+1 I verified all md5 hashes, sha1 checksums, and digital signatures (output below) I tested all sbt actions for several active DFDL schema development projects, large and small.
Output from hash/checksum/sig check: gpg --verify ./sbt-daffodil-1.3.0.jar.asc ./sbt-daffodil-1.3.0.jar gpg: Signature made Fri 24 Jan 2025 01:15:31 PM EST gpg: using RSA key B58C81142758101A43D5B17D36F3494B033AE661 gpg: Good signature from "Steve Lawrence <slawre...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B58C 8114 2758 101A 43D5 B17D 36F3 494B 033A E661 PASSED GPG Signature Check gpg --verify ./sbt-daffodil_2.12_1.0-1.3.0-javadoc.jar.asc ./sbt-daffodil_2.12_1.0-1.3.0-javadoc.jar gpg: Signature made Fri 24 Jan 2025 01:15:30 PM EST gpg: using RSA key B58C81142758101A43D5B17D36F3494B033AE661 gpg: Good signature from "Steve Lawrence <slawre...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B58C 8114 2758 101A 43D5 B17D 36F3 494B 033A E661 PASSED GPG Signature Check gpg --verify ./sbt-daffodil_2.12_1.0-1.3.0.jar.asc ./sbt-daffodil_2.12_1.0-1.3.0.jar gpg: Signature made Fri 24 Jan 2025 01:15:30 PM EST gpg: using RSA key B58C81142758101A43D5B17D36F3494B033AE661 gpg: Good signature from "Steve Lawrence <slawre...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B58C 8114 2758 101A 43D5 B17D 36F3 494B 033A E661 PASSED GPG Signature Check gpg --verify ./sbt-daffodil_2.12_1.0-1.3.0-sources.jar.asc ./sbt-daffodil_2.12_1.0-1.3.0-sources.jar gpg: Signature made Fri 24 Jan 2025 01:15:29 PM EST gpg: using RSA key B58C81142758101A43D5B17D36F3494B033AE661 gpg: Good signature from "Steve Lawrence <slawre...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B58C 8114 2758 101A 43D5 B17D 36F3 494B 033A E661 PASSED GPG Signature Check gpg --verify ./sbt-daffodil-1.3.0-javadoc.jar.asc ./sbt-daffodil-1.3.0-javadoc.jar gpg: Signature made Fri 24 Jan 2025 01:15:30 PM EST gpg: using RSA key B58C81142758101A43D5B17D36F3494B033AE661 gpg: Good signature from "Steve Lawrence <slawre...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B58C 8114 2758 101A 43D5 B17D 36F3 494B 033A E661 PASSED GPG Signature Check gpg --verify ./sbt-daffodil-1.3.0-sources.jar.asc ./sbt-daffodil-1.3.0-sources.jar gpg: Signature made Fri 24 Jan 2025 01:15:31 PM EST gpg: using RSA key B58C81142758101A43D5B17D36F3494B033AE661 gpg: Good signature from "Steve Lawrence <slawre...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B58C 8114 2758 101A 43D5 B17D 36F3 494B 033A E661 PASSED GPG Signature Check ALL JARS VALIDATED GPG SIGNATURES md5sum ./sbt-daffodil-1.3.0.jar PASS MD5 Comparison md5sum ./sbt-daffodil_2.12_1.0-1.3.0-javadoc.jar PASS MD5 Comparison md5sum ./sbt-daffodil_2.12_1.0-1.3.0.jar PASS MD5 Comparison md5sum ./sbt-daffodil_2.12_1.0-1.3.0-sources.jar PASS MD5 Comparison md5sum ./sbt-daffodil-1.3.0-javadoc.jar PASS MD5 Comparison md5sum ./sbt-daffodil-1.3.0-sources.jar PASS MD5 Comparison md5sum ./sbt-daffodil_2.12_1.0-1.3.0-sources.jar.asc PASS MD5 Comparison