Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-25 Thread Tom Barber 
KEYS updated +1 on the release.  Thanks Chris!

On 24 Jul 2017 9:42 pm, "lewis john mcgibbney"  wrote:

> +1 Chris. Pulled the RC#2 today and have nothing to add over and above the
> checks which have been noted thus far.
> I am also in agreement that the KEYS file to be retrieved from
> https://people.apache.org/keys/group/oodt.asc
> A mammoth effort to pull this RC together so kudos Chris for injecting a
> bit of life back into the effort.
> Lewis
>
> On Wed, Jul 19, 2017 at 12:01 PM, Chris Mattmann 
> wrote:
>
> > Hi Folks,
> >
> > I have posted a 2nd release candidate for the Apache OODT 1.1 release.
> The
> > source code is at:
> >
> > https://dist.apache.org/repos/dist/dev/oodt/
> >
> > For more detailed information, see the included CHANGES.txt file for
> > details on
> > release contents and latest changes. The release was made using the OODT
> > release process, documented on the Wiki here:
> >
> > https://cwiki.apache.org/confluence/display/OODT/Release+Process
> >
> > The release was made from the OODT 1.1 tag at:
> >
> > https://github.com/apache/oodt/tree/1.1/
> >
> > A staged Maven repository is available at:
> >
> > https://repository.apache.org/content/repositories/orgapacheoodt-1013/
> >
> > Please vote on releasing these packages as Apache OODT 1.1. The vote is
> > open for at least the next 72 hours.
> >
> > Only votes from OODT PMC are binding, but folks are welcome to check the
> > release candidate and voice their approval or disapproval. The vote
> passes
> > if at least three binding +1 votes are cast.
> >
> > [ ] +1 Release the packages as Apache OODT 1.1
> >
> > [ ] -1 Do not release the packages because...
> >
> > Thanks!
> >
> > Chris Mattmann
> >
> > P.S. Here is my +1.
> >
> >
> >
> >
>
>
> --
> http://home.apache.org/~lewismc/
> @hectorMcSpector
> http://www.linkedin.com/in/lmcgibbney
>

Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-24 Thread lewis john mcgibbney 
+1 Chris. Pulled the RC#2 today and have nothing to add over and above the
checks which have been noted thus far.
I am also in agreement that the KEYS file to be retrieved from
https://people.apache.org/keys/group/oodt.asc
A mammoth effort to pull this RC together so kudos Chris for injecting a
bit of life back into the effort.
Lewis

On Wed, Jul 19, 2017 at 12:01 PM, Chris Mattmann 
wrote:

> Hi Folks,
>
> I have posted a 2nd release candidate for the Apache OODT 1.1 release. The
> source code is at:
>
> https://dist.apache.org/repos/dist/dev/oodt/
>
> For more detailed information, see the included CHANGES.txt file for
> details on
> release contents and latest changes. The release was made using the OODT
> release process, documented on the Wiki here:
>
> https://cwiki.apache.org/confluence/display/OODT/Release+Process
>
> The release was made from the OODT 1.1 tag at:
>
> https://github.com/apache/oodt/tree/1.1/
>
> A staged Maven repository is available at:
>
> https://repository.apache.org/content/repositories/orgapacheoodt-1013/
>
> Please vote on releasing these packages as Apache OODT 1.1. The vote is
> open for at least the next 72 hours.
>
> Only votes from OODT PMC are binding, but folks are welcome to check the
> release candidate and voice their approval or disapproval. The vote passes
> if at least three binding +1 votes are cast.
>
> [ ] +1 Release the packages as Apache OODT 1.1
>
> [ ] -1 Do not release the packages because...
>
> Thanks!
>
> Chris Mattmann
>
> P.S. Here is my +1.
>
>
>
>


-- 
http://home.apache.org/~lewismc/
@hectorMcSpector
http://www.linkedin.com/in/lmcgibbney

Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-24 Thread Tom Barber 
I tend to agree, we all love automation, my only issue being:

`The KEYS file is stored alongside the release archives to which it
applies, e.g. at the top level of the ASF mirror area for the project. This
is to ensure that it is available for download by users, and that it is
automatically archived with historic releases.`

In the doc its indexed under Keys Policy so from my vantage point that
doesn't sound like its up for discussion and more a requirement. So the one
you link to doesn't full fill that requirement. That said, its not like it
has to be inside the archive so just updating SVN would do.



