Re: FW: RE: [VOTE] Release flink-connector-jdbc, release candidate #3
Hi David thanks for checking and sorry for the late reply yep, that's ok this just means that you haven't signed my key which is ok (usually it could happen during virtual key signing parties) For release checking it is ok to check that the key which was used to sign the artifacts is included into Flink release KEYS file [1] [1] https://dist.apache.org/repos/dist/release/flink/KEYS On Thu, Feb 8, 2024 at 3:50 PM David Radley wrote: > Thanks Sergey, > > It looks better now. > > gpg --verify flink-connector-jdbc-3.1.2-1.18.jar.asc > > gpg: assuming signed data in 'flink-connector-jdbc-3.1.2-1.18.jar' > > gpg: Signature made Thu 1 Feb 10:54:45 2024 GMT > > gpg:using RSA key F7529FAE24811A5C0DF3CA741596BBF0726835D8 > > gpg: Good signature from "Sergey Nuyanzin (CODE SIGNING KEY) > snuyan...@apache.org<mailto:snuyan...@apache.org>" [unknown] > > gpg: aka "Sergey Nuyanzin (CODE SIGNING KEY) > snuyan...@gmail.com<mailto:snuyan...@gmail.com>" [unknown] > > gpg: aka "Sergey Nuyanzin snuyan...@gmail.com snuyan...@gmail.com>" [unknown] > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to the > owner. > > I assume the warning is ok, > Kind regards, David. > > From: Sergey Nuyanzin > Date: Thursday, 8 February 2024 at 14:39 > To: dev@flink.apache.org > Subject: [EXTERNAL] Re: FW: RE: [VOTE] Release flink-connector-jdbc, > release candidate #3 > Hi David > > it looks like in your case you don't specify the jar itself and probably it > is not in current dir > so it should be something like that (assuming that both asc and jar file > are downloaded and are in current folder) > gpg --verify flink-connector-jdbc-3.1.2-1.16.jar.asc > flink-connector-jdbc-3.1.2-1.16.jar > > Here it is a more complete guide how to do it for Apache projects [1] > > [1] https://www.apache.org/info/verification.html#CheckingSignatures > > On Thu, Feb 8, 2024 at 12:38 PM David Radley > wrote: > > > Hi, > > I was looking more at the asc files. I imported the keys and tried. > > > > > > gpg --verify flink-connector-jdbc-3.1.2-1.16.jar.asc > > > > gpg: no signed data > > > > gpg: can't hash datafile: No data > > > > This seems to be the same for all the asc file. It does not look right; > am > > I doing doing incorrect? > >Kind regards, David. > > > > > > From: David Radley > > Date: Thursday, 8 February 2024 at 10:46 > > To: dev@flink.apache.org > > Subject: [EXTERNAL] RE: [VOTE] Release flink-connector-jdbc, release > > candidate #3 > > +1 (non-binding) > > > > I assume that thttps://github.com/apache/flink-web/pull/707 and be > > completed after the release is out. > > > > From: Martijn Visser > > Date: Friday, 2 February 2024 at 08:38 > > To: dev@flink.apache.org > > Subject: [EXTERNAL] Re: [VOTE] Release flink-connector-jdbc, release > > candidate #3 > > +1 (binding) > > > > - Validated hashes > > - Verified signature > > - Verified that no binaries exist in the source archive > > - Build the source with Maven > > - Verified licenses > > - Verified web PRs > > > > On Fri, Feb 2, 2024 at 9:31 AM Yanquan Lv wrote: > > > > > +1 (non-binding) > > > > > > - Validated checksum hash > > > - Verified signature > > > - Build the source with Maven and jdk8/11/17 > > > - Check that the jar is built by jdk8 > > > - Verified that no binaries exist in the source archive > > > > > > Sergey Nuyanzin 于2024年2月1日周四 19:50写道: > > > > > > > Hi everyone, > > > > Please review and vote on the release candidate #3 for the version > > 3.1.2, > > > > as follows: > > > > [ ] +1, Approve the release > > > > [ ] -1, Do not approve the release (please provide specific comments) > > > > > > > > This version is compatible with Flink 1.16.x, 1.17.x and 1.18.x. > > > > > > > > The complete staging area is available for your review, which > includes: > > > > * JIRA release notes [1], > > > > * the official Apache source release to be deployed to > dist.apache.org > > > > [2], > > > > which are signed with the key with fingerprint 1596BBF0726835D8 [3], > > > > * all artifacts to be deployed to the Maven Central Repository [4], > > > > * source code tag v3.1.2-rc3 [5], > > > > * website pull req
