Thank you for finding that.
Hmm. I have no idea what has happened. It must be some kind of user
error but the date does not suggest anything to me.
I will start again with a new key.
Andy
On 03/11/16 14:17, A. Soroka wrote:
The source distro builds (mvn clean install) for me on Mac OS X
10.10.5 using Java 1.8.0_40 and Maven 3.3.9. Lots of Javadoc warnings
(especially those weird ones about @propertyGetter, @propertySetter and
@propertyDescription) but they are nothing new. Checksums verify for
source distro. Andy's sig looks good, except...
/tmp gpg --fingerprint 9CC7ECFE
pub 4096R/9CC7ECFE 2014-06-16 [revoked: 2016-08-16]
Key fingerprint = F0BA C675 207A 38AB F863 DAEA 1FD1 063C 9CC7 ECFE
uid [ revoked] Andy Seaborne (Code signing key) <[email protected]>
It seems that Andy, you signed with "9CC7ECFE", and if I interpret
"http://pgpkeys.mit.edu/pks/lookup?search=Seaborne&op=vindex"; correctly (a big "if") you
revoked that key on 2016-08-16? Am I misreading that?
On a side note, I get:
ERROR: cannot verify dist.apache.org's certificate, issued by `/C=US/O=Symantec
Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA -
G4':
Unable to locally verify the issuer's authority.
from dist.apache.org and I had to go with wget's --no-check-certificate. Should
I raise a ticket with infrastructure about that?
Yes.
---
A. Soroka
The University of Virginia Library
On Nov 2, 2016, at 5:39 PM, Andy Seaborne <[email protected]> wrote:
Hi,
Here is a vote on a release of Jena 3.1.1
(with Fuseki 2.4.1 and Fuseki 1.4.1).
This is the first proposed candidate for this release.
* Dependency changes:
New module:
jena-fuseki2/jena-fuseki-embedded
Updates:
com.github.jsonld-java:jsonld-java 0.7.0 -> 0.8.3
org.apache.httpcomponents:httpClient 4.2.6 -> 4.5.2
org.apache.httpcomponents:httpCache 4.2.6 -> 4.5.2
org.apache.httpcomponents:httpCore 4.2.5 -> 4.4.4
com.jayway.awaitility:awaitility 1.6.4 -> 1.7.0
com.spatial4j:spatial4j 0.4.1 -> 0.5
org.slf4j:* 1.7.20 -> 1.7.21
commons-codec:commons-codec 1.9 -> 1.10
org.apache.commons:commons-collections4 4.0 -> 4.1
org.apache.commons:commons-csv 1.0 -> 1.3
org.apache.commons:commons-lang3 3.3.2 -> 3.4
org.apache.thrift:libthrift 0.9.2 -> 0.9.3
org.apache.mrunit:mrunit 1.0.0 -> 1.1.0
com.github.rvesse:airline 2.1.0 -> 2.1.1
Key features of the release:
* Completed F&O XPath3 functions
JENA-508 - Alessandro Seganti
* ComplexPhraseQueryParser
JENA-1180 - Andrew Dolby
* Additional vocabularies (DCAT, VoID, ROV, ORG)
JENA-1206 - Bart Hanssens
* Improvement to the Fuseki service script for RHEL/Centos 6.
JENA-1219 - Dan Pritts
* ORDER BY now cancelable.
* Txn : a highlevel API for working with transactions
http://jena.staging.apache.org/documentation/txn/txn.html
* Embedded Fuseki
http://jena.staging.apache.org/documentation/fuseki2/fuseki-embedded.html
* Property path speed ups (JENA-1195)
* Upgrade to Apache HttpClient v4.3 API
=> auth changes cause API changes.
Everyone, not just committers, is invited to test and vote.
Staging repository:
https://repository.apache.org/content/repositories/orgapachejena-1014/
Proposed dist/ area:
https://dist.apache.org/repos/dist/dev/jena/
Keys:
https://svn.apache.org/repos/asf/jena/dist/KEYS
Git commit (browser URL):
https://git-wip-us.apache.org/repos/asf/jena/commit/9be9e53f40
Git Commit Hash:
9be9e53f40eb3b043f72332db2d49d89e9f3d4ba
Git Commit Tag:
jena-3.1.1-rc1
Please vote to approve this release:
[ ] +1 Approve the release
[ ] 0 Don't care
[ ] -1 Don't release, because ...
This vote will be open to at least
Saturday, 5 Nov 2016, 23:59 UTC
If you expect to check the release but the 72 hour limit does not work
for you, please email within the schedule above with an expected time
and we can extend the vote period.
Thanks,
Andy
Checking needed:
+ does everything work on Linux?
+ does everything work on MS Windows?
+ does everything work on OS X?
+ are the GPG signatures fine?
+ are the checksums correct?
+ is there a source archive?
+ can the source archive really be built?
+ is there a correct LICENSE and NOTICE file in each artifact
(both source and binary artifacts)?
+ does the NOTICE file contain all necessary attributions?
+ have any licenses of dependencies changed due to upgrades?
if so have LICENSE and NOTICE been upgraded appropriately?
+ does the tag/commit in the SCM contain reproducible sources?
