
>
> Commit ID:
> b4ba77f5131018d36b79608ef007dd3cbd761cd9 (geode)
> 45d174a1280e539108341b286ff79938f9729bc7 (geode-examples)
>
> Source and binary files:
> https://dist.apache.org/repos/dist/dev/geode/1.6.0.RC1
>
> Maven staging repo:
> https://repository.apache.org/content/repositories/orgapachegeode-1041
>
>
>
> Geode's KEYS file containing PGP keys we use to sign the release:
> https://github.com/apache/geode/blob/develop/KEYS
>
> Release Signed with Fingerprint:
>
> pub rsa4096 2018-04-12 [SC] [expires: 2022-04-12]
>
> 876331B45A97E382D1BDFB4444820F9CABF4396F
>