+1 >From src zip: ASC, MD5, SHA1 OK.
Build passes with 'mvn clean site'. Tests, CLIRR, RAT and reports OK. Used: Apache Maven 3.5.0 (ff8f5e7444045639af65f6095c62210b5713f426; 2017-04-03T12:39:06-07:00) Maven home: C:\Java\apache-maven-3.5.0\bin\.. Java version: 1.7.0_80, vendor: Oracle Corporation Java home: C:\Program Files\Java\jdk1.7.0_80\jre Default locale: en_US, platform encoding: Cp1252 OS name: "windows 8.1", version: "6.3", arch: "amd64", family: "windows" Gary On Thu, Jun 8, 2017 at 8:55 AM, Gary Gregory <garydgreg...@gmail.com> wrote: > > > On Thu, Jun 8, 2017 at 5:17 AM, Rob Tompkins <chtom...@gmail.com> wrote: > >> >> >> > On Jun 8, 2017, at 8:09 AM, sebb <seb...@gmail.com> wrote: >> > >> >> On 8 June 2017 at 01:20, Gary Gregory <garydgreg...@gmail.com> wrote: >> >> The ASC does not seem to have a public key.: >> >> >> >> gpg --verify commons-fileupload-1.3.3-source-release.zip.asc >> > >> > That is not the recommended way to check a sig; you also need the >> target file >> > >> > $ gpg --verify downloaded_file.asc downloaded_file >> >> Indeed, but if you don't specify it looks in the current directory for >> the file. >> > > Works like a charm now: > > $ gpg --verify commons-fileupload-1.3.3-src.zip.asc > commons-fileupload-1.3.3-src.zip > gpg: Signature made 06/06/17 17:31:41 ric using RSA key ID 5ECBB314 > gpg: Good signature from "Rob Tompkins <chtom...@apache.org>" [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: B6E7 3D84 EA4F CC47 1660 8725 3FAA D2CD 5ECB B314 > > Gary > > >> >> > >> >> gpg: assuming signed data in 'commons-fileupload-1.3.3-sour >> ce-release.zip' >> > >> > Note that gpg is assuming where to find the data. >> > >> >> gpg: Signature made 12/04/16 05:15:02 Pacific Standard Time using DSA >> key >> >> ID 7188601C >> >> *gpg: Can't check signature: No public key* >> > >> > However if the .asc file was not detached, gpg would not check the >> target file. >> > >> > https://www.apache.org/info/verification.html#specify_both >> > >> >> >> >> Also, the file naming should be consistent, >> >> https://dist.apache.org/repos/dist/dev/commons/fileupload/source/ has >> both >> >> "source-release" and "src". Not sure how you can end up with the >> >> differences beyond just the file extension. >> >> >> >> Gary >> >> >> >> >> >>> On Tue, Jun 6, 2017 at 11:20 AM, Rob Tompkins <chtom...@apache.org> >> wrote: >> >>> >> >>> Hello all, >> >>> >> >>> This is a [VOTE] for releasing Apache Commons Fileupload 1.3.3 (from >> RC5). >> >>> >> >>> Tag name: >> >>> commons-fileupload-1.3.3-RC5 (signature can be checked from git >> using >> >>> 'git tag -v') >> >>> >> >>> Tag URL: >> >>> https://git-wip-us.apache.org/repos/asf?p=commons- >> >>> fileupload.git;a=commit;h=dd2238b1671644cfead0e87c24a8ac61b4039084 >> >>> >> >>> Commit ID the tag points at: >> >>> dd2238b1671644cfead0e87c24a8ac61b4039084 >> >>> >> >>> Site: >> >>> http://home.apache.org/~chtompki/commons-fileupload-1.3.3-RC5 >> >>> >> >>> Distribution files (committed at revision 19901): >> >>> https://dist.apache.org/repos/dist/dev/commons/fileupload/ >> >>> >> >>> Distribution files hashes (SHA1): >> >>> commons-fileupload-1.3.3-bin.tar.gz >> >>> (SHA1: 2f4a9672168641ff726974a3b7cc68b97d1212fa) >> >>> commons-fileupload-1.3.3-bin.zip >> >>> (SHA1: b66e2c434ddbda90dfc9e92af4775d9777524bfa) >> >>> commons-fileupload-1.3.3-src.tar.gz >> >>> (SHA1: 71294a7d737a8ced04934c222ae6dfb16e4d8d73) >> >>> commons-fileupload-1.3.3-src.zip >> >>> (SHA1: 661172a2f62b460c4b754b7a0f04d412afabde52) >> >>> >> >>> These are the Maven artifacts and their hashes: >> >>> commons-fileupload-1.3.3-javadoc.jar >> >>> (SHA1: 92d2fc371379d64a822150ca3882157564dd3f99) >> >>> commons-fileupload-1.3.3-sources.jar >> >>> (SHA1: c8c7bcb851fb5af0b19e4ea845cf2fc03de6f673) >> >>> commons-fileupload-1.3.3-test-sources.jar >> >>> (SHA1: 5e0d8c621d38694e0f2960ab2899ee1d67f2b708) >> >>> commons-fileupload-1.3.3-tests.jar >> >>> (SHA1: 20510147958fc759582e6ede789ccf31d056b232) >> >>> commons-fileupload-1.3.3.jar >> >>> (SHA1: fd754c7518772453aea1d5ffc32cb5ce0ebc0e40) >> >>> commons-fileupload-1.3.3.pom >> >>> (SHA1: 97d781eafc190f4fee3abf11f9ec8076f5f7b58c) >> >>> >> >>> KEYS file to check signatures: >> >>> http://www.apache.org/dist/commons/KEYS >> >>> >> >>> Maven artifacts: >> >>> https://repository.apache.org/content/repositories/ >> >>> orgapachecommons-1249 >> >>> >> >>> Please select one of the following options[1]: >> >>> [ ] +1 Release it. >> >>> [ ] +0 Go ahead; I don't care. >> >>> [ ] -0 There are a few minor glitches: ... >> >>> [ ] -1 No, do not release it because ... >> >>> >> >>> This vote will be open at least 72 hours, i.e. until >> >>> 2017-06-09T19:00:00Z >> >>> (this is UTC time). >> >>> -------- >> >>> >> >>> Cheers, >> >>> -Rob >> >>> >> >>> [1] http://apache.org/foundation/voting.html >> >>> --------------------------------------------------------------------- >> >>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> >>> For additional commands, e-mail: dev-h...@commons.apache.org >> >>> >> >>> >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> > For additional commands, e-mail: dev-h...@commons.apache.org >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> >> >