Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
On 13/01/2020 12:25, John McCane-Whitney wrote: Hi, This is a call to vote on the release of the Apache Milagro (incubating) Crypto C Library v2.0.1 The Apache Milagro (incubating) community has voted to approve this release with 5 x +1 votes. The vote result thread can be found here: https://lists.apache.org/thread.html/r37dd9eca0a5b8dc4035713826a84b2ba807cfd67c2d07fafe8a64f34%40%3Cdev.milagro.apache.org%3E Apache Milagro (incubating) Crypto-C V2.0.1 Release Tag: https://github.com/apache/incubator-milagro-crypto-c/releases/tag/2.0.1 OVERVIEW: Apache Milagro Crypto C 2.0.1-incubating is the second Apache Software foundation release of this library. There are two main additions to the library and they both impact the API hence the jump from v1.0.0 to v2.0.1: Shamir's Secret Sharing (SSS) has been added to the library. There is also functionality combining the existing BLS solution with SSS to enable signature aggregation without revealing the secret key share. This change is required by the Milagro DTA (https://github.com/apache/incubator-milagro-dta) and will allow subsequent releases of the DTA to be built from an official Apache release of the crypto-c library. The Paillier additively homomorphic cryptosystem has also been added to the library which will be required by subsequent releases of the DTA to enable Multi-Party Computation of cryptocurrency wallet addresses and subsequently to create transaction signatures for these wallets. The library now also supports Python 3 and formulas in the documentation are now rendered using MathJax. Please see the README (https://github.com/apache/incubator-milagro-crypto-c) for build/test instructions, a list of contributors and guidelines on how to contribute yourself. The README also includes instructions on how to build the documentation, and the online version of the documentation (http://milagro.apache.org/docs/amcl-c-api/) will be updated once the release is complete (as will the download page on the same site). RELEASE: The repo has the required DISCLAIMER, NOTICE and LICENSE file in its root directory. All source files have the appropriate license header. No binaries are included in this release. I have successfully built and ran the tests as per the instructions in the README on Ubuntu, Fedora, MacOS and Windows The compressed archives from this release along with a SHA512 checksum, PGP signature and PGP key file are being staged here: Source code archive: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-2.0.1-incubating/apache-milagro-crypto-c-2.0.1-incubating-src.tar.gz SHA512 checksum: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-2.0.1-incubating/apache-milagro-crypto-c-2.0.1-incubating-src.tar.gz.sha512 PGP Signature: https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-2.0.1-incubating/apache-milagro-crypto-c-2.0.1-incubating-src.tar.gz.asc Keys: https://dist.apache.org/repos/dist/dev/incubator/milagro/KEYS We now kindly request that the Incubator PMC members review and vote on this incubator release as follows: [X] +1 approve All tests passed on fedora31. Make sure to get the key you use to sign the release signed by someone in ASF next time ;-) (not blocker for the release). [ ] +0 no opinion [ ] -1 disapprove (please provide reason) Checklist for reference: [ ] Download links are valid [ ] Checksums and PGP signatures are valid [ ] DISCLAIMER, LICENCE & NOTICE files are included [ ] Source code archives have correct names matching the current release. [ ] All source code files have licence headers [ ] No compiled binaries are included [ ] Libraries build correctly and all tests pass (as per the instructions in the readme file) The vote will be open for a minimum of 72 hours. 3 x +1 votes are required to approve this release. Many thanks, John John McCane-Whitney Director of Product at Qredo Ltd T: +44 7966 490687 Kemp House 152 - 160 City Road London EC1V 2NX https://qredo.com Qredo Ltd is a limited company registered in England and Wales (registered number 7834052). This e-mail and any attachments are confidential, and are intended only for the named addressee(s). If you are not the intended recipient you may not copy, disclose to anyone else or otherwise use the content of this e-mail or any attachment thereto and should notify the sender immediately and delete them from your system. -- Cheers Jean-Frederic - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
> On 17 Jan 2020, at 14:41, John McCane-Whitney wrote: > > Hi Justin/Nick, > > Thanks for clarification around the chain of trust - of course we're happy to > follow further guidance if required. OK, it would be good for Milagro folks to get yourselves into the Strong Set. And for the ASF to update release policies to say so! > > Also, just to clarify re: the signature file - it's currently being staged in > the relevant subdirectory here: > > https://dist.apache.org/repos/dist/dev Yes, I see it there. I had gone to the download page at github, where it was missing. No complaints about the Apache pages. I've got some minor comments that belong not here but on the dev list - bug me if I haven't posted something within a week or two: reminders, including the one you recently sent me, always welcome. But based on this discussion, you now have my binding +1 -- Nick Kew - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
Hi, > Also, just to clarify re: the signature file - it's currently being staged in > the relevant subdirectory here: > > https://dist.apache.org/repos/dist/dev > > When/if this vote passes, we'll move it to: > > https://dist.apache.org/repos/dist/release > > From where it automatically gets copied to: > > https://www.apache.org/dist/ > > We'll then update our downloads page > (http://milagro.apache.org/docs/downloads/) to include links for the new > release including the signature. That sounds like the correct process to me. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
RE: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
