Hi Felix, Thanks for the detailed feedback. From the next release, I will make sure to use 4096 bits key.
I have modified the wiki page for those 2 points. Regarding importing KEYS file, I have tried with my personal laptop and it works fine with it. Can other people comment on importing KEYS file while validating a release? Best, Seunghyun On Fri, Feb 15, 2019 at 10:44 PM Felix Cheung <felixcheun...@hotmail.com> wrote: > +1 > > All checked out - please see note on key and wiki. > Thanks for putting this together. > > Note - ideally, signing key should be 4096 bits > https://www.apache.org/dev/release-signing.html#note > checked license headers > compiled from source, ran tests, demo > checked name includes incubating > checked DISCLAIMER, LICENSE and NOTICE > checked signature and hashes > checked no unexpected binary files > > > For some reason I wasn't able to import from KEYS file correctly: > > $ cat KEYS > pub rsa2048 2019-02-01 [SC] [expires: 2021-01-31] > FD534854D542FD474278B85344BA03AD164D961B > uid [ultimate] Seunghyun Lee <sn...@apache.org> > sig 3 44BA03AD164D961B 2019-02-01 Seunghyun Lee <sn...@apache.org> > sub rsa2048 2019-02-01 [E] [expires: 2021-01-31] > sig 44BA03AD164D961B 2019-02-01 Seunghyun Lee <sn...@apache.org> > > -----BEGIN PGP PUBLIC KEY BLOCK----- > ... > -----END PGP PUBLIC KEY BLOCK----- > > $ gpg --import KEYS > gpg: key 6E106A1A5681D67E: public key "Seunghyun Lee <sn...@linkedin.com>" > imported > gpg: Total number processed: 1 > gpg: imported: 1 > > # Note - the wrong key is imported! > # Whereas this works > > $ gpg --recv-keys FD534854D542FD474278B85344BA03AD164D961B > gpg: key 44BA03AD164D961B: public key "Seunghyun Lee <sn...@apache.org>" > imported > gpg: Total number processed: 1 > gpg: imported: 1 > > > Note - > about the wiki > https://cwiki.apache.org/confluence/display/PINOT/Validating+a+release+candidate > > 1. Download the release candidate > - FYI this can also be done via http, > https://dist.apache.org/repos/dist/dev/incubator/pinot/apache-pinot-incubating-0.1.0-rc0/apache-pinot-incubating-0.1.0-src.tar.gz > > 2. demo > cd pinot-distribution/target/apache-pinot-incubating-x.x.x-bin > > seems like should be > cd > pinot-distribution/target/apache-pinot-incubating-0.1.0-bin/apache-pinot-incubating-0.1.0-bin > > > > ________________________________ > From: Seunghyun Lee <sn...@apache.org> > Sent: Thursday, February 14, 2019 10:46 PM > To: dev@pinot.apache.org > Subject: [VOTE] Apache Pinot (incubating) 0.1.0 RC0 > > Hi Pinot Community, > > This is a call for vote to the release Apache Pinot (incubating) version > 0.1.0. > > The release candidate: > > https://dist.apache.org/repos/dist/dev/incubator/pinot/apache-pinot-incubating-0.1.0-rc0 > > Git tag for this release: > https://github.com/apache/incubator-pinot/tree/release-0.1.0-rc0 > > Git hash for this release: > bbf29dc6e0f23383948f0db66565ebbdf383dd0d > > The artifacts have been signed with key: 44BA03AD164D961B, which can be > found in the following KEYS file. > https://dist.apache.org/repos/dist/release/incubator/pinot/KEYS > > Release notes: > https://github.com/apache/incubator-pinot/releases/tag/release-0.1.0-rc0 > > Staging repository: > https://repository.apache.org/content/repositories/orgapachepinot-1002 > > Documentation on verifying a release candidate: > > https://cwiki.apache.org/confluence/display/PINOT/Validating+a+release+candidate > > > The vote will be open for at least 72 hours or until necessary number of > votes are reached. > > Please vote accordingly, > > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove with the reason > > Thanks, > Apache Pinot (incubating) team >
