chukwa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Yang <>
Subject Re: one last snag
Date Tue, 20 Oct 2009 22:32:30 GMT
NOTICE checked.
LICENSE.txt checked.
README checked.
md5 checked.
Gpg not check.

[eyang@minotaur:~]$ gpg --list-key
Warning: using insecure memory!
pub   1024D/E382551F 2009-06-08
uid                  Eric Yang <>
sub   2048g/0AB8F236 2009-06-08

pub   1024D/4D2386D8 2009-07-01 [expires: 2011-07-01]
uid                  Ariel Rabkin (CODE SIGNING KEY)
sub   2048g/8C186169 2009-07-01 [expires: 2011-07-01]

[eyang@minotaur:~]$ gpg --verify chukwa-0.3.0.tar.gz.asc chukwa-0.3.0.tar.gz
Warning: using insecure memory!
gpg: Signature made Tue Oct 20 19:12:19 2009 UTC using DSA key ID 4D2386D8
gpg: Good signature from "Ariel Rabkin (CODE SIGNING KEY)
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
Primary key fingerprint: 4B53 4CB5 525E 3AAA B3A8  7EA7 641E 3B9C 4D23 86D8

The key seems to belong to, and you probably should
generate key on the apache server.  I am not sure about the policy, and it's
best to ask Owen.


On 10/20/09 12:29 PM, "Ariel Rabkin" <> wrote:

> OK.  Can someone give me a quick sanity check of
> ?  It's
> the same tarball as before, with three files added (as per
> CHUKWA-402). So it really should be fine.
> Mostly, I want to be reassured that the tarball unwraps correctly.
> Also, can you check that the MD5 and signature match?   The
> appropriate KEYS file is
> --Ari
> On Tue, Oct 20, 2009 at 9:39 AM, Eric Yang <> wrote:
>> Sounds good.
>> On 10/20/09 1:08 AM, "Ariel Rabkin" <> wrote:
>>> Hi all.
>>> One last snag with a release.  I just checked the Apache release
>>> rules, and we need a NOTICE file.  I've opened CHUKWA-402 for it.  I
>>> intend to just add it to the rc-2 build, do a last sanity check,
>>> re-generate signatures, then poke the PMC.  How's that sound?
>>> --Ari

View raw message