Hi Jeremias,
First, I don't believe Apache policy is explicit as far as a
requirement to publish public keys in a public key server, but there
is a requirement to add the key to the KEYS file.
On Jan 12, 2009, at 9:21 AM, Jeremias Maerki wrote:
Is that a requirement?
The signature is meaningful to folks who download the software and try
to verify it. Tthe KEYS file is a double check that the publicly
available key is actually the same key as the Apache key.
I think more important would be that Charles' key
were integrated in the Apache web of trust.
This will be needed to graduate (my personal requirement).
So far his key hasn't been
signed. Anyway, with the key from the KEYS file (when retrieved
through
SVN) you can verify the release artifacts. At least that's how I did
it.
Right. But I don't think we should expect users of the software (the
audience for the signature) to make the effort to have to find the key.
Craig
On 12.01.2009 18:14:52 Craig L Russell wrote:
I couldn't get the public key for the signatures. Are they uploaded
to
a public key server?
[dhcp-usca14-133-42:~/Downloads] clr% gpg --verify apache-sanselan-
incubating-0.96-src.tar.gz.asc.txt apache-sanselan-incubating-0.96-
src.tar
gpg: Signature made Fri Jan 9 08:41:23 2009 PST using DSA key ID
5D0CF7F8
gpg: Can't check signature: public key not found
[dhcp-usca14-133-42:~/Downloads] clr% gpg --recv-keys 5D0CF7F8
gpg: requesting key 5D0CF7F8 from hkp server subkeys.pgp.net
gpgkeys: key 5D0CF7F8 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
[dhcp-usca14-133-42:~/Downloads] clr%
The RAT looks better, and nothing that should hold up release.
Once I can verify the signature, I can approve this.
Craig
On Jan 12, 2009, at 2:09 AM, Jeremias Maerki wrote:
Sorry for the late response. I've played with the release a bit and
reviewed the usual things to look for. Looks fine to me.
+1 from me.
One thing that bugged me is the continued presence of tab characters
in
the source code but obviously that isn't a show-stopper, only
personal
preference.
On 09.01.2009 18:05:21 Charles Matthew Chen wrote:
Hi everyone,
It looks like this release is ready to put to a vote.
Thanks for the feedback, Carsten. I've rectified the missing
apache license headers and removed those two extraneous files.
I've
rolled another release candidate with a new version number.
http://people.apache.org/~cmchen/dist/incubator/sanselan/0.96/
Apache RAT output for this release can be found here:
http://people.apache.org/~cmchen/rat-bin-0.96.txt
http://people.apache.org/~cmchen/rat-src-0.96.txt
The intent is for this release to reside here:
http://www.apache.org/dist/incubator/sanselan/0.96/
Please take a look.
Charles
On Fri, Jan 9, 2009 at 2:18 AM, Carsten Ziegeler <[email protected]
wrote:
Hi Charles,
happy new year and sorry for the very late feedback (somehow I
overlooked this).
I think we should fix the header in the source files before
releasing.
The rat report for the src dist marks several java files with
"?????".
The src dist also contains the ".classpath" and ".project" files
which
we should exclude (but this is not a show stopper).
So I think after fixing the java headers, the release looks good.
Thanks
Carsten
Charles Matthew Chen wrote:
Hello all,
It feels like its time for another release - 0.95. We have a
growing number of fixes and improvements that include:
* Added more unit tests around BMP.
* Added more images to the test image suite.
* Fixed a bug where errors were being wrongly logged to
System.out.
* Moved the example code into the test source directory, to
comply
with Maven's standard project layout.
* Added a couple of images to the sample image library that
demonstrate a couple variations on Photoshop/IPTC data.
* Fixed a small bug in the IPTC constants introduced while
cleaning
up the constants.
* Started shift towards moving field-level parsing into
BinaryInputStream and BinaryOutputStream.
* Fixed a png unit test that used a piece of Java 1.6 syntax.
* Added unit tests around the new IPTC functionality.
* Added IPTC remove/update/insert functionality.
* Rewrote the IPTC parsing support.
* Added improved support for reading and writing iTXt, tEXt, zTXt
Png chunks.
Added a unit test that demonstrates the feature.
* Found a new regression wherein DeflaterOutputStream needs to be
closed.
* Added the .tar.bz2 distributions back into the maven assembly
descriptors.
* Moved the example/sample code to a new top-level source folder,
"example."
* Replaced dependency on java.util.zip.DeflaterOutputStream,
which is
only available in Java 1.6.
* Added a unit test around reading and writing images in every
format.
* We now sort some (but not all) GIF color tables.
* Applied the BMP "buffer flushing" bug to the PBM reading and
writing code.
* Fixed a regression around flushing the bit buffer when writing
BMPs
with very small palettes.
* Removed assumption about DataBuffer type when reading BMPs.
* When writing a GIF, we now always include a Graphic Control
Extension block, even if its not necessary.
* We are more defensive about missing GCEs.
* Lastly, we now set a minimum bound on initial code sizes for
LZW-compressed Gif image data.
* Found a regression in writing TIFFs around strip offsets being
properly updated. Not a LZW issue after all.
Added a few unit tests around this issue.
see: https://issues.apache.org/jira/browse/SANSELAN-6
* Added ability to remove and update XMP XML in existing JPEG
files.
* Added ability to embed XMP XML when writing the following
formats:
GIF, PNG, TIFF.
* Improved handling of tEXt and zTXt PNG text blocks.
* Added XMP XML extraction for the following formats: GIF
(untested),
JPEG, TIFF, PNG, PSD.
* Added RELEASE_NOTES file (this file).
* Added Apache license header to bin.xml and src.xml Maven
assembly
descriptors.
* Added Javadocs to the binary distribution
The release should closely resemble the previous release (0.94)
in
structure.
This release incorporates a number of improvements suggested in
the
last release process, such as including javadocs in the binary
distribution.
The one potential problem that I am aware of is that Maven
didn't
generate md5 or sha1 checksums for any of the files. I'm not
sure why
- I'm using the same assembly files as for the last release. I
generated the .md5 and .sha1 files "by hand", using the
md5sum.exe and
fciv.exe implementations.
The proposed release can be found here:
http://people.apache.org/~cmchen/dist/incubator/sanselan/0.95/
Apache RAT output for this release can be found here:
http://people.apache.org/~cmchen/rat-bin-0.95.txt
http://people.apache.org/~cmchen/rat-src-0.95.txt
The intent is for this release to reside here:
http://www.apache.org/dist/incubator/sanselan/0.95/
Please take a look if you get a chance. Given that it is the
holiday season in many countries, perhaps we should extend the
voting
deadline?
Thanks,
Charles
--
Carsten Ziegeler
[email protected]
Jeremias Maerki
Craig L Russell
Architect, Sun Java Enterprise System http://db.apache.org/jdo
408 276-5638 mailto:[email protected]
P.S. A good JDO? O, Gasp!
Jeremias Maerki
Craig L Russell
Architect, Sun Java Enterprise System http://db.apache.org/jdo
408 276-5638 mailto:[email protected]
P.S. A good JDO? O, Gasp!
