You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@spark.apache.org by Phil Steitz <ph...@gmail.com> on 2016/07/10 16:57:24 UTC
KEYS file?
I can't seem to find a link the the Spark KEYS file. I am trying to
validate the sigs on the 1.6.2 release artifacts and I need to
import 0x7C6C105FFC8ED089. Is there a KEYS file available for
download somewhere? Apologies if I am just missing an obvious link.
Phil
---------------------------------------------------------------------
To unsubscribe e-mail: user-unsubscribe@spark.apache.org
Re: KEYS file?
Posted by Sean Owen <so...@cloudera.com>.
PS I've already opened a test PR for the new apache/spark-website repo:
https://github.com/apache/spark-website/pull/1
I guess we'll follow the same process for reviewing there. Next: see
if the main merge script works for this repo!
On Mon, Jul 11, 2016 at 9:52 PM, Sean Owen <so...@cloudera.com> wrote:
> Aha, that's landed. OK I'll figure it out tomorrow and push my update
> to verify it all works.
>
> On Mon, Jul 11, 2016 at 8:54 PM, Reynold Xin <rx...@databricks.com> wrote:
>> It's related to this apparently:
>> https://issues.apache.org/jira/servicedesk/customer/portal/1/INFRA-12055
>>
---------------------------------------------------------------------
To unsubscribe e-mail: dev-unsubscribe@spark.apache.org
Re: KEYS file?
Posted by Sean Owen <so...@cloudera.com>.
Aha, that's landed. OK I'll figure it out tomorrow and push my update
to verify it all works.
On Mon, Jul 11, 2016 at 8:54 PM, Reynold Xin <rx...@databricks.com> wrote:
> It's related to this apparently:
> https://issues.apache.org/jira/servicedesk/customer/portal/1/INFRA-12055
>
---------------------------------------------------------------------
To unsubscribe e-mail: dev-unsubscribe@spark.apache.org
Re: KEYS file?
Posted by Reynold Xin <rx...@databricks.com>.
It's related to this apparently:
https://issues.apache.org/jira/servicedesk/customer/portal/1/INFRA-12055
On Mon, Jul 11, 2016 at 12:33 PM, Sean Owen <so...@cloudera.com> wrote:
> Eh, to anyone else who's ever pushed to the SVN-hosted
> spark.apache.org site: are you able to commit anything right now? This
> error is brand-new and has stumped me:
>
> svn: E195023: Changing file
> '/Users/srowen/Documents/asf-spark-site/downloads.md' is forbidden by
> the server
> svn: E175013: Access to
> '/repos/asf/!svn/txr/1752209-12gpm/spark/downloads.md' forbidden
>
> Maybe my perms got messed up, so, first checking to see if it affects
> anyone else. FWIW this is all I'm trying to change; anyone is welcome
> to commit this:
>
>
> Index: downloads.md
> IDEA additional info:
> Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
> <+>UTF-8
> ===================================================================
> --- downloads.md (revision 1752185)
> +++ downloads.md (revision )
> @@ -31,7 +31,7 @@
>
> 4. Download Spark: <span id="spanDownloadLink"></span>
>
> -5. Verify this release using the <span id="sparkDownloadVerify"></span>.
> +5. Verify this release using the <span
> id="sparkDownloadVerify"></span> and [project release
> KEYS](https://www.apache.org/dist/spark/KEYS).
>
> _Note: Scala 2.11 users should download the Spark source package and build
> [with Scala 2.11
> support](
> http://spark.apache.org/docs/latest/building-spark.html#building-for-scala-211)._
> Index: site/downloads.html
> IDEA additional info:
> Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
> <+>UTF-8
> ===================================================================
> --- site/downloads.html (revision 1752185)
> +++ site/downloads.html (revision )
> @@ -213,7 +213,7 @@
> <p>Download Spark: <span id="spanDownloadLink"></span></p>
> </li>
> <li>
> - <p>Verify this release using the <span
> id="sparkDownloadVerify"></span>.</p>
> + <p>Verify this release using the <span
> id="sparkDownloadVerify"></span> and <a
> href="https://www.apache.org/dist/spark/KEYS">project release
> KEYS</a>.</p>
> </li>
> </ol>
>
>
>
>
> On Mon, Jul 11, 2016 at 5:43 PM, Sean Owen <so...@cloudera.com> wrote:
> > Yeah the canonical place for a project's KEYS file for ASF projects is
> >
> > http://www.apache.org/dist/{project}/KEYS
> >
> > and so you can indeed find this key among:
> >
> > http://www.apache.org/dist/spark/KEYS
> >
> > I'll put a link to this info on the downloads page because it is
> important info.