Hi Justin/Nick, Thanks for clarification around the chain of trust - of course we're happy to follow further guidance if required. Also, just to clarify re: the signature file - it's currently being staged in the relevant subdirectory here: https://dist.apache.org/repos/dist/dev When/if this vote passes, we'll move it to: https://dist.apache.org/repos/dist/release >From where it automatically gets copied to: https://www.apache.org/dist/ We'll then update our downloads page (http://milagro.apache.org/docs/downloads/) to include links for the new release including the signature. We believe this is the Apache Way, but also happy to amend if required. Regards, John > -Original Message- > From: Justin Mclean > Sent: 16 January 2020 20:28 > To: general@incubator.apache.org > Subject: Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1 > > Hi, > > > Couple of apparent problems with the PGP signature: > > > > (1) Shouldn't it be visible from the download page? > > It is [1] (apache-milagro-crypto-c-2.0.1-incubating-src.tar.gz.asc) > > > (2) I wasn't able to establish a chain of trust. > > That a nice to have not a requirement for a release. And different reviewers > may or may not be in the chain of trust. > > Thanks, > Justin > > 1. https://dist.apache.org/repos/dist/dev/incubator/milagro/apache- > milagro-crypto-c-2.0.1-incubating/ > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
Hi, > Couple of apparent problems with the PGP signature: > > (1) Shouldn't it be visible from the download page? It is [1] (apache-milagro-crypto-c-2.0.1-incubating-src.tar.gz.asc) > (2) I wasn't able to establish a chain of trust. That a nice to have not a requirement for a release. And different reviewers may or may not be in the chain of trust. Thanks, Justin 1. https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-2.0.1-incubating/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
On Mon, 13 Jan 2020 11:25:35 + John McCane-Whitney wrote: > Hi, Apologies for the round tuit coming so late here. > > This is a call to vote on the release of the Apache Milagro > (incubating) Crypto C Library v2.0.1 > > https://lists.apache.org/thread.html/r37dd9eca0a5b8dc4035713826a84b2ba807cfd67c2d07fafe8a64f34%40%3Cdev.milagro.apache.org%3E > > Apache Milagro (incubating) Crypto-C V2.0.1 Release Tag: > https://github.com/apache/incubator-milagro-crypto-c/releases/tag/2.0.1 Couple of apparent problems with the PGP signature: (1) Shouldn't it be visible from the download page? (2) I wasn't able to establish a chain of trust. Henk's tool https://pgp.cs.uu.nl/ thinks it's not in the Strong Set at all. -- Nick Kew - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
Hi, > Most of the author tags are leftover from the initial software grant from > CertiVox and have no IP consequences. All good changing my vote to +1 (binding). For future releases I’d leave the ones that where in there before the donation and just remove the ones added since. > Please can you provide details of your environment I’m on macOS Majave, I have both python 2.7 and python 3 installed. It was the only test that failed. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
RE: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
Hi Justin, Many thanks for testing our release out and for your feedback. Comments inline below. Would the fixes proposed below for a subsequent release be sufficient for you to change your vote or should we implement them now and revote? Regards. John > -Original Message- > From: Justin Mclean > Sent: 15 January 2020 02:04 > To: general@incubator.apache.org > Subject: Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1 > > Hi, > > Currently I’m -1 on this release due to the author tags, which may imply it > contains 3rd party code, whose licenses not listed in LICENSE. There's > probably an explanation for why they are there and if given I’ll change my > vote. Most of the author tags are leftover from the initial software grant from CertiVox and have no IP consequences. However, we'll remove ALL author tags in the next release. > > I checked: > - incubating in name > - signatures and disclaimer exist > - LICENSE is incorrect as it contains "Copyright 2019 The Apache Software > Foundation” in the appendix. We'll fix in the next release. > - NOTICE has incorrect year Also to be fixed in the next release. > - A couple of files are missing ASF headers [1][2][3][4] (assuming they are > files > created at the ASF) Also to be fixed in the next release. > - can compile from source > > The code contains a large number of author tags, author tags are usually > frowned on at the ASF. Some are from current committers and others are > not. What this in the original code when donated or have they been added > later? Is any of this code 3rd party code with an incorrect ASF header? > > I also had one test fail test_python_mpin_install_BLS381 Please can you provide details of your environment - particularly the OS/version and also what version of Python you're running? We thought this might be due to Python 2.7 (the README incorrectly states that 2.7 is supported - also to be resolved in the next release), however I can't replicate the issue using Python 2.7 on Ubuntu 18, so it may be some other issue. > > Thanks, > Justin > > 1. incubator-milagro-crypto-c- > 2.0.1/cmake/determine_word_size/check_16.c > 2. incubator-milagro-crypto-c- > 2.0.1/cmake/determine_word_size/check_32.c > 3. incubator-milagro-crypto-c- > 2.0.1/cmake/determine_word_size/check_64.c\ > 4. incubator-milagro-crypto-c-2.0.1/scripts/buildMulti.sh > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] Release Apache Milagro (incubating) Crypto-C V2.0.1
Hi, Currently I’m -1 on this release due to the author tags, which may imply it contains 3rd party code, whose licenses not listed in LICENSE. There's probably an explanation for why they are there and if given I’ll change my vote. I checked: - incubating in name - signatures and disclaimer exist - LICENSE is incorrect as it contains "Copyright 2019 The Apache Software Foundation” in the appendix. - NOTICE has incorrect year - A couple of files are missing ASF headers [1][2][3][4] (assuming they are files created at the ASF) - can compile from source The code contains a large number of author tags, author tags are usually frowned on at the ASF. Some are from current committers and others are not. What this in the original code when donated or have they been added later? Is any of this code 3rd party code with an incorrect ASF header? I also had one test fail test_python_mpin_install_BLS381 Thanks, Justin 1. incubator-milagro-crypto-c-2.0.1/cmake/determine_word_size/check_16.c 2. incubator-milagro-crypto-c-2.0.1/cmake/determine_word_size/check_32.c 3. incubator-milagro-crypto-c-2.0.1/cmake/determine_word_size/check_64.c\ 4. incubator-milagro-crypto-c-2.0.1/scripts/buildMulti.sh - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