Re: FW: RE: [VOTE] Release flink-connector-jdbc, release candidate #3
+1 (non-binding) - Validated checksum hash - Verified signature from another machine - Checked that tag is present in Github - Built the source On Tue, Feb 20, 2024 at 10:13 AM Sergey Nuyanzin wrote: > Hi David > thanks for checking and sorry for the late reply > > yep, that's ok this just means that you haven't signed my key which is ok > (usually it could happen during virtual key signing parties) > > For release checking it is ok to check that the key which was used to sign > the artifacts is included into Flink release KEYS file [1] > > [1] https://dist.apache.org/repos/dist/release/flink/KEYS > > On Thu, Feb 8, 2024 at 3:50 PM David Radley > wrote: > >> Thanks Sergey, >> >> It looks better now. >> >> gpg --verify flink-connector-jdbc-3.1.2-1.18.jar.asc >> >> gpg: assuming signed data in 'flink-connector-jdbc-3.1.2-1.18.jar' >> >> gpg: Signature made Thu 1 Feb 10:54:45 2024 GMT >> >> gpg:using RSA key F7529FAE24811A5C0DF3CA741596BBF0726835D8 >> >> gpg: Good signature from "Sergey Nuyanzin (CODE SIGNING KEY) >> snuyan...@apache.org<mailto:snuyan...@apache.org>" [unknown] >> >> gpg: aka "Sergey Nuyanzin (CODE SIGNING KEY) >> snuyan...@gmail.com<mailto:snuyan...@gmail.com>" [unknown] >> >> gpg: aka "Sergey Nuyanzin snuyan...@gmail.com> snuyan...@gmail.com>" [unknown] >> >> gpg: WARNING: This key is not certified with a trusted signature! >> >> gpg: There is no indication that the signature belongs to the >> owner. >> >> I assume the warning is ok, >> Kind regards, David. >> >> From: Sergey Nuyanzin >> Date: Thursday, 8 February 2024 at 14:39 >> To: dev@flink.apache.org >> Subject: [EXTERNAL] Re: FW: RE: [VOTE] Release flink-connector-jdbc, >> release candidate #3 >> Hi David >> >> it looks like in your case you don't specify the jar itself and probably >> it >> is not in current dir >> so it should be something like that (assuming that both asc and jar file >> are downloaded and are in current folder) >> gpg --verify flink-connector-jdbc-3.1.2-1.16.jar.asc >> flink-connector-jdbc-3.1.2-1.16.jar >> >> Here it is a more complete guide how to do it for Apache projects [1] >> >> [1] https://www.apache.org/info/verification.html#CheckingSignatures >> >> On Thu, Feb 8, 2024 at 12:38 PM David Radley >> wrote: >> >> > Hi, >> > I was looking more at the asc files. I imported the keys and tried. >> > >> > >> > gpg --verify flink-connector-jdbc-3.1.2-1.16.jar.asc >> > >> > gpg: no signed data >> > >> > gpg: can't hash datafile: No data >> > >> > This seems to be the same for all the asc file. It does not look right; >> am >> > I doing doing incorrect? >> >Kind regards, David. >> > >> > >> > From: David Radley >> > Date: Thursday, 8 February 2024 at 10:46 >> > To: dev@flink.apache.org >> > Subject: [EXTERNAL] RE: [VOTE] Release flink-connector-jdbc, release >> > candidate #3 >> > +1 (non-binding) >> > >> > I assume that thttps://github.com/apache/flink-web/pull/707 and be >> > completed after the release is out. >> > >> > From: Martijn Visser >> > Date: Friday, 2 February 2024 at 08:38 >> > To: dev@flink.apache.org >> > Subject: [EXTERNAL] Re: [VOTE] Release flink-connector-jdbc, release >> > candidate #3 >> > +1 (binding) >> > >> > - Validated hashes >> > - Verified signature >> > - Verified that no binaries exist in the source archive >> > - Build the source with Maven >> > - Verified licenses >> > - Verified web PRs >> > >> > On Fri, Feb 2, 2024 at 9:31 AM Yanquan Lv wrote: >> > >> > > +1 (non-binding) >> > > >> > > - Validated checksum hash >> > > - Verified signature >> > > - Build the source with Maven and jdk8/11/17 >> > > - Check that the jar is built by jdk8 >> > > - Verified that no binaries exist in the source archive >> > > >> > > Sergey Nuyanzin 于2024年2月1日周四 19:50写道: >> > > >> > > > Hi everyone, >> > > > Please review and vote on the release candidate #3 for the version >> > 3.1.2, >> > > > as follows: >> > > > [ ] +1, Approve the release >> > > > [ ] -1, Do not approv
RE: FW: RE: [VOTE] Release flink-connector-jdbc, release candidate #3
