airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Marru <sma...@apache.org>
Subject Re: [DISCUSS] Apache Airavata release 0.16- RC1
Date Thu, 14 Jul 2016 17:04:08 GMT
After reading [1] and [2], the warning is ok since we can verify your finger print and more
over see your old key with full signatures. I also signed your new key and pushed to the key
server. 

I looked through the source release and we are good with License and Notice files. The binary
release will need updates to L&N files, but since these are convenience binaries, I will
not block the release and instead raised a JIRA [3] for all us to address before next release.


The binary package runs fine. I will send my vote on the vote thread. 

Suresh

[1] - http://www.apache.org/info/verification.html <http://www.apache.org/info/verification.html>
[2] - https://dev.mysql.com/doc/refman/5.5/en/checking-gpg-signature.html <https://dev.mysql.com/doc/refman/5.5/en/checking-gpg-signature.html>

[3] - https://issues.apache.org/jira/browse/AIRAVATA-2002 <https://issues.apache.org/jira/browse/AIRAVATA-2002>

> On Jul 14, 2016, at 12:44 PM, Suresh Marru <smarru@apache.org> wrote:
> 
> Hi Shameera,
> 
> Thanks for putting together this release, very meticulously done. 
> 
> I verified the signatures and it shows some warnings, will dig into it to see if this
is ok or a blocker:
> 
> gpg: assuming signed data in './airavata-0.16-source-release.zip'
> gpg: Signature made Wed Jul 13 15:12:36 2016 EDT using RSA key ID 3DBF6C86
> gpg: requesting key 3DBF6C86 from hkps server hkps.pool.sks-keyservers.net <http://hkps.pool.sks-keyservers.net/>
> gpg: key 3DBF6C86: public key "Shameera Rathnayaka (Personal Email Address) <shameerainfo@gmail.com
<mailto:shameerainfo@gmail.com>>" imported
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2018-08-19
> gpg: Total number processed: 1
> gpg:               imported: 1  (RSA: 1)
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <shameerainfo@gmail.com
<mailto:shameerainfo@gmail.com>>" [unknown]
> gpg:                 aka "Shameera Rathnayaka (CODE SIGNING KEY) <shameera@apache.org
<mailto:shameera@apache.org>>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A  F290 53C3 1FCF 3DBF 6C86
> gpg: assuming signed data in './apache-airavata-distribution-0.16-bin.tar.gz'
> gpg: Signature made Wed Jul 13 15:17:31 2016 EDT using RSA key ID 3DBF6C86
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <shameerainfo@gmail.com
<mailto:shameerainfo@gmail.com>>" [unknown]
> gpg:                 aka "Shameera Rathnayaka (CODE SIGNING KEY) <shameera@apache.org
<mailto:shameera@apache.org>>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A  F290 53C3 1FCF 3DBF 6C86
> gpg: assuming signed data in './apache-airavata-distribution-0.16-bin.zip'
> gpg: Signature made Wed Jul 13 15:17:31 2016 EDT using RSA key ID 3DBF6C86
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <shameerainfo@gmail.com
<mailto:shameerainfo@gmail.com>>" [unknown]
> gpg:                 aka "Shameera Rathnayaka (CODE SIGNING KEY) <shameera@apache.org
<mailto:shameera@apache.org>>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A  F290 53C3 1FCF 3DBF 6C86
> 
> Suresh
> 
> 
>> On Jul 13, 2016, at 4:20 PM, Shameera Rathnayaka <shameera@apache.org <mailto:shameera@apache.org>>
wrote:
>> 
>> Discussion thread for vote on Apache Airavata 0.16 release candidate.
>> 
>> If you have any questions or feedback or to post results of validating the release,
please reply to this thread. Once you verify the release, please post your vote to the VOTE
thread.  
>> 
>> For reference, the Apache release guide  - http://www.apache.org/dev/release.html
<http://www.apache.org/dev/release.html>
>> 
>> Some tips to validate the release before you vote:
>> 
>> * Download the binary version and run the 5 minute or 10 minute tutorial as described
in README and website.
>> * Download the source files from compressed files and release tag and build (which
includes tests). 
>> * Verify the distribution for the required LICENSE and NOTICE files
>> * Verify if all the staged files are signed and the signature is verifiable. 
>> * Verify if the signing key in the project's KEYS file is hosted on a public server
>> 
>> Thanks for your time in validating the release and voting,
>> Shameera Rathnayaka
>> (On Behalf of Airavata PMC)
> 


Mime
View raw message