Hi - +1 (binding)
Keys present DISCLAIMER checked - See (3) LICENSE and NOTICE checked Signature and Hash checked Rat Check run - See (2) below. Did NOT build, I’m on a macOS - See (1) below. (1) In subsequent releases please make sure that the instructions are to build from the source releases and NOT the GitHub tags as these are not immutable. Also the Docker files and build shell scripts refer to GitHub and not the source release. I understand that these distinctions may be difficult considering CI/CD vs. Release Policy. I also think that the Milagro Crypto dependency should be picked from a release and not a Github tag. (2) I believe License headers should be added to: ./Dockerfile ./Dockerfile-alpine ./build-static.sh ./build.sh ./go.mod ./go.sum ./lint.sh ./test.sh ./cmd/servicetester/e2e_test.sh ./cmd/servicetester/fulltest.sh ./cmd/servicetester/id_test.sh ./libs/crypto/libpqnist/CMakeLists.txt ./libs/crypto/libpqnist/CPackConfig.cmake ./libs/crypto/libpqnist/cmake_uninstall.cmake.in ./libs/crypto/libpqnist/examples/CMakeLists.txt ./libs/crypto/libpqnist/include/CMakeLists.txt ./libs/crypto/libpqnist/src/CMakeLists.txt ./libs/crypto/libpqnist/test/smoke/CMakeLists.txt ./libs/crypto/libpqnist/testVectors/aes/CBCMMT256.rsp ./libs/documents/docs.proto ./pkg/safeguardsecret/README.md (3) Consider use of the DISCLAIMER-WIP. Good to see progress here. Regards, Dave > On Sep 17, 2019, at 9:02 AM, John McCane-Whitney <j...@qredo.com> wrote: > > Hi, > > This is a call to vote to release Apache Milagro (incubating) Decentralized > Trust Authority v0.1.0 (alpha release). > > The Apache Milagro (incubating) community has voted to approve this release > with 6 +1 votes. The vote result thread can be found here: > > https://lists.apache.org/thread.html/d4b0d5c1c1a2ed991104f0804d6faaaf70f32a865316d5aaf91e18bf@%3Cdev.milagro.apache.org%3E > > RELEASE TAG: > Milagro Decentralized Trust Authority v0.1.0 (alpha release) release tag: > https://github.com/apache/incubator-milagro-dta/releases/tag/0.1.0 > Please see the release notes at the above link for a full description and > release rationale. > > DESCRIPTION SUMMARY: > The Apache Milagro (Incubating) Decentralized Trust Authority (D-TA) is a > collaborative key management server. It has two primary functions: > > -Issue shares of identity-based Type-3 pairing secrets for initializing > zero-knowledge proof multi-factor authentication (ZKP-MFA) networks of > clients and authentication servers. > -Safeguards shares of generic secrets, acting independently but in > conjunction with other D-TA nodes, for the benefit of other D-TA nodes. > > In the use case where it issues shares, the D-TA holds nothing except for its > Master Secret and acts as a distributed private key generation server. In the > use case where it is safeguarding shares of secrets, it is up to the > application developer to implement back-end application logic to hold those > shares securely. Examples include using Hardware Security Modules (HSMs) via > an on-board PKCS#11 implementation to create a realm of key encryption keys, > or multi-party computation through BLS signature aggregation. > > RELEASE RATIONALE SUMMARY: > By default, the D-TA allows requests from a Principal's D-TA for an secp256k1 > public key from a Fiduciary D-TA and then to subsequently allow the Principal > to request its corresponding private key. Whilst this may have utility on its > own, the Milagro community's intention is to extend the capability of the > server over time to meet many key generation, storage and distribution use > cases. This will be achieved using the D-TA's plugin architecture, and to > this end, the initial release includes two plugins to demonstrate the D-TA's > extensibility. > > Subsequent releases will enable the D-TA to issue Type-3 pairing/identity > based secrets for "M-Pin" clients and servers ("M-Pin" is a zero-knowledge > authentication protocol in the milagro-crypto-c library that also facilitates > multi-factor authentication). In parallel with this will be a rewritten > release of the Milagro MFA Authentication server (the original authentication > server was conflated with the D-TA function limiting its security efficacy). > > The Milagro community is publishing this first release of the D-TA now to > elicit feedback from a wider community that may have interest in an open > source, decentralized key generation, storage and distribution solution. Our > intention is to then to release a series of enhanced versions culminating > with a production-ready GA version. > > Please see the README for build/test instructions and > https://milagro.apache.org/docs/d-ta-overview for a full overview and usage > guide. > > RELEASE FILES: > The repo has the required DISCLAIMER, NOTICE and LICENSE files in its root > directory. All source files have the appropriate license header. No > binaries are included in this release. I have successfully built and ran the > tests as per the instructions in the readme file on Ubuntu 18, Ubuntu 19, > Debian 10 and MacOS 10.14 Mojave. > > Release links: > Source code archive: > https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz > SHA512 checksum: > https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.sha512 > PGP Signature: > https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-dta-0.1.0-incubating/apache-milagro-dta-0.1.0-incubating-src.tar.gz.asc > > Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS > > Please note that the project's website (https://milagro.apache.org) will be > updated with download links as soon as the release's approval has been > completed and the archives are available for public download. > > We now kindly request that the Incubator PMC members review and vote on this > incubator release as follows: > > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove with the reason > > Checklist for reference: > > [ ] Download links are valid > [ ] Checksums and PGP signatures are valid > [ ] DISCLAIMER, LICENCE & NOTICE files are included > [ ] Source code archives have correct names matching the current release. > [ ] All source code files have licence headers > [ ] No compiled binaries are included > [ ] Library builds correctly and all tests pass (as per the instructions in > the readme file) > > The vote will be open for a minimum of 72 hours. 3 x +1 votes are required > to approve this release. > > Many thanks, > > John > > John McCane-Whitney > Director of Product at Qredo Ltd > T: +44 7966 490687 > Kemp House > 152 - 160 City Road > London > EC1V 2NX > https://qredo.com > Qredo Ltd is a limited company registered in England and Wales (registered > number 7834052). This e-mail and any attachments are confidential, and are > intended only for the named addressee(s). If you are not the intended > recipient you may not copy, disclose to anyone else or otherwise use the > content of this e-mail or any attachment thereto and should notify the sender > immediately and delete them from your system. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
