I've never done the authentication side before - but if I can help let me know
> On Jul 1, 2022, at 12:14 PM, tison <[email protected]> wrote: > > Although still I don't know how to import the WoT, but it seems I can find > committers in the WoT in my city and meet locally personally to join the > WoT. Will try it out. > > Best, > tison. > > > tison <[email protected]> 于2022年7月1日周五 18:26写道: > >> Hi Jordan, >> >> Thanks for reviewing the release candidate. >> >> I read the doc and try to verify 5.2.1 release artifact and get: >> >> apache-curator-5.2.1-source-release.zip >> gpg: Signature made 一 3/14 16:07:11 2022 CST >> gpg: using RSA key BBE7232D7991050B54C8EA0ADC08637CA615D22C >> gpg: Good signature from "Enrico Olivelli <[email protected]>" >> [unknown] >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the >> owner. >> Primary key fingerprint: BBE7 232D 7991 050B 54C8 EA0A DC08 637C A615 D22C >> >> It also has the warning printed. Did I miss something to import? >> >> BTW, I may not have opportunity to attend an offline Apache meetup in this >> month, which seems the only approach to join the WoT. >> >> Best, >> tison. >> >> >> Jordan Zimmerman <[email protected]> 于2022年7月1日周五 17:53写道: >> >>> Hi, >>> >>> Zili - your PGP key isn't in the WOT. That should be done before I make >>> my vote. Apache has docs on this here: >>> https://infra.apache.org/release-signing.html#web-of-trust < >>> https://infra.apache.org/release-signing.html#web-of-trust> >>> >>> i.e. when I verify the hashes I get: >>> >>> gpg: Signature made Thu Jun 30 17:54:38 2022 WEST >>> gpg: using RSA key 8B374472FAD328E17F479863B379691FC6E298DD >>> gpg: Good signature from "Zili Chen (CODE SIGNING KEY) <[email protected]>" >>> [unknown] >>> gpg: WARNING: This key is not certified with a trusted signature! >>> gpg: There is no indication that the signature belongs to the >>> owner. >>> Primary key fingerprint: 8B37 4472 FAD3 28E1 7F47 9863 B379 691F C6E2 >>> 98DD >>> >>> -Jordan >>> >>>> On Jun 30, 2022, at 6:21 PM, tison <[email protected]> wrote: >>>> >>>> Hello, >>>> >>>> This is the vote for Apache Curator version 5.3.0 >>>> >>>> *** Please download, test and vote within approx. 72 hours >>>> >>>> Note that we are voting upon the source (tag) and binaries are provided >>> for >>>> convenience. >>>> >>>> Link to release notes: >>>> >>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12314425&version=12351883 >>>> >>>> Staging repo: >>>> https://dist.apache.org/repos/dist/dev/curator/5.3.0/ >>>> >>>> Binary artifacts: >>>> >>> https://repository.apache.org/content/repositories/orgapachecurator-1053 >>>> >>>> The tag to be voted upon: >>>> https://github.com/apache/curator/releases/tag/apache-curator-5.3.0 >>>> >>>> Curator's KEYS file containing PGP keys we use to sign the release: >>>> https://www.apache.org/dist/curator/KEYS >>>> >>>> [ ] +1 approve >>>> [ ] +0 no opinion >>>> [ ] -1 disapprove (and reason why) >>>> >>>> Best, >>>> tison. >>> >>>