On Mon, Jul 24, 2017 at 3:24 PM, Chris Mattmann  wrote:

> Hey Team,
>
> Why should we maintain a separate KEYS file from the one I referenced at:
>
> https://people.apache.org/keys/group/oodt.asc
>
> That one is maintained automatically by collecting our GPG fingerprints
> from
> id.apache.org?
>
> I can see for past releases, but how much do we think people are using
> anything
> prior to OODT e.g., 0.7 or 0.8 and I would assert that between my key and
> Tom’s
> key there haven’t been RM’s since then…
>
> So, thoughts? It’s one less not automatically generated thing we have to
> manage…?
>
> Cheers,
> Chris
>
>
>
> On 7/24/17, 5:10 AM, "Tom Barber"  wrote:
>
> Good catch Sean:
>
> bugg@tom-laptop2:~$ gpg  --verify apache-oodt-1.1-src.zip.asc
> gpg: assuming signed data in `apache-oodt-1.1-src.zip'
> gpg: Signature made Wed 19 Jul 2017 19:57:50 BST using RSA key ID
> 0C1E654B
> gpg: Good signature from "Chris Mattmann (CODE SIGNING KEY - Apr 2016)
> <
> mattm...@apache.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:  There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: F434 C970 B95A 6FCA 6FB9  0C45 4EAA F8B6 0C1E
> 654B
> bugg@tom-laptop2:~$
>
> The key works, but I think the KEYS file needs to be updated in the SVN
> repo per: https://www.apache.org/dev/release-signing.html#keys-policy
>
> For now I'm gonna say -1 unless updating KEYS isn't required.
>
> Tom
>
>
>
>
> On Mon, Jul 24, 2017 at 5:22 AM, Chris Mattmann 
> wrote:
>
> > I updated it in id.apache.org, which autogenerates [1], which
> should be
> > the
> > canonical source for our KEYS file. Give it a check in ~1 hour or so
> > should be
> > all good.
> >
> > Cheers,
> > Chris
> >
> >
> >
> > [1] https://people.apache.org/keys/group/oodt.asc
> >
> >
> >
> > On 7/23/17, 5:33 PM, "Sean Kelly"  wrote:
> >
> > That did the trick.
> >
> > I'll be +1 if you also update the KEYS file.
> >
> > Transcript:
> >
> > fatalii 298 % date -u
> > Mon Jul 24 00:32:49 UTC 2017
> > fatalii 299 % gpg --verify apache-oodt-1.1-src.zip.asc
> > gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID
> > 0C1E654B
> > gpg: Good signature from "Chris Mattmann (CODE SIGNING KEY - Apr
> 2016)
> > "
> > gpg: WARNING: This key is not certified with a trusted signature!
> > gpg:  There is no indication that the signature belongs
> to the
> > owner.
> > Primary key fingerprint: F434 C970 B95A 6FCA 6FB9  0C45 4EAA
> F8B6 0C1E
> > 654B
> >
> >
> > --k
> >
> >
> > Chris Mattmann wrote:
> > > Hey Sean I think I have a new key on my Mac – can you check? I
> just
> > submitted the new
> > > key to MIT keyserver, can you re-verify and see if that fixes
> it?
> > >
> > > Cheers,
> > > Chris
> > >
> > >
> > >
> > >
> > > On 7/23/17, 5:06 PM, "Sean Kelly"  wrote:
> > >
> > >  Hi folks:
> > >
> > >  I realize it's already 72 hours and we have the requisite
> 3 +1
> > votes,
> > >  but I'm definitely in the -1 camp if this release was
> signed
> > with the
> > >  wrong key.
> > >
> > >  I hope it's just user error on my end.
> > >
> > >  Take care
> > >  --k
> > >
> > >  >  *From:* Sean Kelly
> > >  >  *Date:* 2017-07-22 at 12.54 p
> > >  >  *To:* dev@oodt.apache.org
> > >  >  *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
> > >  >  Did anyone check the signature?
> > >  >
> > >  >  I'm getting an unknown RSA key 0C1E654B:
> > >  >
> > >  >  fatalii 278 % date -u
> > >  >  Sat Jul 22 17:53:42 UTC 2017
> > >  >  fatalii 279 % gpg --verify apache-oodt-1.1-src.zip.asc
> > >  >  gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using
> RSA
> > key ID 0C1E654B
> > >  >  gpg: Can't check signature: No public key
> > >  >
>

Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-24 Thread Chris Mattmann 
Hey Team,

Why should we maintain a separate KEYS file from the one I referenced at:

https://people.apache.org/keys/group/oodt.asc

That one is maintained automatically by collecting our GPG fingerprints from
id.apache.org? 

