felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Custine <chris.cust...@gmail.com>
Subject Re: [VOTE] Release Apache Felix EventAdmin 1.2.2
Date Thu, 18 Feb 2010 15:21:07 GMT
The release looks good but there are only checksums and no pgp sigs on the
artifacts.  As of last week Nexus is automatically verifying pgp sigs while
promoting from stage to Maven central and will fail if none are present or
validation fails.  There is an email from Brian Fox dated Feb 12 about this
on repository@apache.org (anyone who does releases should subscribe to it)
but I have inserted the content below.  This also means our sigs MUST be on
a public key server as mentioned below.

We converted http://repository.apache.org to authenticate against LDAP
today. For most users this should be a transparent migration. It was
previously authenticating against svn. This means if you have changed
your password recently, there is a possibility that the password you
used to login to Nexus and deploy artifacts has changed. You should
use the same password that you would use to access people.

Additionally, we are now validating that proper pgp signatures are
present on and available for all artifacts being deployed. The system
will pull your key from a public key server to validate it. This means
that if you haven't already, you should upload your public key to a
server like http://pgp.mit.edu (you can also use the gpg --send-keys
command) or you will get an error that your key can't be verified when
you attempt to close or promote a staged repository.

Chris Custine
FUSESource :: http://fusesource.com
My Blog :: http://blog.organicelement.com
Apache ServiceMix :: http://servicemix.apache.org
Apache Felix :: http://felix.apache.org
Apache Directory Server :: http://directory.apache.org

On Thu, Feb 18, 2010 at 1:08 AM, Carsten Ziegeler <cziegeler@apache.org>wrote:

> Hi,
> We solved 6 issues in this release:
> https://issues.apache.org/jira/browse/FELIX/fixforversion/12314393
> Staging repository:
> https://repository.apache.org/content/repositories/orgapachefelix-008/
> You can use this UNIX script to download the release and verify the
> signatures:
> http://svn.apache.org/repos/asf/felix/trunk/check_staged_release.sh
> Usage:
> sh check_staged_release.sh 008 /tmp/felix-staging
> Please vote to approve this release:
> [ ] +1 Approve the release
> [ ] -1 Veto the release (please provide specific comments)
> This vote will be open for 72 hours.
> Carsten
> --
> Carsten Ziegeler
> cziegeler@apache.org

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message