carrying over my +1 binding from the Pekko community vote. On 2024/03/09 09:57:49 Matthew de Detrich wrote: > > Please use the official URL for KEYS: > > > https://downloads.apache.org/incubator/pekko/KEYS > > This says that the KEYS file can be obtained from the source archive. > > > This is totally insecure. > > > Anyone could create their own key and add it to the KEYS file in their > own version of the source. > > > The KEYS file should not be included in the source, and documentation > should only refer to fetching the KEYS file directly from the official > location. > > Apologies, we have an email template that is used and evidently it needs > to be updated which I have just done[1] > > 1: > https://github.com/apache/incubator-pekko-site/wiki/Pekko-Release-Process/_compare/74fb418670e2524f5765e1155c63b7244e2b2669 > > Thanks, > Matthew de Detrich > > On Sat, Mar 9, 2024 at 10:44 AM sebb <seb...@gmail.com> wrote: > > > On Sat, 9 Mar 2024 at 09:01, Matthew de Detrich > > <matthew.dedetr...@aiven.io.invalid> wrote: > > > > > > Hello Incubator Community, > > > > > > This is a call for a vote to release Apache Pekko(incubating) Sbt Paradox > > > version 1.0.1-RC2. > > > > > > The discussion thread: > > > > > > https://lists.apache.org/thread/8wp7h76dktr99hz6lrclmz7z5or19kdn > > > > > > The Pekko vote thread: > > > > > > https://lists.apache.org/thread/vmxqly8ttsrq82czpcpto34zgk2ndl7x > > > > > > The Pekko vote result: > > > > > > https://lists.apache.org/thread/405ph9bl73zm5rf96p6yp7dcf2tthqc6 > > > > > > The release candidate: > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/pekko/SBT-PARADOX-1.0.1-RC2/ > > > > > > This release has been signed with a PGP key, available here: > > > > > > https://dist.apache.org/repos/dist/release/incubator/pekko/KEYS > > > > Please use the official URL for KEYS: > > > > https://downloads.apache.org/incubator/pekko/KEYS > > > > > Purpose: > > > > > > This is a build tool used in Apache Pekko projects to build the web > > pages. > > > > > > Git branch for the release: > > > > > > > > https://github.com/apache/incubator-pekko-sbt-paradox/releases/tag/v1.0.1-RC2 > > > Git commit ID: 810043faf10780020a6742b0c2af5dde83dfd628 > > > > > > Please download, verify, and test. > > > > > > We have also staged jars in the Apache Nexus Repository. These were > > > built with the same code as appears in this Source Release Candidate. We > > > would appreciate if users could test with these too. > > > If anyone finds any serious problems with these jars, please also notify > > us > > > on this thread. > > > > > > https://repository.apache.org/content/groups/staging/org/apache/pekko/ > > > > > > In sbt, you can add this resolver. > > > > > > resolvers += "Apache Pekko Staging" at " > > > https://repository.apache.org/content/groups/staging"; > > > > > > The vote will be left open for at least 72 hours. > > > > > > [ ] +1 approve > > > [ ] +0 no opinion > > > [ ] -1 disapprove with the reason > > > > > > To learn more about Apache Pekko, please see https://pekko.apache.org/ > > > > > > Checklist for reference: > > > > > > [ ] Download links are valid. > > > [ ] Checksums and signatures. > > > [ ] LICENSE/NOTICE files exist > > > [ ] No unexpected binary files > > > [ ] Source files have ASF headers > > > [ ] Can compile from source > > > > > > To compile from the source, please refer to: > > > > > > > > https://github.com/apache/incubator-pekko-http/blob/main/README.md#building-from-source > > > > > > Some notes about verifying downloads can be found at: > > > > > > https://pekko.apache.org/download.html#verifying-downloads > > > > This says that the KEYS file can be obtained from the source archive. > > > > This is totally insecure. > > > > Anyone could create their own key and add it to the KEYS file in their > > own version of the source. > > > > The KEYS file should not be included in the source, and documentation > > should only refer to fetching the KEYS file directly from the official > > location. > > > > > > > Here is my +1 (binding). > > > > > > Thanks, > > > Matthew de Detrich > > > > > > -- > > > > > > Matthew de Detrich > > > > > > *Aiven Deutschland GmbH* > > > > > > Immanuelkirchstraße 26, 10405 Berlin > > > > > > Alexanderufer 3-7, 10117 Berlin > > > > > > Amtsgericht Charlottenburg, HRB 209739 B > > > > > > Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen > > > > > > *m:* +491603708037 > > > > > > *w:* aiven.io *e:* matthew.dedetr...@aiven.io > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > -- > > Matthew de Detrich > > *Aiven Deutschland GmbH* > > Immanuelkirchstraße 26, 10405 Berlin > > Alexanderufer 3-7, 10117 Berlin > > Amtsgericht Charlottenburg, HRB 209739 B > > Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen > > *m:* +491603708037 > > *w:* aiven.io *e:* matthew.dedetr...@aiven.io >
--------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