I can see for past releases, but how much do we think people are using anything
prior to OODT e.g., 0.7 or 0.8 and I would assert that between my key and Tom’s
key there haven’t been RM’s since then…

So, thoughts? It’s one less not automatically generated thing we have to 
manage…?

Cheers,
Chris



On 7/24/17, 5:10 AM, "Tom Barber"  wrote:

Good catch Sean:

bugg@tom-laptop2:~$ gpg  --verify apache-oodt-1.1-src.zip.asc
gpg: assuming signed data in `apache-oodt-1.1-src.zip'
gpg: Signature made Wed 19 Jul 2017 19:57:50 BST using RSA key ID 0C1E654B
gpg: Good signature from "Chris Mattmann (CODE SIGNING KEY - Apr 2016) <
mattm...@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the
owner.
Primary key fingerprint: F434 C970 B95A 6FCA 6FB9  0C45 4EAA F8B6 0C1E 654B
bugg@tom-laptop2:~$

The key works, but I think the KEYS file needs to be updated in the SVN
repo per: https://www.apache.org/dev/release-signing.html#keys-policy

For now I'm gonna say -1 unless updating KEYS isn't required.

Tom




On Mon, Jul 24, 2017 at 5:22 AM, Chris Mattmann  wrote:

> I updated it in id.apache.org, which autogenerates [1], which should be
> the
> canonical source for our KEYS file. Give it a check in ~1 hour or so
> should be
> all good.
>
> Cheers,
> Chris
>
>
>
> [1] https://people.apache.org/keys/group/oodt.asc
>
>
>
> On 7/23/17, 5:33 PM, "Sean Kelly"  wrote:
>
> That did the trick.
>
> I'll be +1 if you also update the KEYS file.
>
> Transcript:
>
> fatalii 298 % date -u
> Mon Jul 24 00:32:49 UTC 2017
> fatalii 299 % gpg --verify apache-oodt-1.1-src.zip.asc
> gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID
> 0C1E654B
> gpg: Good signature from "Chris Mattmann (CODE SIGNING KEY - Apr 2016)
> "
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:  There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: F434 C970 B95A 6FCA 6FB9  0C45 4EAA F8B6 0C1E
> 654B
>
>
> --k
>
>
> Chris Mattmann wrote:
> > Hey Sean I think I have a new key on my Mac – can you check? I just
> submitted the new
> > key to MIT keyserver, can you re-verify and see if that fixes it?
> >
> > Cheers,
> > Chris
> >
> >
> >
> >
> > On 7/23/17, 5:06 PM, "Sean Kelly"  wrote:
> >
> >  Hi folks:
> >
> >  I realize it's already 72 hours and we have the requisite 3 +1
> votes,
> >  but I'm definitely in the -1 camp if this release was signed
> with the
> >  wrong key.
> >
> >  I hope it's just user error on my end.
> >
> >  Take care
> >  --k
> >
> >  >  *From:* Sean Kelly
> >  >  *Date:* 2017-07-22 at 12.54 p
> >  >  *To:* dev@oodt.apache.org
> >  >  *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
> >  >  Did anyone check the signature?
> >  >
> >  >  I'm getting an unknown RSA key 0C1E654B:
> >  >
> >  >  fatalii 278 % date -u
> >  >  Sat Jul 22 17:53:42 UTC 2017
> >  >  fatalii 279 % gpg --verify apache-oodt-1.1-src.zip.asc
> >  >  gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA
> key ID 0C1E654B
> >  >  gpg: Can't check signature: No public key
> >  >
> >  >  --k
> >  >
> >  >  *From:* Chris Mattmann
> >  >  *Date:* 2017-07-19 at 2.01 p
> >  >  *To:* dev@oodt.apache.org
> >  >  *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
> >  >  Hi Folks,
> >  >
> >  >  I have posted a 2nd release candidate for the Apache OODT
> 1.1 release. The
> >  >  source code is at:
> >  >
> >  >  https://dist.apache.org/repos/dist/dev/oodt/
> >  >
> >  >  For more detailed information, see the included CHANGES.txt
> file for details on
> >  >  release contents and latest changes. The release was made
> using the OODT
> >  >  release process, documented on the Wiki here:
> >  >
> >  >  https://cwiki.apache.org/confluence/display/OODT/

Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-24 Thread Tom Barber 
Good catch Sean:

bugg@tom-laptop2:~$ gpg  --verify apache-oodt-1.1-src.zip.asc
gpg: assuming signed data in `apache-oodt-1.1-src.zip'
gpg: Signature made Wed 19 Jul 2017 19:57:50 BST using RSA key ID 0C1E654B
gpg: Good signature from "Chris Mattmann (CODE SIGNING KEY - Apr 2016) <
mattm...@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the
owner.
Primary key fingerprint: F434 C970 B95A 6FCA 6FB9  0C45 4EAA F8B6 0C1E 654B
bugg@tom-laptop2:~$

The key works, but I think the KEYS file needs to be updated in the SVN
repo per: https://www.apache.org/dev/release-signing.html#keys-policy

For now I'm gonna say -1 unless updating KEYS isn't required.

Tom




On Mon, Jul 24, 2017 at 5:22 AM, Chris Mattmann  wrote:

> I updated it in id.apache.org, which autogenerates [1], which should be
> the
> canonical source for our KEYS file. Give it a check in ~1 hour or so
> should be
> all good.
>
> Cheers,
> Chris
>
>
>
> [1] https://people.apache.org/keys/group/oodt.asc
>
>
>
> On 7/23/17, 5:33 PM, "Sean Kelly"  wrote:
>
> That did the trick.
>
> I'll be +1 if you also update the KEYS file.
>
> Transcript:
>
> fatalii 298 % date -u
> Mon Jul 24 00:32:49 UTC 2017
> fatalii 299 % gpg --verify apache-oodt-1.1-src.zip.asc
> gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID
> 0C1E654B
> gpg: Good signature from "Chris Mattmann (CODE SIGNING KEY - Apr 2016)
> "
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:  There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: F434 C970 B95A 6FCA 6FB9  0C45 4EAA F8B6 0C1E
> 654B
>
>
> --k
>
>
> Chris Mattmann wrote:
> > Hey Sean I think I have a new key on my Mac – can you check? I just
> submitted the new
> > key to MIT keyserver, can you re-verify and see if that fixes it?
> >
> > Cheers,
> > Chris
> >
> >
> >
> >
> > On 7/23/17, 5:06 PM, "Sean Kelly"  wrote:
> >
> >  Hi folks:
> >
> >  I realize it's already 72 hours and we have the requisite 3 +1
> votes,
> >  but I'm definitely in the -1 camp if this release was signed
> with the
> >  wrong key.
> >
> >  I hope it's just user error on my end.
> >
> >  Take care
> >  --k
> >
> >  >  *From:* Sean Kelly
> >  >  *Date:* 2017-07-22 at 12.54 p
> >  >  *To:* dev@oodt.apache.org
> >  >  *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
> >  >  Did anyone check the signature?
> >  >
> >  >  I'm getting an unknown RSA key 0C1E654B:
> >  >
> >  >  fatalii 278 % date -u
> >  >  Sat Jul 22 17:53:42 UTC 2017
> >  >  fatalii 279 % gpg --verify apache-oodt-1.1-src.zip.asc
> >  >  gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA
> key ID 0C1E654B
> >  >  gpg: Can't check signature: No public key
> >  >
> >  >  --k
> >  >
> >  >  *From:* Chris Mattmann
> >  >  *Date:* 2017-07-19 at 2.01 p
> >  >  *To:* dev@oodt.apache.org
> >  >  *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
> >  >  Hi Folks,
> >  >
> >  >  I have posted a 2nd release candidate for the Apache OODT
> 1.1 release. The
> >  >  source code is at:
> >  >
> >  >  https://dist.apache.org/repos/dist/dev/oodt/
> >  >
> >  >  For more detailed information, see the included CHANGES.txt
> file for details on
> >  >  release contents and latest changes. The release was made
> using the OODT
> >  >  release process, documented on the Wiki here:
> >  >
> >  >  https://cwiki.apache.org/confluence/display/OODT/
> Release+Process
> >  >
> >  >  The release was made from the OODT 1.1 tag at:
> >  >
> >  >  https://github.com/apache/oodt/tree/1.1/
> >  >
> >  >  A staged Maven repository is available at:
> >  >
> >  >  https://repository.apache.org/content/repositories/
> orgapacheoodt-1013/
> >  >
> >  >  Please vote on releasing these packages as Apache OODT 1.1.
> The vote is
> >  >  open for at least the next 72 hours.
> >  >
> >  >  Only votes from OODT PMC are binding, but folks are welcome
> to check the
> >  >  release candidate and voice their approval or disapproval.
> The vote passes
> >  >  if at least three binding +1 votes are cast.
> >  >
> >  >  [ ] +1 Release the packages as Apache OODT 1.1
> >  >
> >  >  [ ] -1 Do not release the packages because...
> >  >
> >  >  Thanks!
> >  >
> >  >  Chris Mattmann
> >  >
> >  >  P.S. Here is my +1.
> >  >
> >

Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-23 Thread Chris Mattmann 
I updated it in id.apache.org, which autogenerates [1], which should be the 
canonical source for our KEYS file. Give it a check in ~1 hour or so should be
all good.

Cheers,
Chris



[1] https://people.apache.org/keys/group/oodt.asc



On 7/23/17, 5:33 PM, "Sean Kelly"  wrote:

That did the trick.

I'll be +1 if you also update the KEYS file.

Transcript:

fatalii 298 % date -u
Mon Jul 24 00:32:49 UTC 2017
fatalii 299 % gpg --verify apache-oodt-1.1-src.zip.asc
gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID 0C1E654B
gpg: Good signature from "Chris Mattmann (CODE SIGNING KEY - Apr 2016) 
"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the 
owner.
Primary key fingerprint: F434 C970 B95A 6FCA 6FB9  0C45 4EAA F8B6 0C1E 654B


--k


Chris Mattmann wrote:
> Hey Sean I think I have a new key on my Mac – can you check? I just 
submitted the new
> key to MIT keyserver, can you re-verify and see if that fixes it?
>
> Cheers,
> Chris
>
>
>
>
> On 7/23/17, 5:06 PM, "Sean Kelly"  wrote:
>
>  Hi folks:
>
>  I realize it's already 72 hours and we have the requisite 3 +1 votes,
>  but I'm definitely in the -1 camp if this release was signed with the
>  wrong key.
>
>  I hope it's just user error on my end.
>
>  Take care
>  --k
>
>  >  *From:* Sean Kelly
>  >  *Date:* 2017-07-22 at 12.54 p
>  >  *To:* dev@oodt.apache.org
>  >  *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
>  >  Did anyone check the signature?
>  >
>  >  I'm getting an unknown RSA key 0C1E654B:
>  >
>  >  fatalii 278 % date -u
>  >  Sat Jul 22 17:53:42 UTC 2017
>  >  fatalii 279 % gpg --verify apache-oodt-1.1-src.zip.asc
>  >  gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID 
0C1E654B
>  >  gpg: Can't check signature: No public key
>  >
>  >  --k
>  >
>  >  *From:* Chris Mattmann
>  >  *Date:* 2017-07-19 at 2.01 p
>  >  *To:* dev@oodt.apache.org
>  >  *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
>  >  Hi Folks,
>  >
>  >  I have posted a 2nd release candidate for the Apache OODT 1.1 
release. The
>  >  source code is at:
>  >
>  >  https://dist.apache.org/repos/dist/dev/oodt/
>  >
>  >  For more detailed information, see the included CHANGES.txt file 
for details on
>  >  release contents and latest changes. The release was made using 
the OODT
>  >  release process, documented on the Wiki here:
>  >
>  >  https://cwiki.apache.org/confluence/display/OODT/Release+Process
>  >
>  >  The release was made from the OODT 1.1 tag at:
>  >
>  >  https://github.com/apache/oodt/tree/1.1/
>  >
>  >  A staged Maven repository is available at:
>  >
>  >  
https://repository.apache.org/content/repositories/orgapacheoodt-1013/
>  >
>  >  Please vote on releasing these packages as Apache OODT 1.1. The 
vote is
>  >  open for at least the next 72 hours.
>  >
>  >  Only votes from OODT PMC are binding, but folks are welcome to 
check the
>  >  release candidate and voice their approval or disapproval. The 
vote passes
>  >  if at least three binding +1 votes are cast.
>  >
>  >  [ ] +1 Release the packages as Apache OODT 1.1
>  >
>  >  [ ] -1 Do not release the packages because...
>  >
>  >  Thanks!
>  >
>  >  Chris Mattmann
>  >
>  >  P.S. Here is my +1.
>  >
>  >
>  >
>
>
>
>

Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-23 Thread Sean Kelly 

That did the trick.

