commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Sicker <boa...@gmail.com>
Subject Re: [VOTE] Release Commons Fileupload 1.3.3 based on RC5
Date Thu, 08 Jun 2017 15:02:33 GMT
Adding the appropriate key to the KEYS file after the fact should still
work. It would have the same cryptographic reliability as being added
beforehand as you can't exactly imitate a key.

On 8 June 2017 at 07:17, Rob Tompkins <chtompki@gmail.com> wrote:

>
>
> > On Jun 8, 2017, at 8:09 AM, sebb <sebbaz@gmail.com> wrote:
> >
> >> On 8 June 2017 at 01:20, Gary Gregory <garydgregory@gmail.com> wrote:
> >> The ASC does not seem to have a public key.:
> >>
> >> gpg --verify commons-fileupload-1.3.3-source-release.zip.asc
> >
> > That is not the recommended way to check a sig; you also need the target
> file
> >
> > $ gpg --verify downloaded_file.asc downloaded_file
>
> Indeed, but if you don't specify it looks in the current directory for the
> file.
>
> >
> >> gpg: assuming signed data in 'commons-fileupload-1.3.3-
> source-release.zip'
> >
> > Note that gpg is assuming where to find the data.
> >
> >> gpg: Signature made 12/04/16 05:15:02 Pacific Standard Time using DSA
> key
> >> ID 7188601C
> >> *gpg: Can't check signature: No public key*
> >
> > However if the .asc file was not detached, gpg would not check the
> target file.
> >
> > https://www.apache.org/info/verification.html#specify_both
> >
> >>
> >> Also, the file naming should be consistent,
> >> https://dist.apache.org/repos/dist/dev/commons/fileupload/source/ has
> both
> >> "source-release" and "src". Not sure how you can end up with the
> >> differences beyond just the file extension.
> >>
> >> Gary
> >>
> >>
> >>> On Tue, Jun 6, 2017 at 11:20 AM, Rob Tompkins <chtompki@apache.org>
> wrote:
> >>>
> >>> Hello all,
> >>>
> >>> This is a [VOTE] for releasing Apache Commons Fileupload 1.3.3 (from
> RC5).
> >>>
> >>> Tag name:
> >>>   commons-fileupload-1.3.3-RC5 (signature can be checked from git using
> >>> 'git tag -v')
> >>>
> >>> Tag URL:
> >>>   https://git-wip-us.apache.org/repos/asf?p=commons-
> >>> fileupload.git;a=commit;h=dd2238b1671644cfead0e87c24a8ac61b4039084
> >>>
> >>> Commit ID the tag points at:
> >>>   dd2238b1671644cfead0e87c24a8ac61b4039084
> >>>
> >>> Site:
> >>>   http://home.apache.org/~chtompki/commons-fileupload-1.3.3-RC5
> >>>
> >>> Distribution files (committed at revision 19901):
> >>>   https://dist.apache.org/repos/dist/dev/commons/fileupload/
> >>>
> >>> Distribution files hashes (SHA1):
> >>>   commons-fileupload-1.3.3-bin.tar.gz
> >>>   (SHA1: 2f4a9672168641ff726974a3b7cc68b97d1212fa)
> >>>   commons-fileupload-1.3.3-bin.zip
> >>>   (SHA1: b66e2c434ddbda90dfc9e92af4775d9777524bfa)
> >>>   commons-fileupload-1.3.3-src.tar.gz
> >>>   (SHA1: 71294a7d737a8ced04934c222ae6dfb16e4d8d73)
> >>>   commons-fileupload-1.3.3-src.zip
> >>>   (SHA1: 661172a2f62b460c4b754b7a0f04d412afabde52)
> >>>
> >>> These are the Maven artifacts and their hashes:
> >>>   commons-fileupload-1.3.3-javadoc.jar
> >>>   (SHA1: 92d2fc371379d64a822150ca3882157564dd3f99)
> >>>   commons-fileupload-1.3.3-sources.jar
> >>>   (SHA1: c8c7bcb851fb5af0b19e4ea845cf2fc03de6f673)
> >>>   commons-fileupload-1.3.3-test-sources.jar
> >>>   (SHA1: 5e0d8c621d38694e0f2960ab2899ee1d67f2b708)
> >>>   commons-fileupload-1.3.3-tests.jar
> >>>   (SHA1: 20510147958fc759582e6ede789ccf31d056b232)
> >>>   commons-fileupload-1.3.3.jar
> >>>   (SHA1: fd754c7518772453aea1d5ffc32cb5ce0ebc0e40)
> >>>   commons-fileupload-1.3.3.pom
> >>>   (SHA1: 97d781eafc190f4fee3abf11f9ec8076f5f7b58c)
> >>>
> >>> KEYS file to check signatures:
> >>>   http://www.apache.org/dist/commons/KEYS
> >>>
> >>> Maven artifacts:
> >>>   https://repository.apache.org/content/repositories/
> >>> orgapachecommons-1249
> >>>
> >>> Please select one of the following options[1]:
> >>>  [ ] +1 Release it.
> >>>  [ ] +0 Go ahead; I don't care.
> >>>  [ ] -0 There are a few minor glitches: ...
> >>>  [ ] -1 No, do not release it because ...
> >>>
> >>> This vote will be open at least 72 hours, i.e. until
> >>> 2017-06-09T19:00:00Z
> >>> (this is UTC time).
> >>> --------
> >>>
> >>> Cheers,
> >>> -Rob
> >>>
> >>> [1] http://apache.org/foundation/voting.html
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >>> For additional commands, e-mail: dev-help@commons.apache.org
> >>>
> >>>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>


-- 
Matt Sicker <boards@gmail.com>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message