> >
> > On Mon, Jul 11, 2016 at 4:48 AM, Shuai Lin <li...@gmail.com>
> wrote:
> >>> at least links to the keys used to sign releases on the
> >>> download page
> >>
> >>
> >> +1 for that.
> >>
> >> On Mon, Jul 11, 2016 at 3:35 AM, Phil Steitz <ph...@gmail.com>
> wrote:
> >>>
> >>> On 7/10/16 10:57 AM, Shuai Lin wrote:
> >>> > Not sure where you see " 0x7C6C105FFC8ED089". I
> >>>
> >>> That's the key ID for the key below.
> >>> > think the release is signed with the
> >>> > key https://people.apache.org/keys/committer/pwendell.asc .
> >>>
> >>> Thanks! That key matches. The project should publish a KEYS file
> >>> [1] or at least links to the keys used to sign releases on the
> >>> download page. Could be there is one somewhere and I just can't
> >>> find it.
> >>>
> >>> Phil
> >>>
> >>> [1] http://www.apache.org/dev/release-signing.html#keys-policy
> >>> >
> >>> > I think this tutorial can be
> >>> > helpful: http://www.apache.org/info/verification.html
> >>> >
> >>> > On Mon, Jul 11, 2016 at 12:57 AM, Phil Steitz
> >>> > <phil.steitz@gmail.com <ma...@gmail.com>> wrote:
> >>> >
> >>> > I can't seem to find a link the the Spark KEYS file. I am
> >>> > trying to
> >>> > validate the sigs on the 1.6.2 release artifacts and I need to
> >>> > import 0x7C6C105FFC8ED089. Is there a KEYS file available for
> >>> > download somewhere? Apologies if I am just missing an obvious
> >>> > link.
> >>> >
> >>> > Phil
> >>> >
> >>> >
> >>> >
> >>> > ---------------------------------------------------------------------
> >>> > To unsubscribe e-mail: user-unsubscribe@spark.apache.org
> >>> > <ma...@spark.apache.org>
> >>> >
> >>> >
> >>>
> >>>
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe e-mail: dev-unsubscribe@spark.apache.org
>
>
Re: KEYS file?
Posted by Sean Owen <so...@cloudera.com>.
Eh, to anyone else who's ever pushed to the SVN-hosted
spark.apache.org site: are you able to commit anything right now? This
error is brand-new and has stumped me:
svn: E195023: Changing file
'/Users/srowen/Documents/asf-spark-site/downloads.md' is forbidden by
the server
svn: E175013: Access to
'/repos/asf/!svn/txr/1752209-12gpm/spark/downloads.md' forbidden
Maybe my perms got messed up, so, first checking to see if it affects
anyone else. FWIW this is all I'm trying to change; anyone is welcome
to commit this:
Index: downloads.md
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- downloads.md (revision 1752185)
+++ downloads.md (revision )
@@ -31,7 +31,7 @@
4. Download Spark: <span id="spanDownloadLink"></span>
-5. Verify this release using the <span id="sparkDownloadVerify"></span>.
+5. Verify this release using the <span
id="sparkDownloadVerify"></span> and [project release
KEYS](https://www.apache.org/dist/spark/KEYS).
_Note: Scala 2.11 users should download the Spark source package and build
[with Scala 2.11
support](http://spark.apache.org/docs/latest/building-spark.html#building-for-scala-211)._
Index: site/downloads.html
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- site/downloads.html (revision 1752185)
+++ site/downloads.html (revision )
@@ -213,7 +213,7 @@
<p>Download Spark: <span id="spanDownloadLink"></span></p>
</li>
<li>
- <p>Verify this release using the <span
id="sparkDownloadVerify"></span>.</p>
+ <p>Verify this release using the <span
id="sparkDownloadVerify"></span> and <a
href="https://www.apache.org/dist/spark/KEYS">project release
KEYS</a>.</p>
</li>
</ol>
On Mon, Jul 11, 2016 at 5:43 PM, Sean Owen <so...@cloudera.com> wrote:
> Yeah the canonical place for a project's KEYS file for ASF projects is
>
> http://www.apache.org/dist/{project}/KEYS
>
> and so you can indeed find this key among:
>
> http://www.apache.org/dist/spark/KEYS
>
> I'll put a link to this info on the downloads page because it is important info.
