Although still I don't know how to import the WoT, but it seems I can find committers in the WoT in my city and meet locally personally to join the WoT. Will try it out.
Best, tison. tison <[email protected]> 于2022年7月1日周五 18:26写道: > Hi Jordan, > > Thanks for reviewing the release candidate. > > I read the doc and try to verify 5.2.1 release artifact and get: > > apache-curator-5.2.1-source-release.zip > gpg: Signature made 一 3/14 16:07:11 2022 CST > gpg: using RSA key BBE7232D7991050B54C8EA0ADC08637CA615D22C > gpg: Good signature from "Enrico Olivelli <[email protected]>" > [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: BBE7 232D 7991 050B 54C8 EA0A DC08 637C A615 D22C > > It also has the warning printed. Did I miss something to import? > > BTW, I may not have opportunity to attend an offline Apache meetup in this > month, which seems the only approach to join the WoT. > > Best, > tison. > > > Jordan Zimmerman <[email protected]> 于2022年7月1日周五 17:53写道: > >> Hi, >> >> Zili - your PGP key isn't in the WOT. That should be done before I make >> my vote. Apache has docs on this here: >> https://infra.apache.org/release-signing.html#web-of-trust < >> https://infra.apache.org/release-signing.html#web-of-trust> >> >> i.e. when I verify the hashes I get: >> >> gpg: Signature made Thu Jun 30 17:54:38 2022 WEST >> gpg: using RSA key 8B374472FAD328E17F479863B379691FC6E298DD >> gpg: Good signature from "Zili Chen (CODE SIGNING KEY) <[email protected]>" >> [unknown] >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the >> owner. >> Primary key fingerprint: 8B37 4472 FAD3 28E1 7F47 9863 B379 691F C6E2 >> 98DD >> >> -Jordan >> >> > On Jun 30, 2022, at 6:21 PM, tison <[email protected]> wrote: >> > >> > Hello, >> > >> > This is the vote for Apache Curator version 5.3.0 >> > >> > *** Please download, test and vote within approx. 72 hours >> > >> > Note that we are voting upon the source (tag) and binaries are provided >> for >> > convenience. >> > >> > Link to release notes: >> > >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12314425&version=12351883 >> > >> > Staging repo: >> > https://dist.apache.org/repos/dist/dev/curator/5.3.0/ >> > >> > Binary artifacts: >> > >> https://repository.apache.org/content/repositories/orgapachecurator-1053 >> > >> > The tag to be voted upon: >> > https://github.com/apache/curator/releases/tag/apache-curator-5.3.0 >> > >> > Curator's KEYS file containing PGP keys we use to sign the release: >> > https://www.apache.org/dist/curator/KEYS >> > >> > [ ] +1 approve >> > [ ] +0 no opinion >> > [ ] -1 disapprove (and reason why) >> > >> > Best, >> > tison. >> >>