Thanks Sergey, It looks better now. gpg --verify flink-connector-jdbc-3.1.2-1.18.jar.asc gpg: assuming signed data in 'flink-connector-jdbc-3.1.2-1.18.jar' gpg: Signature made Thu 1 Feb 10:54:45 2024 GMT gpg:using RSA key F7529FAE24811A5C0DF3CA741596BBF0726835D8 gpg: Good signature from "Sergey Nuyanzin (CODE SIGNING KEY) snuyan...@apache.org<mailto:snuyan...@apache.org>" [unknown] gpg: aka "Sergey Nuyanzin (CODE SIGNING KEY) snuyan...@gmail.com<mailto:snuyan...@gmail.com>" [unknown] gpg: aka "Sergey Nuyanzin snuyan...@gmail.com<mailto:snuyan...@gmail.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. I assume the warning is ok, Kind regards, David. From: Sergey Nuyanzin Date: Thursday, 8 February 2024 at 14:39 To: dev@flink.apache.org Subject: [EXTERNAL] Re: FW: RE: [VOTE] Release flink-connector-jdbc, release candidate #3 Hi David it looks like in your case you don't specify the jar itself and probably it is not in current dir so it should be something like that (assuming that both asc and jar file are downloaded and are in current folder) gpg --verify flink-connector-jdbc-3.1.2-1.16.jar.asc flink-connector-jdbc-3.1.2-1.16.jar Here it is a more complete guide how to do it for Apache projects [1] [1] https://www.apache.org/info/verification.html#CheckingSignatures On Thu, Feb 8, 2024 at 12:38 PM David Radley wrote: > Hi, > I was looking more at the asc files. I imported the keys and tried. > > > gpg --verify flink-connector-jdbc-3.1.2-1.16.jar.asc > > gpg: no signed data > > gpg: can't hash datafile: No data > > This seems to be the same for all the asc file. It does not look right; am > I doing doing incorrect? >Kind regards, David. > > > From: David Radley > Date: Thursday, 8 February 2024 at 10:46 > To: dev@flink.apache.org > Subject: [EXTERNAL] RE: [VOTE] Release flink-connector-jdbc, release > candidate #3 > +1 (non-binding) > > I assume that thttps://github.com/apache/flink-web/pull/707 and be > completed after the release is out. > > From: Martijn Visser > Date: Friday, 2 February 2024 at 08:38 > To: dev@flink.apache.org > Subject: [EXTERNAL] Re: [VOTE] Release flink-connector-jdbc, release > candidate #3 > +1 (binding) > > - Validated hashes > - Verified signature > - Verified that no binaries exist in the source archive > - Build the source with Maven > - Verified licenses > - Verified web PRs > > On Fri, Feb 2, 2024 at 9:31 AM Yanquan Lv wrote: > > > +1 (non-binding) > > > > - Validated checksum hash > > - Verified signature > > - Build the source with Maven and jdk8/11/17 > > - Check that the jar is built by jdk8 > > - Verified that no binaries exist in the source archive > > > > Sergey Nuyanzin 于2024年2月1日周四 19:50写道: > > > > > Hi everyone, > > > Please review and vote on the release candidate #3 for the version > 3.1.2, > > > as follows: > > > [ ] +1, Approve the release > > > [ ] -1, Do not approve the release (please provide specific comments) > > > > > > This version is compatible with Flink 1.16.x, 1.17.x and 1.18.x. > > > > > > The complete staging area is available for your review, which includes: > > > * JIRA release notes [1], > > > * the official Apache source release to be deployed to dist.apache.org > > > [2], > > > which are signed with the key with fingerprint 1596BBF0726835D8 [3], > > > * all artifacts to be deployed to the Maven Central Repository [4], > > > * source code tag v3.1.2-rc3 [5], > > > * website pull request listing the new release [6]. > > > > > > The vote will be open for at least 72 hours. It is adopted by majority > > > approval, with at least 3 PMC affirmative votes. > > > > > > Thanks, > > > Release Manager > > > > > > [1] > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522=12354088 > > > [2] > > > > > > https://dist.apache.org/repos/dist/dev/flink/flink-connector-jdbc-3.1.2-rc3 > > > [3] https://dist.apache.org/repos/dist/release/flink/KEYS > > > [4] > > > > https://repository.apache.org/content/repositories/orgapacheflink-1706/ > > > [5] > > https://github.com/apache/flink-connector-jdbc/releases/tag/v3.1.2-rc3 > > > [6] https://github.com/apache/flink-web/pull/707 > > > > > > > Unless otherwise stated above: > > IBM United Kingdom Limited > Registered in England and Wales with number 741598 > Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6 3AU > > Unless otherwise stated above: > > IBM United Kingdom Limited > Registered in England and Wales with number 741598 > Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6 3AU > -- Best regards, Sergey Unless otherwise stated above: IBM United Kingdom Limited Registered in England and Wales with number 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6 3AU
