Hi, Zili - your PGP key isn't in the WOT. That should be done before I make my vote. Apache has docs on this here: https://infra.apache.org/release-signing.html#web-of-trust <https://infra.apache.org/release-signing.html#web-of-trust>
i.e. when I verify the hashes I get: gpg: Signature made Thu Jun 30 17:54:38 2022 WEST gpg: using RSA key 8B374472FAD328E17F479863B379691FC6E298DD gpg: Good signature from "Zili Chen (CODE SIGNING KEY) <[email protected]>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 8B37 4472 FAD3 28E1 7F47 9863 B379 691F C6E2 98DD -Jordan > On Jun 30, 2022, at 6:21 PM, tison <[email protected]> wrote: > > Hello, > > This is the vote for Apache Curator version 5.3.0 > > *** Please download, test and vote within approx. 72 hours > > Note that we are voting upon the source (tag) and binaries are provided for > convenience. > > Link to release notes: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12314425&version=12351883 > > Staging repo: > https://dist.apache.org/repos/dist/dev/curator/5.3.0/ > > Binary artifacts: > https://repository.apache.org/content/repositories/orgapachecurator-1053 > > The tag to be voted upon: > https://github.com/apache/curator/releases/tag/apache-curator-5.3.0 > > Curator's KEYS file containing PGP keys we use to sign the release: > https://www.apache.org/dist/curator/KEYS > > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > Best, > tison.