>
> On Mon, Jul 11, 2016 at 4:48 AM, Shuai Lin <li...@gmail.com> wrote:
>>> at least links to the keys used to sign releases on the
>>> download page
>>
>>
>> +1 for that.
>>
>> On Mon, Jul 11, 2016 at 3:35 AM, Phil Steitz <ph...@gmail.com> wrote:
>>>
>>> On 7/10/16 10:57 AM, Shuai Lin wrote:
>>> > Not sure where you see " 0x7C6C105FFC8ED089". I
>>>
>>> That's the key ID for the key below.
>>> > think the release is signed with the
>>> > key https://people.apache.org/keys/committer/pwendell.asc .
>>>
>>> Thanks! That key matches. The project should publish a KEYS file
>>> [1] or at least links to the keys used to sign releases on the
>>> download page. Could be there is one somewhere and I just can't
>>> find it.
>>>
>>> Phil
>>>
>>> [1] http://www.apache.org/dev/release-signing.html#keys-policy
>>> >
>>> > I think this tutorial can be
>>> > helpful: http://www.apache.org/info/verification.html
>>> >
>>> > On Mon, Jul 11, 2016 at 12:57 AM, Phil Steitz
>>> > <phil.steitz@gmail.com <ma...@gmail.com>> wrote:
>>> >
>>> > I can't seem to find a link the the Spark KEYS file. I am
>>> > trying to
>>> > validate the sigs on the 1.6.2 release artifacts and I need to
>>> > import 0x7C6C105FFC8ED089. Is there a KEYS file available for
>>> > download somewhere? Apologies if I am just missing an obvious
>>> > link.
>>> >
>>> > Phil
>>> >
>>> >
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe e-mail: user-unsubscribe@spark.apache.org
>>> > <ma...@spark.apache.org>
>>> >
>>> >
>>>
>>>
>>
---------------------------------------------------------------------
To unsubscribe e-mail: dev-unsubscribe@spark.apache.org
Re: KEYS file?
Posted by Sean Owen <so...@cloudera.com>.
Yeah the canonical place for a project's KEYS file for ASF projects is
http://www.apache.org/dist/{project}/KEYS
and so you can indeed find this key among:
http://www.apache.org/dist/spark/KEYS
I'll put a link to this info on the downloads page because it is important info.
On Mon, Jul 11, 2016 at 4:48 AM, Shuai Lin <li...@gmail.com> wrote:
>> at least links to the keys used to sign releases on the
>> download page
>
>
> +1 for that.
>
> On Mon, Jul 11, 2016 at 3:35 AM, Phil Steitz <ph...@gmail.com> wrote:
>>
>> On 7/10/16 10:57 AM, Shuai Lin wrote:
>> > Not sure where you see " 0x7C6C105FFC8ED089". I
>>
>> That's the key ID for the key below.
>> > think the release is signed with the
>> > key https://people.apache.org/keys/committer/pwendell.asc .
>>
>> Thanks! That key matches. The project should publish a KEYS file
>> [1] or at least links to the keys used to sign releases on the
>> download page. Could be there is one somewhere and I just can't
>> find it.
>>
>> Phil
>>
>> [1] http://www.apache.org/dev/release-signing.html#keys-policy
>> >
>> > I think this tutorial can be
>> > helpful: http://www.apache.org/info/verification.html
>> >
>> > On Mon, Jul 11, 2016 at 12:57 AM, Phil Steitz
>> > <phil.steitz@gmail.com <ma...@gmail.com>> wrote:
>> >
>> > I can't seem to find a link the the Spark KEYS file. I am
>> > trying to
>> > validate the sigs on the 1.6.2 release artifacts and I need to
>> > import 0x7C6C105FFC8ED089. Is there a KEYS file available for
>> > download somewhere? Apologies if I am just missing an obvious
>> > link.
>> >
>> > Phil
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe e-mail: user-unsubscribe@spark.apache.org
>> > <ma...@spark.apache.org>
>> >
>> >
>>
>>
>
---------------------------------------------------------------------
To unsubscribe e-mail: user-unsubscribe@spark.apache.org
Re: KEYS file?
Posted by Steve Loughran <st...@hortonworks.com>.
On 11 Jul 2016, at 04:48, Shuai Lin <li...@gmail.com>> wrote:
at least links to the keys used to sign releases on the
download page
+1 for that.
really all release keys for ASF projects should be signed by others in the project and the broader ASF community; its really time for the next apachecons & similar to do key auth sessions. Oh, and you should be verifying full signatures; generating collisions in short signatures is now computationally feasible.
