felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Custine <chris.cust...@gmail.com>
Subject Re: [VOTE] Release Apache Felix EventAdmin 1.2.2
Date Thu, 18 Feb 2010 15:51:43 GMT
+1 (non-binding)

Disregard my last email, I didn't have your new strong signing key imported
and I haven't had any coffee this morning  :-D  Everything looks good now.

Chris

--
Chris Custine
FUSESource :: http://fusesource.com
My Blog :: http://blog.organicelement.com
Apache ServiceMix :: http://servicemix.apache.org
Apache Felix :: http://felix.apache.org
Apache Directory Server :: http://directory.apache.org


On Thu, Feb 18, 2010 at 8:21 AM, Chris Custine <chris.custine@gmail.com>wrote:

> The release looks good but there are only checksums and no pgp sigs on the
> artifacts.  As of last week Nexus is automatically verifying pgp sigs while
> promoting from stage to Maven central and will fail if none are present or
> validation fails.  There is an email from Brian Fox dated Feb 12 about this
> on repository@apache.org (anyone who does releases should subscribe to it)
> but I have inserted the content below.  This also means our sigs MUST be on
> a public key server as mentioned below.
>
> ===============
> We converted http://repository.apache.org to authenticate against LDAP
> today. For most users this should be a transparent migration. It was
> previously authenticating against svn. This means if you have changed
> your password recently, there is a possibility that the password you
> used to login to Nexus and deploy artifacts has changed. You should
> use the same password that you would use to access people.
>
> Additionally, we are now validating that proper pgp signatures are
> present on and available for all artifacts being deployed. The system
> will pull your key from a public key server to validate it. This means
> that if you haven't already, you should upload your public key to a
> server like http://pgp.mit.edu (you can also use the gpg --send-keys
> command) or you will get an error that your key can't be verified when
> you attempt to close or promote a staged repository.
>
> Thanks,
> Brian
> ================
> --
> Chris Custine
> FUSESource :: http://fusesource.com
> My Blog :: http://blog.organicelement.com
> Apache ServiceMix :: http://servicemix.apache.org
> Apache Felix :: http://felix.apache.org
> Apache Directory Server :: http://directory.apache.org
>
>
>
> On Thu, Feb 18, 2010 at 1:08 AM, Carsten Ziegeler <cziegeler@apache.org>wrote:
>
>> Hi,
>>
>> We solved 6 issues in this release:
>> https://issues.apache.org/jira/browse/FELIX/fixforversion/12314393
>>
>> Staging repository:
>> https://repository.apache.org/content/repositories/orgapachefelix-008/
>>
>> You can use this UNIX script to download the release and verify the
>> signatures:
>> http://svn.apache.org/repos/asf/felix/trunk/check_staged_release.sh
>>
>> Usage:
>> sh check_staged_release.sh 008 /tmp/felix-staging
>>
>> Please vote to approve this release:
>>
>> [ ] +1 Approve the release
>> [ ] -1 Veto the release (please provide specific comments)
>>
>> This vote will be open for 72 hours.
>>
>> Carsten
>> --
>> Carsten Ziegeler
>> cziegeler@apache.org
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message