I'll be +1 if you also update the KEYS file.

Transcript:

fatalii 298 % date -u
Mon Jul 24 00:32:49 UTC 2017
fatalii 299 % gpg --verify apache-oodt-1.1-src.zip.asc
gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID 0C1E654B
gpg: Good signature from "Chris Mattmann (CODE SIGNING KEY - Apr 2016) 
"

gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the 
owner.

Primary key fingerprint: F434 C970 B95A 6FCA 6FB9  0C45 4EAA F8B6 0C1E 654B


--k


Chris Mattmann wrote:

Hey Sean I think I have a new key on my Mac – can you check? I just submitted 
the new
key to MIT keyserver, can you re-verify and see if that fixes it?

Cheers,
Chris




On 7/23/17, 5:06 PM, "Sean Kelly"  wrote:

 Hi folks:

 I realize it's already 72 hours and we have the requisite 3 +1 votes,
 but I'm definitely in the -1 camp if this release was signed with the
 wrong key.

 I hope it's just user error on my end.

 Take care
 --k

 >  *From:* Sean Kelly
 >  *Date:* 2017-07-22 at 12.54 p
 >  *To:* dev@oodt.apache.org
 >  *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
 >  Did anyone check the signature?
 >
 >  I'm getting an unknown RSA key 0C1E654B:
 >
 >  fatalii 278 % date -u
 >  Sat Jul 22 17:53:42 UTC 2017
 >  fatalii 279 % gpg --verify apache-oodt-1.1-src.zip.asc
 >  gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID 
0C1E654B
 >  gpg: Can't check signature: No public key
 >
 >  --k
 >
 >  *From:* Chris Mattmann
 >  *Date:* 2017-07-19 at 2.01 p
 >  *To:* dev@oodt.apache.org
 >  *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
 >  Hi Folks,
 >
 >  I have posted a 2nd release candidate for the Apache OODT 1.1 release. 
The
 >  source code is at:
 >
 >  https://dist.apache.org/repos/dist/dev/oodt/
 >
 >  For more detailed information, see the included CHANGES.txt file for 
details on
 >  release contents and latest changes. The release was made using the OODT
 >  release process, documented on the Wiki here:
 >
 >  https://cwiki.apache.org/confluence/display/OODT/Release+Process
 >
 >  The release was made from the OODT 1.1 tag at:
 >
 >  https://github.com/apache/oodt/tree/1.1/
 >
 >  A staged Maven repository is available at:
 >
 >  https://repository.apache.org/content/repositories/orgapacheoodt-1013/
 >
 >  Please vote on releasing these packages as Apache OODT 1.1. The vote is
 >  open for at least the next 72 hours.
 >
 >  Only votes from OODT PMC are binding, but folks are welcome to check the
 >  release candidate and voice their approval or disapproval. The vote 
passes
 >  if at least three binding +1 votes are cast.
 >
 >  [ ] +1 Release the packages as Apache OODT 1.1
 >
 >  [ ] -1 Do not release the packages because...
 >
 >  Thanks!
 >
 >  Chris Mattmann
 >
 >  P.S. Here is my +1.
 >
 >
 >

Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-23 Thread Chris Mattmann 
Hey Sean I think I have a new key on my Mac – can you check? I just submitted 
the new
key to MIT keyserver, can you re-verify and see if that fixes it?

Cheers,
Chris




On 7/23/17, 5:06 PM, "Sean Kelly"  wrote:

Hi folks:

I realize it's already 72 hours and we have the requisite 3 +1 votes, 
but I'm definitely in the -1 camp if this release was signed with the 
wrong key.

I hope it's just user error on my end.

