In what way?
On Mon, Apr 1, 2019 at 1:54 PM Josh Elser <[email protected]> wrote: > > Your email template is wrong. > > On 4/1/19 1:33 PM, Christopher wrote: > > Sorry, I don't understand what you mean by 'retelling of "checksums of > > old"'. > > > > On Mon, Apr 1, 2019 at 12:30 PM Josh Elser <[email protected]> wrote: > >> > >> I think Mike's point was your VOTE template does not reflect the > >> retelling of "checksums of old" > >> > >> > (Append ".sha1", ".md5", or ".asc" to download the signature/hash for > >> a given artifact.) > >> > >> On 3/31/19 10:54 PM, Christopher wrote: > >>> Mike, > >>> > >>> We already stopped using md5 and sha1 for the release artifacts on the > >>> mirrors. I did this some time ago, and we discussed it on list on > >>> previous vote threads (last year)... which resulted in me changing the > >>> release candidate build script automated tooling to embed the SHA512 > >>> sums for the tarballs directly in the release vote message. I even > >>> went back and updated the downloads page for the previous releases and > >>> updated the mirrors to be SHA512 only. Because of these steps I took, > >>> Accumulo was one of the first projects across the entire ASF who were > >>> 100% compliant immediately after INFRA VP updated the release > >>> distribution policy you linked. > >>> > >>> *This is a resolved action for Accumulo.* > >>> > >>> FWIW, SHA512 was also used as the hash algorithm in the GPG signature > >>> (same as every RC I've ever prepped for ASF). The only remaining md5 > >>> and sha1 reference are Maven-specific tooling, and we have no control > >>> over that tooling. We could change the vote template to no longer > >>> mention them, but I don't see the point since they're still relevant > >>> within the context of Maven artifact hosting, and that's the context > >>> in which they are presented in the vote email. > >>> > >>> On Sun, Mar 31, 2019 at 1:59 PM Michael Wall <[email protected]> wrote: > >>>> > >>>> -1 for the issue with commons config > >>>> > >>>> I check the signatures, they are good. We should stop using md5 and sha1 > >>>> though, see > >>>> https://www.apache.org/dev/release-distribution#sigs-and-sums. > >>>> Has anyone looked at moving to sha256 and/org sha512? > >>>> Successful run of mvn clean verify -Psunny > >>>> > >>>> On Sat, Mar 30, 2019 at 11:31 PM Keith Turner <[email protected]> wrote: > >>>> > >>>>> I completed a continuous ingest run on a 10 node cluster running > >>>>> Centos 7. I used the native map. I had to rebuild Accumulo to work > >>>>> around #1065 inorder to get the verify M/R job to run. > >>>>> > >>>>> org.apache.accumulo.test.continuous.ContinuousVerify$Counts > >>>>> REFERENCED=34417110819 > >>>>> UNREFERENCED=9097524 > >>>>> > >>>>> On Wed, Mar 27, 2019 at 7:57 PM Christopher <[email protected]> wrote: > >>>>>> > >>>>>> Accumulo Developers, > >>>>>> > >>>>>> Please consider the following candidate for Apache Accumulo 1.9.3. > >>>>>> > >>>>>> This supersedes RC1 and contains the following change: > >>>>>> https://github.com/apache/accumulo/pull/1057 > >>>>>> > >>>>>> Git Commit: > >>>>>> 94f9782242a1f336e176c282f0f90063a21e361d > >>>>>> Branch: > >>>>>> 1.9.3-rc2 > >>>>>> > >>>>>> If this vote passes, a gpg-signed tag will be created using: > >>>>>> git tag -f -m 'Apache Accumulo 1.9.3' -s rel/1.9.3 \ > >>>>>> 94f9782242a1f336e176c282f0f90063a21e361d > >>>>>> > >>>>>> Staging repo: > >>>>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1077 > >>>>>> Source (official release artifact): > >>>>>> > >>>>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1077/org/apache/accumulo/accumulo/1.9.3/accumulo-1.9.3-src.tar.gz > >>>>>> Binary: > >>>>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1077/org/apache/accumulo/accumulo/1.9.3/accumulo-1.9.3-bin.tar.gz > >>>>>> (Append ".sha1", ".md5", or ".asc" to download the signature/hash for > >>>>>> a given artifact.) > >>>>>> > >>>>>> In addition to the tarballs, and their signatures, the following > >>>>>> checksum > >>>>>> files will be added to the dist/release SVN area after release: > >>>>>> accumulo-1.9.3-src.tar.gz.sha512 will contain: > >>>>>> SHA512 (accumulo-1.9.3-src.tar.gz) = > >>>>>> > >>>>> b366b89295b1835038cb242f8ad46b1d8455753a987333f0e15e3d89749540f2cd59db1bc6cf7100fc9050d3d0bc7340a3b661381549d40f2f0223d4120fd809 > >>>>>> accumulo-1.9.3-bin.tar.gz.sha512 will contain: > >>>>>> SHA512 (accumulo-1.9.3-bin.tar.gz) = > >>>>>> > >>>>> cc909296d9bbd12e08064fccaf21e81b754c183a8264dfa2575762c76705fd0c580b50c2b224c60feaeec120bd618fba4d6176d0f53e96e1ca9da0d9e2556f1f > >>>>>> > >>>>>> Signing keys are available at https://www.apache.org/dist/accumulo/KEYS > >>>>>> (Expected fingerprint: 8CC4F8A2B29C2B040F2B835D6F0CDAE700B6899D) > >>>>>> > >>>>>> Release notes (in progress) can be found at: > >>>>>> https://accumulo.apache.org/release/accumulo-1.9.3/ > >>>>>> > >>>>>> Release testing instructions: > >>>>>> https://accumulo.apache.org/contributor/verifying-release > >>>>>> > >>>>>> Please vote one of: > >>>>>> [ ] +1 - I have verified and accept... > >>>>>> [ ] +0 - I have reservations, but not strong enough to vote against... > >>>>>> [ ] -1 - Because..., I do not accept... > >>>>>> ... these artifacts as the 1.9.3 release of Apache Accumulo. > >>>>>> > >>>>>> This vote will remain open until at least Sun Mar 31 00:00:00 UTC 2019. > >>>>>> (Sat Mar 30 20:00:00 EDT 2019 / Sat Mar 30 17:00:00 PDT 2019) > >>>>>> Voting can continue after this deadline until the release manager > >>>>>> sends an email ending the vote. > >>>>>> > >>>>>> Thanks! > >>>>>> > >>>>>> P.S. Hint: download the whole staging repo with > >>>>>> wget -erobots=off -r -l inf -np -nH \ > >>>>>> > >>>>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1077/ > >>>>>> # note the trailing slash is needed > >>>>>
