I think which version of gpg used is not important, so long as the signatures are valid and can be consumed universally. Likewise with the checksum calculations. I agree that standardizing on this for the project would be helpful for all parties, but until we enforce generating release artifacts in jenkins, I think discrepancies between release managers is acceptable. I do find it startling that there's a difference between what's on the tag and what's in the tgz, but since it's not product changes, only dev tools, it's not enough to sink the RC.
Now for my +1 - verified signing key for both tgzs - run with 1.0.1 and checkout of branch-1.0/HEAD in local mode - create table, load example data with psql, list tables and content - start query server and perform similar experiments there; everything works as expected and log levels look good - checked src tgzl with apache-rat:check, and verified no .class, .jar, .orig, ~ files present - build src tgz, UT all pass (with PHOENIX-1963 applied, thanks Gabriel. Missing a close() in test is not bad enough to sink the RC.) On Wed, May 13, 2015 at 9:10 PM, rajeshb...@apache.org < chrajeshbab...@gmail.com> wrote: > @Gabriel, > bq. The format that the checksums are written in here makes it > impossible to check them with an automated tool, which is a bit of an > issue for me and perhaps a bigger issue for people who count on that > working for all software downloads. Any reason for the change? > > Sorry for this. When I read > https://www.apache.org/dev/openpgp.html#generate-key this link > I thought it's fine to have install gpg2 or gpg and went to install gpg2. > Didn't realize this problem. > Next time make release with gpg. > > Thanks, > Rajeshbabu. > > > On Thu, May 14, 2015 at 9:08 AM, Enis Söztutar <e...@apache.org> wrote: > > > Here is my +1. > > > > Verified sigs, crcs. > > Run with HBase-1.0.1 local mode. > > Tried the examples. > > checked directory layouts, jars > > checked src tarball contents vs tag > > > > +1 to what Gabriel says. > > Enis > > > > > > > > > > On Tue, May 12, 2015 at 1:04 PM, Gabriel Reid <gabriel.r...@gmail.com> > > wrote: > > > > > +1 to release. I ran the same checks and ran into the same issues as > > > with the HBase-0.98 variant, which I'm reposting below for > > > completeness. > > > > > > * Verified the checksums and signatures, they all match up, but I > > > noticed that they were created differently (using gpg2) than previous > > > releases. The format that the checksums are written in here makes it > > > impossible to check them with an automated tool, which is a bit of an > > > issue for me and perhaps a bigger issue for people who count on that > > > working for all software downloads. Any reason for the change? > > > * I successfully ran the full integration test suite, although it took > > > a few tries due to failures on > > > org.apache.phoenix.pherf.ResultTest#testMonitorResult. I've logged > > > this in JIRA (PHOENIX-1963) > > > * I successfully ran rat, although initially ran into some issues with > > > artifacts that were left over from the previous build and not cleaned > > > up by 'mvn clean', logged in PHOENIX-1964 > > > * I attempted to verify that the contents of the tag > > > (v4.4.0-HBase-0.98-rc1) are identical to the contents of the source > > > distribution, and noticed that they aren't -- the make_rc.sh script is > > > different between these two (it includes among other things the > > > changed checksum calculation). This isn't enough to sink this build, > > > but it's something we should try to avoid in the future. > > > > > > - Gabriel > > > > > > On Tue, May 12, 2015 at 2:41 AM, rajeshb...@apache.org > > > <chrajeshbab...@gmail.com> wrote: > > > > Hi Everyone, > > > > > > > > This is a call for a vote on Apache Phoenix 4.4.0-HBase-1.0 RC1. This > > is > > > the > > > > next minor release of Phoenix 4, compatible with the 1.0(branch of > > > > Apache HBase(1.0.1+) . The release includes both a source-only > release > > > and a > > > > convenience binary release. > > > > > > > > The 4.4.0-HBase-1.0 release has feature parity with our pending > > > > 4.4.0-HBase-0.98 release. New features include: > > > > - Support HBase HA Query(timeline-consistent region replica read)[1] > > > > - Alter session query support(at present changing query consistency > > > level. > > > > Can be used for changing connection properties.) > > > > > > > > The source tarball, including signatures, digests, etc can be found > at: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.4.0-HBase-1.0-rc1/src/ > > > > > > > > The binary artifacts can be found at: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.4.0-HBase-1.0-rc1/bin/ > > > > > > > > Release artifacts are signed with the following key: > > > > http://people.apache.org/~rajeshbabu/E3A65DBC.asc > > > > > > > > KEYS file available here: > > > > https://dist.apache.org/repos/dist/release/phoenix/KEYS > > > > > > > > The hash and tag to be voted upon: > > > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=09d1840876d7b55e32d753b6666541eb7df22b85 > > > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.4.0-HBase-1.0-rc1 > > > > > > > > Vote will be open for at least 72 hours. Please vote: > > > > > > > > [ ] +1 approve > > > > [ ] +0 no opinion > > > > [ ] -1 disapprove (and reason why) > > > > > > > > Thanks, > > > > The Apache Phoenix Team > > > > > > > > [1] https://issues.apache.org/jira/browse/PHOENIX-1683 > > > > > >