airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shameera Rathnayaka <shameerai...@gmail.com>
Subject Re: [DISCUSS] Apache Airavata release 0.16- RC1
Date Thu, 14 Jul 2016 18:31:48 GMT
Hi Suresh,

I had to create new gpg signature with 4096 length instead of my previous
signature which has 2048 length. I followed this
http://www.apache.org/dev/key-transition.html to perform the valid key
transition.  Thank you for signing my new key.

Thanks,
Shameera

On Thu, Jul 14, 2016 at 1:04 PM Suresh Marru <smarru@apache.org> wrote:

> After reading [1] and [2], the warning is ok since we can verify your
> finger print and more over see your old key with full signatures. I also
> signed your new key and pushed to the key server.
>
> I looked through the source release and we are good with License and
> Notice files. The binary release will need updates to L&N files, but since
> these are convenience binaries, I will not block the release and instead
> raised a JIRA [3] for all us to address before next release.
>
> The binary package runs fine. I will send my vote on the vote thread.
>
> Suresh
>
> [1] - http://www.apache.org/info/verification.html
> [2] - https://dev.mysql.com/doc/refman/5.5/en/checking-gpg-signature.html
> [3] - https://issues.apache.org/jira/browse/AIRAVATA-2002
>
> On Jul 14, 2016, at 12:44 PM, Suresh Marru <smarru@apache.org> wrote:
>
> Hi Shameera,
>
> Thanks for putting together this release, very meticulously done.
>
> I verified the signatures and it shows some warnings, will dig into it to
> see if this is ok or a blocker:
>
> gpg: assuming signed data in './airavata-0.16-source-release.zip'
> gpg: Signature made Wed Jul 13 15:12:36 2016 EDT using RSA key ID 3DBF6C86
> gpg: requesting key 3DBF6C86 from hkps server hkps.pool.sks-keyservers.net
> gpg: key 3DBF6C86: public key "Shameera Rathnayaka (Personal Email
> Address) <shameerainfo@gmail.com>" imported
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2018-08-19
> gpg: Total number processed: 1
> gpg:               imported: 1  (RSA: 1)
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <
> shameerainfo@gmail.com>" [unknown]
> gpg:                 aka "Shameera Rathnayaka (CODE SIGNING KEY) <
> shameera@apache.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A  F290 53C3 1FCF 3DBF 6C86
> gpg: assuming signed data in
> './apache-airavata-distribution-0.16-bin.tar.gz'
> gpg: Signature made Wed Jul 13 15:17:31 2016 EDT using RSA key ID 3DBF6C86
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <
> shameerainfo@gmail.com>" [unknown]
> gpg:                 aka "Shameera Rathnayaka (CODE SIGNING KEY) <
> shameera@apache.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A  F290 53C3 1FCF 3DBF 6C86
> gpg: assuming signed data in './apache-airavata-distribution-0.16-bin.zip'
> gpg: Signature made Wed Jul 13 15:17:31 2016 EDT using RSA key ID 3DBF6C86
> gpg: Good signature from "Shameera Rathnayaka (Personal Email Address) <
> shameerainfo@gmail.com>" [unknown]
> gpg:                 aka "Shameera Rathnayaka (CODE SIGNING KEY) <
> shameera@apache.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: F2E4 AFA0 FB18 FCF4 923A  F290 53C3 1FCF 3DBF 6C86
>
> Suresh
>
>
> On Jul 13, 2016, at 4:20 PM, Shameera Rathnayaka <shameera@apache.org>
> wrote:
>
> Discussion thread for vote on Apache Airavata 0.16 release candidate.
>
> If you have any questions or feedback or to post results of validating the release, please
reply to this thread. Once you verify the release, please post your vote to the VOTE thread.
>
> For reference, the Apache release guide  - http://www.apache.org/dev/release.html
>
> Some tips to validate the release before you vote:
>
> * Download the binary version and run the 5 minute or 10 minute tutorial as described
in README and website.
> * Download the source files from compressed files and release tag and build (which includes
tests).
> * Verify the distribution for the required LICENSE and NOTICE files
> * Verify if all the staged files are signed and the signature is verifiable.
> * Verify if the signing key in the project's KEYS file is hosted on a public server
>
> Thanks for your time in validating the release and voting,
> Shameera Rathnayaka
> (On Behalf of Airavata PMC)
>
>
>
> --
Shameera Rathnayaka

Mime
View raw message