Take care
--k

> *From:* Sean Kelly 
> *Date:* 2017-07-22 at 12.54 p
> *To:* dev@oodt.apache.org
> *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
> Did anyone check the signature?
>
> I'm getting an unknown RSA key 0C1E654B:
>
> fatalii 278 % date -u
> Sat Jul 22 17:53:42 UTC 2017
> fatalii 279 % gpg --verify apache-oodt-1.1-src.zip.asc
> gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID 0C1E654B
> gpg: Can't check signature: No public key
>
> --k
>
> *From:* Chris Mattmann 
> *Date:* 2017-07-19 at 2.01 p
> *To:* dev@oodt.apache.org
> *Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
> Hi Folks,
>
> I have posted a 2nd release candidate for the Apache OODT 1.1 release. The
> source code is at:
>
> https://dist.apache.org/repos/dist/dev/oodt/
>
> For more detailed information, see the included CHANGES.txt file for 
details on
> release contents and latest changes. The release was made using the OODT
> release process, documented on the Wiki here:
>
> https://cwiki.apache.org/confluence/display/OODT/Release+Process
>
> The release was made from the OODT 1.1 tag at:
>
> https://github.com/apache/oodt/tree/1.1/
>
> A staged Maven repository is available at:
>
> https://repository.apache.org/content/repositories/orgapacheoodt-1013/
>
> Please vote on releasing these packages as Apache OODT 1.1. The vote is
> open for at least the next 72 hours.
>
> Only votes from OODT PMC are binding, but folks are welcome to check the
> release candidate and voice their approval or disapproval. The vote passes
> if at least three binding +1 votes are cast.
>
> [ ] +1 Release the packages as Apache OODT 1.1
>
> [ ] -1 Do not release the packages because...
>
> Thanks!
>
> Chris Mattmann
>
> P.S. Here is my +1.
>
>
>

Fwd: Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-23 Thread Sean Kelly 

Hi folks:

I realize it's already 72 hours and we have the requisite 3 +1 votes, 
but I'm definitely in the -1 camp if this release was signed with the 
wrong key.


I hope it's just user error on my end.

Take care
--k


*From:* Sean Kelly 
*Date:* 2017-07-22 at 12.54 p
*To:* dev@oodt.apache.org
*Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
Did anyone check the signature?

I'm getting an unknown RSA key 0C1E654B:

fatalii 278 % date -u
Sat Jul 22 17:53:42 UTC 2017
fatalii 279 % gpg --verify apache-oodt-1.1-src.zip.asc
gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID 0C1E654B
gpg: Can't check signature: No public key

--k

*From:* Chris Mattmann 
*Date:* 2017-07-19 at 2.01 p
*To:* dev@oodt.apache.org
*Subject:* [VOTE] Apache OODT 1.1 Release Candidate #2
Hi Folks,

I have posted a 2nd release candidate for the Apache OODT 1.1 release. The
source code is at:

https://dist.apache.org/repos/dist/dev/oodt/

For more detailed information, see the included CHANGES.txt file for details on
release contents and latest changes. The release was made using the OODT
release process, documented on the Wiki here:

https://cwiki.apache.org/confluence/display/OODT/Release+Process

The release was made from the OODT 1.1 tag at:

https://github.com/apache/oodt/tree/1.1/

A staged Maven repository is available at:

https://repository.apache.org/content/repositories/orgapacheoodt-1013/

Please vote on releasing these packages as Apache OODT 1.1. The vote is
open for at least the next 72 hours.

Only votes from OODT PMC are binding, but folks are welcome to check the
release candidate and voice their approval or disapproval. The vote passes
if at least three binding +1 votes are cast.

[ ] +1 Release the packages as Apache OODT 1.1

[ ] -1 Do not release the packages because...

Thanks!

Chris Mattmann

P.S. Here is my +1.

Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-22 Thread Sean Kelly 

Did anyone check the signature?

I'm getting an unknown RSA key 0C1E654B:

fatalii 278 % date -u
Sat Jul 22 17:53:42 UTC 2017
fatalii 279 % gpg --verify apache-oodt-1.1-src.zip.asc
gpg: Signature made Wed Jul 19 13:57:50 2017 CDT using RSA key ID 0C1E654B
gpg: Can't check signature: No public key

--k


Chris Mattmann 
2017-07-19 at 2.01 p
Hi Folks,

I have posted a 2nd release candidate for the Apache OODT 1.1 release. The
source code is at:

https://dist.apache.org/repos/dist/dev/oodt/

For more detailed information, see the included CHANGES.txt file for 
details on

release contents and latest changes. The release was made using the OODT
release process, documented on the Wiki here:

https://cwiki.apache.org/confluence/display/OODT/Release+Process

The release was made from the OODT 1.1 tag at:

https://github.com/apache/oodt/tree/1.1/

A staged Maven repository is available at:

https://repository.apache.org/content/repositories/orgapacheoodt-1013/

Please vote on releasing these packages as Apache OODT 1.1. The vote is
open for at least the next 72 hours.

