I guess "https://people.apache.org/keys/group/sentry.asc"; needs to be copied/merged to "https://dist.apache.org/repos/dist/release/sentry/KEYS";. This should be done before the release is promoted. As I can now verify the signature, it's +1 from me on the release.
Colm. On Tue, Jun 7, 2016 at 5:45 PM, Colm O hEigeartaigh <[email protected]> wrote: > Hi Stravya/Hao, > > It's strange, it looks like Firefox corrupts the ".sha" file when > downloading it. When I download it via "wget" it's fine. I guess we can > ignore this anyway. > > Everything looks good, however I can't verify the signature on the > release, as Hao's key is not included in: > > https://dist.apache.org/repos/dist/release/sentry/KEYS > > The only keys in there are: > > gpg: key 22E26224: public key "Shreepadma Venugopalan (CODE SIGNING KEY) < > [email protected]>" imported > gpg: key 7D66174C: public key "Tuong Truong (CODE SIGNING KEY) < > [email protected]>" imported > gpg: key E2DE1E32: public key "gqshen (CODE SIGNING KEY) < > [email protected]>" imported > gpg: key AED7ED79: public key "Dapeng Sun (CODE SIGNING KEY) < > [email protected]>" imported > > Colm. > > On Fri, Jun 3, 2016 at 9:43 PM, Sravya Tirukkovalur <[email protected]> > wrote: > >> I checked as well and sha seems fine to me too. @Colm what exactly do you >> see ? >> >> +1 from me. >> >> Verified the following. >> >> - Made sure RCs are hosted @ >> https://dist.apache.org/repos/dist/dev/sentry >> - Is in format apache-$project-$version.tar.gz >> - Verified Signatures and hashes. >> - git tag matches the released bits (diff -rf) >> - Can compile successfully from source >> - Verified NOTICE has correct year >> - All files have correct headers (Rat check is clean) >> - No jar files in the release >> >> >> Regards, >> >> On Fri, Jun 3, 2016 at 11:59 AM, Hao Hao <[email protected]> wrote: >> >>> Hi Colm, >>> >>> Thanks for checking! But not sure how did you verify it? I downloaded the >>> sha file and it seems look good to me: >>> >>> cat apache-sentry-1.7.0-src.tar.gz.sha >>> 81c23908bc35e79a1a7c7e031cb904ee187f12bb apache-sentry-1.7.0-src.tar.gz >>> >>> Does anyone else give it a try? Thanks a lot! >>> >>> Best, >>> Hao >>> >>> On Thu, Jun 2, 2016 at 7:57 AM, Colm O hEigeartaigh <[email protected] >>> > >>> wrote: >>> >>> > I think the ".sha" file is corrupted, it appears to contain binary >>> data. >>> > >>> > Colm. >>> > >>> > On Thu, Jun 2, 2016 at 7:56 AM, Hao Hao <[email protected]> wrote: >>> > >>> > > Hi all, >>> > > >>> > > This is the release of Apache Sentry, version 1.7.0. The list of >>> fixed >>> > > issues, added features and improvements can be found here: >>> > > https://s.apache.org/FTD1 >>> > > >>> > > Source files: >>> https://dist.apache.org/repos/dist/dev/sentry/1.7.0-rc0/ >>> > > >>> > > Tag to be voted on (rc0): >>> > > >>> > > >>> > >>> https://git-wip-us.apache.org/repos/asf?p=sentry.git;a=commit;h=735543e71d478f5bcd6be2b991ed26fc95abbb1b >>> > > Sentry's KEYS containing the PGP key we used to sign the release: >>> > > https://people.apache.org/keys/group/sentry.asc >>> > > >>> > > Note that this is a source only release and we are voting on the >>> > > source: tag=release-1.7.0, >>> SHA=735543e71d478f5bcd6be2b991ed26fc95abbb1b >>> > > >>> > > >>> > > Vote will be open for 72 hours. >>> > > >>> > > [ ] +1 approve >>> > > [ ] +0 no opinion >>> > > [ ] -1 disapprove (and reason why) >>> > > >>> > > >>> > > Thanks, >>> > > Hao >>> > > >>> > >>> > >>> > >>> > -- >>> > Colm O hEigeartaigh >>> > >>> > Talend Community Coder >>> > http://coders.talend.com >>> > >>> >> >> >> >> -- >> Sravya Tirukkovalur >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
