On Tuesday 25 September 2007, Guillaume Nodet wrote: > I think we should add a section to the release guide with all the > checks we need to do to verify the release: > * artifacts are signed > * KEYS file present with key inside > * check this bug of the gpg plugin
This one will be gone soon. I started the vote for the GPG plugin yesterday. Hopefully, by the end of the week, you can update the version of GPG you use to 1.0-beta-4 and that issue will go away. Dan > * ... > > On 9/24/07, Daniel Kulp <[EMAIL PROTECTED]> wrote: > > OK..... New issue (very minor).... > > > > Due to a bug in the GPG plugin (I have it fixed, am starting a new > > release shortly), some of your asc files have the wrong name. > > Example: > > > > http://people.apache.org/~ffang/maven_staging_graduate/org/apache/se > >rvicemix/samples/loan-broker/loan-broker-lw-su/3.1.2/ > > > > loan-broker-lw-su-3.1.2-.zip.asc > > should just be: > > loan-broker-lw-su-3.1.2.zip.asc > > Just rename it and you should be all set. > > > > Probably a find for "-." should find all of them. > > > > Dan > > > > On Monday 24 September 2007, Freeman Fang wrote: > > > Hi Dan, > > > > > > You can find my public key from > > > http://pgp.mit.edu:11371/pks/lookup?search=Freeman+Fang&op=vindex > > > now, signed by Bo. > > > Also I put it into KEYS. > > > > > > Since I generate new private and public key to sign and deploy it > > > again, so to verify the signature, you need download the kit and > > > its .asc again. > > > > > > Best Regards > > > > > > Freeman > > > > > > Daniel Kulp wrote: > > > > On Friday 21 September 2007, Guillaume Nodet wrote: > > > >> In theory, the public key should be in the web of trust. > > > >> See http://people.apache.org/~henkp/trust/ > > > > > > > > Well, yes. But I need to see the key first to see if its been > > > > signed by anyone. Right now, we cannot even get that far.... > > > > > > > > Freeman: I assume you are sitting pretty close to Bo. The two > > > > of you should have a quick "key signing party" and get your keys > > > > signed. Then get the public key into the public keyservers and > > > > into the KEYS file. That would be a start (since Bo's key has > > > > been signed by other apache folks). > > > > > > > > Dan > > > > > > > >> On 9/21/07, Daniel Kulp <[EMAIL PROTECTED]> wrote: > > > >>> Minor issue: > > > >>> Your GPG public key is not in the KEYS file. I also could > > > >>> not find it in the public keyserver at pgp.mit.edu. Thus, I > > > >>> could not verify the signatures. > > > >>> > > > >>> Dan > > > >>> > > > >>> Freeman Fang wrote: > > > >>>> Hi All, > > > >>>> > > > >>>> I have uploaded a version of ServiceMix 3.1.2 for you to > > > >>>> review. See > > > >>>> http://cwiki.apache.org/confluence/display/SM/ServiceMix+3.1. > > > >>>>2 for all the links and release notes. > > > >>>> > > > >>>> [ ] +1 Release ServiceMix 3.1.2 > > > >>>> [ ] ± 0 > > > >>>> [ ] -1 Do not release ServiceMix 3.1.2 > > > >>>> > > > >>>> Cheers > > > >>>> > > > >>>> Freeman > > > >>> > > > >>> -- > > > >>> View this message in context: > > > >>> http://www.nabble.com/-VOTE--Release-ServiceMix-3.1.2-tf449161 > > > >>>7s12 > > > >>> > > > >>>04 9.html#a12824617 Sent from the ServiceMix - Dev mailing list > > > >>> archive at Nabble.com. > > > > -- > > J. Daniel Kulp > > Principal Engineer > > IONA > > P: 781-902-8727 C: 508-380-7194 > > [EMAIL PROTECTED] > > http://www.dankulp.com/blog -- J. Daniel Kulp Principal Engineer IONA P: 781-902-8727 C: 508-380-7194 [EMAIL PROTECTED] http://www.dankulp.com/blog
