On Sun, May 15, 2016 at 4:57 PM Hervé BOUTEMY <herve.bout...@free.fr> wrote:
> Hi, > > We solved 16 issues: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311250&version=12332150&styleName=Text > > Staging repo: > https://repository.apache.org/content/repositories/orgapacheapache-1008/ > > https://repository.apache.org/content/repositories/orgapacheapache-1008/org/apache/apache/18/apache-18-source-release.zip > > Changes since the last release: > > http://svn.apache.org/viewvc/maven/pom/tags/apache-18/pom.xml?r1=HEAD&r2=1675930&diff_format=h > > Source release checksum(s): > apache-18-source-release.zip sha1: 4515e18322edd0b6fd28c31779abbdb72ee619cd > > Staging site: > http://maven.apache.org/pom-archives/asf-LATEST/ > > Guide to testing staged releases: > http://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > +1 (non-binding) Verified signatures and hashes and previewed changes from last RC. I did notice that Hervé's key is pretty old and weak now (1024 DSA/2048 Elgamal), and that the digest algorithm used for the signature was the not-recommended SHA-1. I recommend future releases use SHA512 for the digest algorithm [1], and Hervé think about transitioning to a stronger key [2] (at the very least, update the existing key to prefer SHA512 when signing [3]). [1]: https://www.apache.org/dev/openpgp#sha1 [2]: https://www.apache.org/dev/openpgp#generate-key [3]: https://www.apache.org/dev/openpgp#key-prefs
