just need to update that dist key file is all. I think mike did update the git entry.
On Mon, May 15, 2017 at 3:12 PM, James Wing <jvw...@gmail.com> wrote: > Michael, > > What's the plan for the PGP key distribution, or how do we get your key > into the KEYS file? > > Thanks, > > James > > On Sun, May 14, 2017 at 5:36 PM, Michael Moser <mose...@apache.org> wrote: > >> Hello Apache NiFi community, >> >> Please find the associated guidance to help those interested in >> validating/verifying the 0.7.3 release so they can vote. >> >> # Download latest KEYS file: >> https://dist.apache.org/repos/dist/dev/nifi/KEYS >> >> # Download the key used to sign this release: >> https://people.apache.org/keys/committer/mosermw.asc >> >> # Import keys file: >> gpg --import KEYS >> >> # Import key used to sign this release: >> gpg --import mosermw.asc >> >> # [optional] Clear out local maven artifact repository >> >> # Pull down nifi-0.7.3 source release artifacts for review: >> wget https://repository.apache.org/content/repositories/ >> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- >> source-release.zip >> wget https://repository.apache.org/content/repositories/ >> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- >> source-release.zip.asc >> wget https://repository.apache.org/content/repositories/ >> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- >> source-release.zip.md5 >> wget https://repository.apache.org/content/repositories/ >> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- >> source-release.zip.sha1 >> >> # Verify the signature >> gpg --verify nifi-0.7.3-source-release.zip.asc >> >> # Verify the hashes (md5, sha1, sha256) match the source and what was >> provided in the vote email thread >> # NOTE: the repository does not have the >> nifi-0.7.3-source-release.zip.sha256 file, please find that hash in >> the vote email thread >> md5sum nifi-0.7.3-source-release.zip >> sha1sum nifi-0.7.3-source-release.zip >> sha256sum nifi-0.7.3-source-release.zip >> >> # Unzip nifi-0.7.3-source-release.zip >> >> # Verify the build works including release audit tool (RAT) checks >> cd nifi-0.7.3 >> mvn clean install -Pcontrib-check >> >> # Verify the contents contain a good README, NOTICE, and LICENSE. >> >> # Verify the git commit ID is correct >> >> # Verify the RC was branched off the correct git commit ID >> >> # Look at the resulting convenience binary as found in nifi-assembly/target >> >> # Make sure the README, NOTICE, and LICENSE are present and correct >> >> # Run the resulting convenience binary and make sure it works as expected >> >> # Send a response to the vote thread indicating a +1, 0, -1 based on >> your findings. >> >> Thank you for your time and effort to validate the release! >>