Re: FW: RE: [VOTE] Release flink-connector-jdbc, release candidate #3
Hi David it looks like in your case you don't specify the jar itself and probably it is not in current dir so it should be something like that (assuming that both asc and jar file are downloaded and are in current folder) gpg --verify flink-connector-jdbc-3.1.2-1.16.jar.asc flink-connector-jdbc-3.1.2-1.16.jar Here it is a more complete guide how to do it for Apache projects [1] [1] https://www.apache.org/info/verification.html#CheckingSignatures On Thu, Feb 8, 2024 at 12:38 PM David Radley wrote: > Hi, > I was looking more at the asc files. I imported the keys and tried. > > > gpg --verify flink-connector-jdbc-3.1.2-1.16.jar.asc > > gpg: no signed data > > gpg: can't hash datafile: No data > > This seems to be the same for all the asc file. It does not look right; am > I doing doing incorrect? >Kind regards, David. > > > From: David Radley > Date: Thursday, 8 February 2024 at 10:46 > To: dev@flink.apache.org > Subject: [EXTERNAL] RE: [VOTE] Release flink-connector-jdbc, release > candidate #3 > +1 (non-binding) > > I assume that thttps://github.com/apache/flink-web/pull/707 and be > completed after the release is out. > > From: Martijn Visser > Date: Friday, 2 February 2024 at 08:38 > To: dev@flink.apache.org > Subject: [EXTERNAL] Re: [VOTE] Release flink-connector-jdbc, release > candidate #3 > +1 (binding) > > - Validated hashes > - Verified signature > - Verified that no binaries exist in the source archive > - Build the source with Maven > - Verified licenses > - Verified web PRs > > On Fri, Feb 2, 2024 at 9:31 AM Yanquan Lv wrote: > > > +1 (non-binding) > > > > - Validated checksum hash > > - Verified signature > > - Build the source with Maven and jdk8/11/17 > > - Check that the jar is built by jdk8 > > - Verified that no binaries exist in the source archive > > > > Sergey Nuyanzin 于2024年2月1日周四 19:50写道: > > > > > Hi everyone, > > > Please review and vote on the release candidate #3 for the version > 3.1.2, > > > as follows: > > > [ ] +1, Approve the release > > > [ ] -1, Do not approve the release (please provide specific comments) > > > > > > This version is compatible with Flink 1.16.x, 1.17.x and 1.18.x. > > > > > > The complete staging area is available for your review, which includes: > > > * JIRA release notes [1], > > > * the official Apache source release to be deployed to dist.apache.org > > > [2], > > > which are signed with the key with fingerprint 1596BBF0726835D8 [3], > > > * all artifacts to be deployed to the Maven Central Repository [4], > > > * source code tag v3.1.2-rc3 [5], > > > * website pull request listing the new release [6]. > > > > > > The vote will be open for at least 72 hours. It is adopted by majority > > > approval, with at least 3 PMC affirmative votes. > > > > > > Thanks, > > > Release Manager > > > > > > [1] > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522=12354088 > > > [2] > > > > > > https://dist.apache.org/repos/dist/dev/flink/flink-connector-jdbc-3.1.2-rc3 > > > [3] https://dist.apache.org/repos/dist/release/flink/KEYS > > > [4] > > > > https://repository.apache.org/content/repositories/orgapacheflink-1706/ > > > [5] > > https://github.com/apache/flink-connector-jdbc/releases/tag/v3.1.2-rc3 > > > [6] https://github.com/apache/flink-web/pull/707 > > > > > > > Unless otherwise stated above: > > IBM United Kingdom Limited > Registered in England and Wales with number 741598 > Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6 3AU > > Unless otherwise stated above: > > IBM United Kingdom Limited > Registered in England and Wales with number 741598 > Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6 3AU > -- Best regards, Sergey
