I change my vote to +1 binding I have checked the latest files, key and the following: * Signature and hash are good * Release note looks fine * Release hash matches with tag * LICENSE and NOTICE exit * All files have LICENSE header except for several demo purpose configuration files which seems to be fine to fix later * Dependencies fine
On Fri, Jul 16, 2021 at 2:37 PM 胡锋 <[email protected]> wrote: > Hi, > > I have updated the latest keys file and uploaded it to the svn repository. > > Key :6C763D903EC3BDC3 > > Jun Liu <[email protected]> 于2021年7月12日周一 上午10:56写道: > > > Hi, > > > > The newly added signature cannot be verified for the following reason: > > > > gpg --verify apache-dubbo-js-4.0.0-source-release.zip.asc > > apache-dubbo-js-4.0.0-source-release.zip > > gpg: Signature made Tue Jul 6 23:32:10 2021 CST using RSA key ID > 3EC3BDC3 > > gpg: Can't check signature: No public key > > > > > The artifacts have been signed with Key :35F44C444B811C10, which can be > > > found in the keys file: > > > > > > https://dist.apache.org/repos/dist/dev/dubbo/KEYS > > > > Seems like the key actually used is not the one stated in the voting > > thread? > > > > Jun > > > > > On Jul 6, 2021, at 11:38 PM, 胡锋 <[email protected]> wrote: > > > > > > Hi, > > > > > > I have fixed this problem and svn uploaded the signature file > > > > > > hufeng > > > > > > Justin Mclean <[email protected]> 于2021年7月6日周二 下午8:42写道: > > > > > >> Hi, > > >> > > >>> There’s no signature file under this directory. > > >> > > >> But that curl be easily fixed and the voting continue. > > >> > > >> Kind Regards, > > >> Justin > > > > >
