On Tue, 13 Mar 2018, Alan Gates wrote:
Date: Tue, 13 Mar 2018 18:04:08 +0100
From: Alan Gates <alanfga...@gmail.com>
To: general@incubator.apache.org
Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
I can't find a KEYS file anywhere in HAWQ to check the key
against. There is also no name associated with the key, so I'm not
clear how to check the signature.
Actually, you don't need a KEYS file to verify a .asc :
% gpg apache-hawq-src-2.3.0.0-incubating.tar.gz.asc
gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET
gpg: using RSA key CE60F90D1333092A
gpg: Can't check signature: No public key
No public key ; so, fetch it :
% gpg --keyserver pgp.surfnet.nl --recv-key CE60F90D1333092A
gpg: requesting key CE60F90D1333092A from hkp server pgp.surfnet.nl
gpg: key CE60F90D1333092A: public key "Yi Jin <y...@apache.org>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
... and --verify :
% gpg --verify apache-hawq-src-2.3.0.0-incubating.tar.gz.asc
gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET
gpg: using RSA key CE60F90D1333092A
gpg: Good signature from "Yi Jin <y...@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 092A
% gpg --verify apache-hawq-rpm-2.3.0.0-incubating-rc2.tar.gz.asc
gpg: Signature made Tue 27 Feb 2018 04:38:53 AM CET
gpg: using RSA key CE60F90D1333092A
gpg: Good signature from "Yi Jin <y...@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 092A
Note :
- Always use long (16-hex) key-id's, because short (8-hex)
key-id's often point (also) to fake keys.
In your $HOME/.gnupg/gpg.conf configure : keyid-format long
- To check that CE60F90D1333092A is authorised to sign the artifacts,
is another matter.
IMHO, KEYS files serve no purpose.
Regards,
Henk Penning
------------------------------------------------------------ _
Henk P. Penning, ICT-beta R Uithof MG-403 _/ \_
Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik <ro...@shaposhnik.org>
wrote:
+1 (binding)
* checked sigs and checksums
* checked licenses
* checked for archive matching git tag
Thanks,
Roman.
On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik <c...@apache.org>
wrote:
+1 [biding]
- signature check [ok]
- checksum check [ok]
- licenses check (RAT) [ok]
I haven't tried to build it because of the complexity of the build
process and multiplicity of the environment configurations. To lower
the entry barrier, I would recommend the community to think how to
wrap these steps into the build system. You can go as far as to
provide an "official" toolchain for the project. In Bigtop, we even
provide official Docker containers were people can start working with
the project in under 2 minutes and without any need for additional
error prone configuration steps.
--
With regards,
Konstantin (Cos) Boudnik
2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 E622
Disclaimer: Opinions expressed in this email are those of the author,
and do not necessarily represent the views of any company the author
might be affiliated with at the moment of writing.
On Tue, Mar 6, 2018 at 6:56 PM, Yi JIN <y...@apache.org> wrote:
Hi IPMC members,
The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has passed.
So I request IPMC now to vote on this release candidate. Thank you!
The release page is here:
https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0-
incubating+Release
The PPMC vote thread is located here:
https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54
156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E
The artifacts can be downloaded here:
https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.
0-incubating.RC2/
The artifacts have been signed with Key : CE60F90D1333092A
All JIRAs completed for this release are tagged with 'FixVersion
=2.3.0.0-incubating'
https://issues.apache.org/jira/secure/ReleaseNote.jspa?
version=12340262&styleName=Html&projectId=12318826
Please vote accordingly:
[ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release
[ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating
release
because...
The vote will run for at least 72 hours.
Best regards,
Yi Jin (yjin)
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
