On Wed, 1 Nov 2017, at 23:21, Joan Touzet wrote: > Dear community, > > I would like to release Apache CouchDB 2.1.1-RC2. > > Changes since 2.1.1-RC1 are here: > > https://github.com/apache/couchdb/compare/2.1.1-RC1...2.1.1-RC2 > > Human-readable change notes are here: > > http://docs.couchdb.org/en/latest/whatsnew/2.1.html#version-2-1-1 > > We encourage the whole community to download and test these release > artefacts so that any critical issues can be resolved before the release > is made. Everyone is free to vote on this release, so dig right in! > > The release artefacts we are voting on are available here: > > wget > > https://dist.apache.org/repos/dist/dev/couchdb/source/2.1.1/rc.2/apache-couchdb-2.1.1-RC2.tar.gz > wget > > https://dist.apache.org/repos/dist/dev/couchdb/source/2.1.1/rc.2/apache-couchdb-2.1.1-RC2.tar.gz.asc > wget > > https://dist.apache.org/repos/dist/dev/couchdb/source/2.1.1/rc.2/apache-couchdb-2.1.1-RC2.tar.gz.sha256 > wget > > https://dist.apache.org/repos/dist/dev/couchdb/source/2.1.1/rc.2/apache-couchdb-2.1.1-RC2.tar.gz.sha512
Thanks Joan! - sha256 is fine - gpg sig is fine - sha512 is not, I see 143 bytes of garbage & not ascii-fied hexadecimal SHA256 (apache-couchdb-2.1.1-RC2.tar.gz) = 44b15b96e4d009fd86e6fa3076c58abe9ca59d7e01b19f5c3f5d6ffa4c748aa8 SHA512 (apache-couchdb-2.1.1-RC2.tar.gz) = 02e642194916bb6bda289aa03df612f6a1ea542b8f9edbb7578362352f48e90e78aac8ade6d3186b593dc10e3b0f0f42a3c2d0b0767dc6568602d71805d7e28d NB - the gpg sig verifies after `curl http://apache.org/dist/couchdb/KEYS | gpg --import -` which is out of step with our docs. I've tweaked the wiki https://cwiki.apache.org/confluence/display/COUCHDB/Testing+a+Source+Release to include sha256 + sha512 instead of md5 + sha1, and updated the gpg key fetching step. Given gpg + sha256 matches, I'm OK for you re-confirming and uploading your sha512 if you feel that's appropriate. Rest will come later, along with my actual vote. A+ Dave