md5sum ./sbt-daffodil-1.3.0-javadoc.jar.asc PASS MD5 Comparison md5sum ./sbt-daffodil_2.12_1.0-1.3.0-javadoc.jar.asc PASS MD5 Comparison md5sum ./sbt-daffodil-1.3.0.jar.asc PASS MD5 Comparison md5sum ./sbt-daffodil_2.12_1.0-1.3.0.jar.asc PASS MD5 Comparison md5sum ./sbt-daffodil-1.3.0-sources.jar.asc PASS MD5 Comparison All files checked md5 sums sha1sum ./sbt-daffodil-1.3.0.jar PASS SHA1 Comparison sha1sum ./sbt-daffodil_2.12_1.0-1.3.0-javadoc.jar PASS SHA1 Comparison sha1sum ./sbt-daffodil_2.12_1.0-1.3.0.jar PASS SHA1 Comparison sha1sum ./sbt-daffodil_2.12_1.0-1.3.0-sources.jar PASS SHA1 Comparison sha1sum ./sbt-daffodil-1.3.0-javadoc.jar PASS SHA1 Comparison sha1sum ./sbt-daffodil-1.3.0-sources.jar PASS SHA1 Comparison sha1sum ./sbt-daffodil_2.12_1.0-1.3.0-sources.jar.asc PASS SHA1 Comparison sha1sum ./sbt-daffodil-1.3.0-javadoc.jar.asc PASS SHA1 Comparison sha1sum ./sbt-daffodil_2.12_1.0-1.3.0-javadoc.jar.asc PASS SHA1 Comparison sha1sum ./sbt-daffodil-1.3.0.jar.asc PASS SHA1 Comparison sha1sum ./sbt-daffodil_2.12_1.0-1.3.0.jar.asc PASS SHA1 Comparison sha1sum ./sbt-daffodil-1.3.0-sources.jar.asc PASS SHA1 Comparison All files checked SHA1 sums ALL ARCHIVES VALIDATED GPG SIGNATURES All ARCHIVES checked SHA512 sums ALL PASSED On Tue, Jan 28, 2025 at 11:53 AM Kilo, Olabusayo <ok...@owlcyberdefense.com> wrote: > +1 (binding) > > I checked: > > [OK] release webpage links all work > [X] typo on release notes page: "daffodilVersion 3.2.0 or new" -> > "daffodilVersion 3.2.0 or newer" > [OK] verified links in emails all work > [OK] verified generating saved schema works for 1.3.0 > [OK] verified export functionality works > > > -- > Lola Kilo > ________________________________ > From: Steve Lawrence <slawre...@apache.org> > Sent: Friday, January 24, 2025 1:22 PM > To: dev@daffodil.apache.org <dev@daffodil.apache.org> > Subject: [VOTE] Release Apache Daffodil SBT Plugin 1.3.0-rc1 > > Hi all, > > I'd like to call a vote to release Apache Daffodil SBT Plugin 1.3.0-rc1. > > All distribution packages, including signatures, digests, etc. can be > found at: > > https://dist.apache.org/repos/dist/dev/daffodil/daffodil-sbt/1.3.0-rc1/ > > Staging artifacts can be found at: > > https://repository.apache.org/content/repositories/orgapachedaffodil-1049/ > > This release has been signed with PGP key 36F3494B033AE661, corresponding > to > slawre...@apache.org, which is included in the KEYS file here: > > https://downloads.apache.org/daffodil/KEYS > > The release candidate has been tagged in git with v1.3.0-rc1. > > For reference, here is a list of all resolved issues in the 1.3.0 > milestone: > > https://github.com/apache/daffodil-sbt/milestone/4?closed=1 > > For a summary of the changes in this release, see: > > https://daffodil.apache.org/sbt/1.3.0 > > Please review and vote. The vote will be open for at least 72 hours > (Wednesday, > 29 January 2025, 1:30 PM EST). > > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > Thanks, > - Steve >
