I think we're good. We need his signing key is in the KEYS file at the time we publish the release. It sounds like we're on track for that - his key is checked into the git KEYS file, and someone has been enlisted to publish the KEYS file. I'm sorry to promote confusion, I wasn't sure what the process for that was, or if it had been started.
Thanks, James On Mon, May 15, 2017 at 2:53 PM, Tony Kurc <trk...@gmail.com> wrote: > Joe, James, Mike, > I think I got confused. Do we need to get Mike's gpg public key which he > used to sign in that KEYS file, or is the key Mike put in the helper > sufficient? If it isn't sufficient, we need someone with access to svn to > add Mike, correct? > > Tony > > On Mon, May 15, 2017 at 4:34 PM, Michael Moser <moser...@gmail.com> wrote: > > > Yeah, I didn't have write permission to SVN > > https://dist.apache.org/repos/dist/ which I assumed was because I'm a > > committer and not on the PMC. I've enlisted a PMC member's help to > > put the release up there if this vote passes. > > > > > > On Mon, May 15, 2017 at 3:13 PM, Joe Witt <joe.w...@gmail.com> wrote: > > > just need to update that dist key file is all. I think mike did > > > update the git entry. > > > > > > On Mon, May 15, 2017 at 3:12 PM, James Wing <jvw...@gmail.com> wrote: > > >> Michael, > > >> > > >> What's the plan for the PGP key distribution, or how do we get your > key > > >> into the KEYS file? > > >> > > >> Thanks, > > >> > > >> James > > >> > > >> On Sun, May 14, 2017 at 5:36 PM, Michael Moser <mose...@apache.org> > > wrote: > > >> > > >>> Hello Apache NiFi community, > > >>> > > >>> Please find the associated guidance to help those interested in > > >>> validating/verifying the 0.7.3 release so they can vote. > > >>> > > >>> # Download latest KEYS file: > > >>> https://dist.apache.org/repos/dist/dev/nifi/KEYS > > >>> > > >>> # Download the key used to sign this release: > > >>> https://people.apache.org/keys/committer/mosermw.asc > > >>> > > >>> # Import keys file: > > >>> gpg --import KEYS > > >>> > > >>> # Import key used to sign this release: > > >>> gpg --import mosermw.asc > > >>> > > >>> # [optional] Clear out local maven artifact repository > > >>> > > >>> # Pull down nifi-0.7.3 source release artifacts for review: > > >>> wget https://repository.apache.org/content/repositories/ > > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > > >>> source-release.zip > > >>> wget https://repository.apache.org/content/repositories/ > > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > > >>> source-release.zip.asc > > >>> wget https://repository.apache.org/content/repositories/ > > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > > >>> source-release.zip.md5 > > >>> wget https://repository.apache.org/content/repositories/ > > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > > >>> source-release.zip.sha1 > > >>> > > >>> # Verify the signature > > >>> gpg --verify nifi-0.7.3-source-release.zip.asc > > >>> > > >>> # Verify the hashes (md5, sha1, sha256) match the source and what was > > >>> provided in the vote email thread > > >>> # NOTE: the repository does not have the > > >>> nifi-0.7.3-source-release.zip.sha256 file, please find that hash in > > >>> the vote email thread > > >>> md5sum nifi-0.7.3-source-release.zip > > >>> sha1sum nifi-0.7.3-source-release.zip > > >>> sha256sum nifi-0.7.3-source-release.zip > > >>> > > >>> # Unzip nifi-0.7.3-source-release.zip > > >>> > > >>> # Verify the build works including release audit tool (RAT) checks > > >>> cd nifi-0.7.3 > > >>> mvn clean install -Pcontrib-check > > >>> > > >>> # Verify the contents contain a good README, NOTICE, and LICENSE. > > >>> > > >>> # Verify the git commit ID is correct > > >>> > > >>> # Verify the RC was branched off the correct git commit ID > > >>> > > >>> # Look at the resulting convenience binary as found in > > nifi-assembly/target > > >>> > > >>> # Make sure the README, NOTICE, and LICENSE are present and correct > > >>> > > >>> # Run the resulting convenience binary and make sure it works as > > expected > > >>> > > >>> # Send a response to the vote thread indicating a +1, 0, -1 based on > > >>> your findings. > > >>> > > >>> Thank you for your time and effort to validate the release! > > >>> > > >