Only votes from OODT PMC are binding, but folks are welcome to check the
release candidate and voice their approval or disapproval. The vote passes
if at least three binding +1 votes are cast.

[ ] +1 Release the packages as Apache OODT 1.1

[ ] -1 Do not release the packages because...

Thanks!

Chris Mattmann

P.S. Here is my +1.

Re: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-22 Thread Tom Barber 
Build looks good
Tests pass (except its usual hated of the BST timezone)

Artifacts look good, notice and license in place.

I shall say +1 on the assumption that I'm a tool.

Thanks for cobbling it together Chris.

Tom

On Thu, Jul 20, 2017 at 2:40 AM, Mallder, Valerie <
valerie.mall...@jhuapl.edu> wrote:

> +1
>
>
> Sent with BlackBerry Work
> (www.blackberry.com)
>
> From: Chris Mattmann mailto:mattm...@apache.org>>
> Date: Wednesday, Jul 19, 2017, 3:01 PM
> To: dev@oodt.apache.org mailto:dev@oodt.apache.org>>
> Subject: [VOTE] Apache OODT 1.1 Release Candidate #2
>
> Hi Folks,
>
> I have posted a 2nd release candidate for the Apache OODT 1.1 release. The
> source code is at:
>
> https://dist.apache.org/repos/dist/dev/oodt/
>
> For more detailed information, see the included CHANGES.txt file for
> details on
> release contents and latest changes. The release was made using the OODT
> release process, documented on the Wiki here:
>
> https://cwiki.apache.org/confluence/display/OODT/Release+Process
>
> The release was made from the OODT 1.1 tag at:
>
> https://github.com/apache/oodt/tree/1.1/
>
> A staged Maven repository is available at:
>
> https://repository.apache.org/content/repositories/orgapacheoodt-1013/
>
> Please vote on releasing these packages as Apache OODT 1.1. The vote is
> open for at least the next 72 hours.
>
> Only votes from OODT PMC are binding, but folks are welcome to check the
> release candidate and voice their approval or disapproval. The vote passes
> if at least three binding +1 votes are cast.
>
> [ ] +1 Release the packages as Apache OODT 1.1
>
> [ ] -1 Do not release the packages because...
>
> Thanks!
>
> Chris Mattmann
>
> P.S. Here is my +1.
>
>
>
>

RE: [VOTE] Apache OODT 1.1 Release Candidate #2

2017-07-19 Thread Mallder, Valerie 
+1


Sent with BlackBerry Work
(www.blackberry.com)

From: Chris Mattmann mailto:mattm...@apache.org>>
Date: Wednesday, Jul 19, 2017, 3:01 PM
To: dev@oodt.apache.org mailto:dev@oodt.apache.org>>
Subject: [VOTE] Apache OODT 1.1 Release Candidate #2

Hi Folks,

I have posted a 2nd release candidate for the Apache OODT 1.1 release. The
source code is at:

https://dist.apache.org/repos/dist/dev/oodt/

For more detailed information, see the included CHANGES.txt file for details on
release contents and latest changes. The release was made using the OODT
release process, documented on the Wiki here:

https://cwiki.apache.org/confluence/display/OODT/Release+Process

The release was made from the OODT 1.1 tag at:

https://github.com/apache/oodt/tree/1.1/

A staged Maven repository is available at:

https://repository.apache.org/content/repositories/orgapacheoodt-1013/

Please vote on releasing these packages as Apache OODT 1.1. The vote is
open for at least the next 72 hours.

Only votes from OODT PMC are binding, but folks are welcome to check the
release candidate and voice their approval or disapproval. The vote passes
if at least three binding +1 votes are cast.

[ ] +1 Release the packages as Apache OODT 1.1

[ ] -1 Do not release the packages because...

Thanks!

Chris Mattmann

P.S. Here is my +1.