I am closing this vote, it was passed with 4 binding votes. Stefan Emmanuel Shawn Kiran
I'll publish the artifacts, update the website, and prepare the annoucemail. thank you all. On Mon, Aug 10, 2015 at 11:24 PM, Shawn McKinney <smckin...@apache.org> wrote: > +1 > > Built from source using Java 8 on ubuntu14. > > Next I’ll test with fortress using apacheds/mavibot M8. Will let you know > how it goes but no reason to hold up the vote. > > Shawn > > > On Aug 10, 2015, at 1:43 AM, Emmanuel Lécharny <elecha...@gmail.com> > wrote: > > > > My +1. > > > > > > I do agree that a 4096 keys is better for releases, although the current > > requirement is "Committers with a DSA key or an RSA key of length *less > > than* 2048 bits should generate a new key for signing releases" . > > > > Kiran's ky is 2048 bits long, whihc is strictly speaking, the bare > > minimum to cut a release. I suspect this will not hold for ever, it's > > probably a good move to generate this 4096 bits long key before the next > > release. > > > > > > Packages and tag checked, signature checked. > > > > Note that the sign.sh script is not part of the release, and it's hust a > > tool that is provided to release managers, for convenience. Also note > > that the XXX.asc files get signed too, which is unnecessary : tis is a > > by-product of the release+sign.sh script. I usually remove them before > > pushing the package son people.a.o... > > > > Thanks Kiran ! > > > > -- Kiran Ayyagari http://keydap.com