I've authenticated patrick's key EEDA BD1C 71C5 48D6 F006 61D3 7C6C 105F FC8E D089 and pushed that fact up to the MIT keyservers; I'm willing to do the same for others over skype/F2F.
And at some point someone needs to enhance ivy/maven to check GPG signatures of artifacts on the public repos. Checksum validation is meaningless unless you are getting the checksums from a trusted HTTPS server *and* the versions of the HTTP client you have gets its HTTPS signature logic right (something the asf commons http libs haven't always done).
Re: KEYS file?
Posted by Shuai Lin <li...@gmail.com>.
>
> at least links to the keys used to sign releases on the
> download page
+1 for that.
On Mon, Jul 11, 2016 at 3:35 AM, Phil Steitz <ph...@gmail.com> wrote:
> On 7/10/16 10:57 AM, Shuai Lin wrote:
> > Not sure where you see " 0x7C6C105FFC8ED089". I
>
> That's the key ID for the key below.
> > think the release is signed with the
> > key https://people.apache.org/keys/committer/pwendell.asc .
>
> Thanks! That key matches. The project should publish a KEYS file
> [1] or at least links to the keys used to sign releases on the
> download page. Could be there is one somewhere and I just can't
> find it.
>
> Phil
>
> [1] http://www.apache.org/dev/release-signing.html#keys-policy
> >
> > I think this tutorial can be
> > helpful: http://www.apache.org/info/verification.html
> >
> > On Mon, Jul 11, 2016 at 12:57 AM, Phil Steitz
> > <phil.steitz@gmail.com <ma...@gmail.com>> wrote:
> >
> > I can't seem to find a link the the Spark KEYS file. I am
> > trying to
> > validate the sigs on the 1.6.2 release artifacts and I need to
> > import 0x7C6C105FFC8ED089. Is there a KEYS file available for
> > download somewhere? Apologies if I am just missing an obvious
> > link.
> >
> > Phil
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe e-mail: user-unsubscribe@spark.apache.org
> > <ma...@spark.apache.org>
> >
> >
>
>
>
Re: KEYS file?
Posted by Phil Steitz <ph...@gmail.com>.
On 7/10/16 10:57 AM, Shuai Lin wrote:
> Not sure where you see " 0x7C6C105FFC8ED089". I
That's the key ID for the key below.
> think the release is signed with the
> key https://people.apache.org/keys/committer/pwendell.asc .
Thanks! That key matches. The project should publish a KEYS file
[1] or at least links to the keys used to sign releases on the
download page. Could be there is one somewhere and I just can't
find it.
Phil
[1] http://www.apache.org/dev/release-signing.html#keys-policy
>
> I think this tutorial can be
> helpful: http://www.apache.org/info/verification.html
>
> On Mon, Jul 11, 2016 at 12:57 AM, Phil Steitz
> <phil.steitz@gmail.com <ma...@gmail.com>> wrote:
>
> I can't seem to find a link the the Spark KEYS file. I am
> trying to
> validate the sigs on the 1.6.2 release artifacts and I need to
> import 0x7C6C105FFC8ED089. Is there a KEYS file available for
> download somewhere? Apologies if I am just missing an obvious
> link.
>
> Phil
>
>
> ---------------------------------------------------------------------
> To unsubscribe e-mail: user-unsubscribe@spark.apache.org
> <ma...@spark.apache.org>
>
>
---------------------------------------------------------------------
To unsubscribe e-mail: user-unsubscribe@spark.apache.org
Re: KEYS file?
Posted by Shuai Lin <li...@gmail.com>.
Not sure where you see " 0x7C6C105FFC8ED089". I think the release is signed
with the key https://people.apache.org/keys/committer/pwendell.asc .
I think this tutorial can be helpful:
http://www.apache.org/info/verification.html
On Mon, Jul 11, 2016 at 12:57 AM, Phil Steitz <ph...@gmail.com> wrote:
> I can't seem to find a link the the Spark KEYS file. I am trying to
> validate the sigs on the 1.6.2 release artifacts and I need to
> import 0x7C6C105FFC8ED089. Is there a KEYS file available for
> download somewhere? Apologies if I am just missing an obvious link.
>
> Phil
>
>
> ---------------------------------------------------------------------
> To unsubscribe e-mail: user-unsubscribe@spark.apache.org
>
>