Again, like I included earlier:
> (Append ".sha1", ".md5", or ".asc" to download the signature/hash for
a given artifact.)
On 4/1/19 1:56 PM, Christopher wrote:
In what way?
On Mon, Apr 1, 2019 at 1:54 PM Josh Elser <[email protected]> wrote:
Your email template is wrong.
On 4/1/19 1:33 PM, Christopher wrote:
Sorry, I don't understand what you mean by 'retelling of "checksums of old"'.
On Mon, Apr 1, 2019 at 12:30 PM Josh Elser <[email protected]> wrote:
I think Mike's point was your VOTE template does not reflect the
retelling of "checksums of old"
> (Append ".sha1", ".md5", or ".asc" to download the signature/hash for
a given artifact.)
On 3/31/19 10:54 PM, Christopher wrote:
Mike,
We already stopped using md5 and sha1 for the release artifacts on the
mirrors. I did this some time ago, and we discussed it on list on
previous vote threads (last year)... which resulted in me changing the
release candidate build script automated tooling to embed the SHA512
sums for the tarballs directly in the release vote message. I even
went back and updated the downloads page for the previous releases and
updated the mirrors to be SHA512 only. Because of these steps I took,
Accumulo was one of the first projects across the entire ASF who were
100% compliant immediately after INFRA VP updated the release
distribution policy you linked.
*This is a resolved action for Accumulo.*
FWIW, SHA512 was also used as the hash algorithm in the GPG signature
(same as every RC I've ever prepped for ASF). The only remaining md5
and sha1 reference are Maven-specific tooling, and we have no control
over that tooling. We could change the vote template to no longer
mention them, but I don't see the point since they're still relevant
within the context of Maven artifact hosting, and that's the context
in which they are presented in the vote email.
On Sun, Mar 31, 2019 at 1:59 PM Michael Wall <[email protected]> wrote:
-1 for the issue with commons config
I check the signatures, they are good. We should stop using md5 and sha1
though, see https://www.apache.org/dev/release-distribution#sigs-and-sums.
Has anyone looked at moving to sha256 and/org sha512?
Successful run of mvn clean verify -Psunny
On Sat, Mar 30, 2019 at 11:31 PM Keith Turner <[email protected]> wrote:
I completed a continuous ingest run on a 10 node cluster running
Centos 7. I used the native map. I had to rebuild Accumulo to work
around #1065 inorder to get the verify M/R job to run.
org.apache.accumulo.test.continuous.ContinuousVerify$Counts
REFERENCED=34417110819
UNREFERENCED=9097524
On Wed, Mar 27, 2019 at 7:57 PM Christopher <[email protected]> wrote:
Accumulo Developers,
Please consider the following candidate for Apache Accumulo 1.9.3.
This supersedes RC1 and contains the following change:
https://github.com/apache/accumulo/pull/1057
Git Commit:
94f9782242a1f336e176c282f0f90063a21e361d
Branch:
1.9.3-rc2
If this vote passes, a gpg-signed tag will be created using:
git tag -f -m 'Apache Accumulo 1.9.3' -s rel/1.9.3 \
94f9782242a1f336e176c282f0f90063a21e361d
Staging repo:
https://repository.apache.org/content/repositories/orgapacheaccumulo-1077
Source (official release artifact):
https://repository.apache.org/content/repositories/orgapacheaccumulo-1077/org/apache/accumulo/accumulo/1.9.3/accumulo-1.9.3-src.tar.gz
Binary:
https://repository.apache.org/content/repositories/orgapacheaccumulo-1077/org/apache/accumulo/accumulo/1.9.3/accumulo-1.9.3-bin.tar.gz
(Append ".sha1", ".md5", or ".asc" to download the signature/hash for
a given artifact.)
In addition to the tarballs, and their signatures, the following checksum
files will be added to the dist/release SVN area after release:
accumulo-1.9.3-src.tar.gz.sha512 will contain:
SHA512 (accumulo-1.9.3-src.tar.gz) =
b366b89295b1835038cb242f8ad46b1d8455753a987333f0e15e3d89749540f2cd59db1bc6cf7100fc9050d3d0bc7340a3b661381549d40f2f0223d4120fd809
accumulo-1.9.3-bin.tar.gz.sha512 will contain:
SHA512 (accumulo-1.9.3-bin.tar.gz) =
cc909296d9bbd12e08064fccaf21e81b754c183a8264dfa2575762c76705fd0c580b50c2b224c60feaeec120bd618fba4d6176d0f53e96e1ca9da0d9e2556f1f
Signing keys are available at https://www.apache.org/dist/accumulo/KEYS
(Expected fingerprint: 8CC4F8A2B29C2B040F2B835D6F0CDAE700B6899D)
Release notes (in progress) can be found at:
https://accumulo.apache.org/release/accumulo-1.9.3/
Release testing instructions:
https://accumulo.apache.org/contributor/verifying-release
Please vote one of:
[ ] +1 - I have verified and accept...
[ ] +0 - I have reservations, but not strong enough to vote against...
[ ] -1 - Because..., I do not accept...
... these artifacts as the 1.9.3 release of Apache Accumulo.
This vote will remain open until at least Sun Mar 31 00:00:00 UTC 2019.
(Sat Mar 30 20:00:00 EDT 2019 / Sat Mar 30 17:00:00 PDT 2019)
Voting can continue after this deadline until the release manager
sends an email ending the vote.
Thanks!
P.S. Hint: download the whole staging repo with
wget -erobots=off -r -l inf -np -nH \
https://repository.apache.org/content/repositories/orgapacheaccumulo-1077/
# note the trailing slash is needed
