RE: [Vote] Apache Serf 1.3.9 up for signing/testing
> -Original Message- > From: Bert Huijben [mailto:b...@qqmail.nl] > Sent: maandag 29 augustus 2016 12:00 > To: dev@serf.apache.org > Subject: [Vote] Apache Serf 1.3.9 up for signing/testing > > The 1.3.9 release artifacts are now available for testing/signing. > > Please get the tarballs from > https://dist.apache.org/repos/dist/dev/serf > and add your signatures there. I plan to try and release on September 1st > so please try and get your votes/signatures in place by August 31th. > > I'm calling a VOTE on releasing these as Apache Serf 1.3.9 GA. > > [ ] +1: Good to go > [ ] +0: meh > [ ] -1: Danger Will Robinson. And why. [x] +1: Good to go Just for the mail archive :-) Bert
Re: [Vote] Apache Serf 1.3.9 up for signing/testing
On Mon, Aug 29, 2016 at 5:59 AM, Bert Huijben wrote: > The 1.3.9 release artifacts are now available for testing/signing. > > Please get the tarballs from > https://dist.apache.org/repos/dist/dev/serf > and add your signatures there. I plan to try and release on September 1st > so please try and get your votes/signatures in place by August 31th. > > I'm calling a VOTE on releasing these as Apache Serf 1.3.9 GA. > > [ ] +1: Good to go > [ ] +0: meh > [ ] -1: Danger Will Robinson. And why. +1 - tested with Ubuntu 14.04/x86_64. Cheers. -- justin
RE: [Vote] Apache Serf 1.3.9 up for signing/testing
> -Original Message- > From: Bert Huijben [mailto:b...@qqmail.nl] > Sent: maandag 29 augustus 2016 12:00 > To: dev@serf.apache.org > Subject: [Vote] Apache Serf 1.3.9 up for signing/testing > > The 1.3.9 release artifacts are now available for testing/signing. > > Please get the tarballs from > https://dist.apache.org/repos/dist/dev/serf > and add your signatures there. I plan to try and release on September 1st > so please try and get your votes/signatures in place by August 31th. > > I'm calling a VOTE on releasing these as Apache Serf 1.3.9 GA. > > [ ] +1: Good to go > [ ] +0: meh > [ ] -1: Danger Will Robinson. And why. With 3 +1's, and no +0 nor -1 votes and a bit of additional input from others I'm going forward with preparing a release tomorrow. If you still want to add your signature, please commit them to https://dist.apache.org/repos/dist/release/serf Bert
Re: [Vote] Apache Serf 1.3.9 up for signing/testing
On Wed, Aug 31, 2016 at 8:02 AM, Bert Huijben wrote: > If you still want to add your signature, please commit them to > https://dist.apache.org/repos/dist/release/serf I don't know what the process for doing that is any more. Any pointers? -- justin
RE: [Vote] Apache Serf 1.3.9 up for signing/testing
> -Original Message- > From: justin.erenkra...@gmail.com [mailto:justin.erenkra...@gmail.com] On > Behalf Of Justin Erenkrantz > Sent: woensdag 31 augustus 2016 14:04 > To: Bert Huijben > Cc: dev@serf.apache.org > Subject: Re: [Vote] Apache Serf 1.3.9 up for signing/testing > > On Wed, Aug 31, 2016 at 8:02 AM, Bert Huijben wrote: > > If you still want to add your signature, please commit them to > > https://dist.apache.org/repos/dist/release/serf > > I don't know what the process for doing that is any more. Any > pointers? -- justin Hi Justin, This is the first time we did this for serf, so I just used the method we used for Subversion for several years. http://subversion.apache.org/docs/community-guide/releasing.html#tarball-signing The usual procedure is a checkout of https://dist.apache.org/repos/dist/dev/serf, which gets you the artifacts and .asc files I scripted the signing for myself by calling $ gpg -ba -o - "$file" >> "$file.asc" '-b' is for a detached signature '-a' is for an ascii signature '-o -' sends the output to stdout, which allows the forwarding with >> Committing the .asc files back stores them in the staging area... but I just copied them from there to the release area ^/release/serf. But PMC members can just add the keys to the .asc files there. We currently have 3 signatures, so we have everything we need for our first proper ASF release tomorrow, but of course it will be useful if more developers know how to provide the signatures. Bert
Re: [Vote] Apache Serf 1.3.9 up for signing/testing
On 31 August 2016 at 15:29, Bert Huijben wrote: >> -Original Message- >> From: justin.erenkra...@gmail.com [mailto:justin.erenkra...@gmail.com] On >> Behalf Of Justin Erenkrantz >> Sent: woensdag 31 augustus 2016 14:04 >> To: Bert Huijben >> Cc: dev@serf.apache.org >> Subject: Re: [Vote] Apache Serf 1.3.9 up for signing/testing >> >> On Wed, Aug 31, 2016 at 8:02 AM, Bert Huijben wrote: >> > If you still want to add your signature, please commit them to >> > https://dist.apache.org/repos/dist/release/serf >> >> I don't know what the process for doing that is any more. Any >> pointers? -- justin > > Hi Justin, > > This is the first time we did this for serf, so I just used the method we > used for Subversion for several years. > http://subversion.apache.org/docs/community-guide/releasing.html#tarball-signing > > The usual procedure is a checkout of > https://dist.apache.org/repos/dist/dev/serf, which gets you the artifacts and > .asc files > > I scripted the signing for myself by calling > $ gpg -ba -o - "$file" >> "$file.asc" > '-b' is for a detached signature > '-a' is for an ascii signature > '-o -' sends the output to stdout, which allows the forwarding with >> > > Committing the .asc files back stores them in the staging area... but I just > copied them from there to the release area ^/release/serf. But PMC members > can just add the keys to the .asc files there. > > > We currently have 3 signatures, so we have everything we need for > our first proper ASF release tomorrow, but of course it will be useful > if more developers know how to provide the signatures. > Hi Bert, I noticed that other ASF projects publish .asc files only with one signature. See httpd-2.2.31.tar.gz.asc for example [1]. Also GPG checks only first signature and I'm getting warning like below if .asc file has multiple signatures: [[ gpg: WARNING: multiple signatures detected. Only the first will be checked. ]] [1] https://www.apache.org/dist/httpd/httpd-2.2.31.tar.gz.asc -- Ivan Zhakov
