From dev-return-28656-archive-asf-public=cust-asf.ponee.io@geode.apache.org Tue May 1 23:24:06 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 94574180645 for ; Tue, 1 May 2018 23:24:05 +0200 (CEST) Received: (qmail 67799 invoked by uid 500); 1 May 2018 21:24:04 -0000 Mailing-List: contact dev-help@geode.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.apache.org Delivered-To: mailing list dev@geode.apache.org Received: (qmail 67776 invoked by uid 99); 1 May 2018 21:24:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 May 2018 21:24:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 793F01A0812 for ; Tue, 1 May 2018 21:24:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.799 X-Spam-Level: * X-Spam-Status: No, score=1.799 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, KAM_NUMSUBJECT=0.5, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id ewADicJcM_Mg for ; Tue, 1 May 2018 21:23:59 +0000 (UTC) Received: from mx0a-00296801.pphosted.com (mx0a-00296801.pphosted.com [148.163.150.38]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id AFB6C5F167 for ; Tue, 1 May 2018 21:23:58 +0000 (UTC) Received: from pps.filterd (m0114581.ppops.net [127.0.0.1]) by mx0a-00296801.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w41LGpCH010836 for ; Tue, 1 May 2018 21:23:56 GMT Received: from mail-lf0-f72.google.com (mail-lf0-f72.google.com [209.85.215.72]) by mx0a-00296801.pphosted.com with ESMTP id 2hmfjg2h6n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Tue, 01 May 2018 21:23:55 +0000 Received: by mail-lf0-f72.google.com with SMTP id q10-v6so4025044lfc.7 for ; Tue, 01 May 2018 14:23:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=LtGRk42Ds3P7DVtsYXqpLFttn7q7VJn/JqwA+Et6qCA=; b=H2bNSDM617iziZ+EzMbMsfNnh3ratQzj1Uerz7IsofNgrX+saAKsR3XHg6RN6hJX3w 6kz2ajXh1yW5oaE+xoYP3PK8AwfOcx5dQaCneDUromd7k2fQ9x/y1qWIpi9J5TaZ0oyN CPOJ7rmP0r794RG11fBfOtmzf+a2fPJLdi7UqcTKeWr4NCfkDCJ/v5B1MC2Bdsu/kjMQ 4LqM8vDJERDL1ZN11aQHNaLjNwdzDDuueEKsZiCunPrNxVsSySe2JlJLsEj93m/lG5rs hARH4WVyYXVq4CxSdEOhRRtjATbNvK3LTQC12/Ik21Gf9j3+5FAuot1FWO2P1gaghyPZ UduQ== X-Gm-Message-State: ALQs6tB+E6+k9JmxEa4L6e3IXtEmwIHADir396O6vPMeVnF/s32CLCsX 4NGJNeU/hWgtTa6o4u5LXjOCoJvDxXrZA7kpk1AWj1R7AXIL16KarzKuVxYxtMLR6MtTO8Kxu75 fVAW1Z3TvAVv8srlRipISFDIWfWgGZJgeviSwicHHkNLV/zZehZ7z3yk= X-Received: by 2002:a2e:9616:: with SMTP id v22-v6mr11293343ljh.130.1525209833170; Tue, 01 May 2018 14:23:53 -0700 (PDT) X-Google-Smtp-Source: AB8JxZq2t58xpAuQs0LvsbptEEDA5oJcZt0gE4cGi2owYuWnarobXb0JjR2c8E9vUoBssB16zlZLOaEyj2544q3OKg0= X-Received: by 2002:a2e:9616:: with SMTP id v22-v6mr11293339ljh.130.1525209832960; Tue, 01 May 2018 14:23:52 -0700 (PDT) MIME-Version: 1.0 References: <4da1592b-29d7-05e7-0893-b3b6adcfdf87@pivotal.io> <3f8f6edd-4d87-06aa-89ef-f0b80174c63f@pivotal.io> <11833ED3-5B0C-4DE0-9337-0AC53CF7F1A1@pivotal.io> In-Reply-To: From: Swapnil Bawaskar Date: Tue, 01 May 2018 21:23:42 +0000 Message-ID: Subject: Re: [VOTE] Apache Geode 1.6.0 RC1 To: dev@geode.apache.org Content-Type: multipart/alternative; boundary="0000000000004d5219056b2b9677" X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-01_12:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805010204 --0000000000004d5219056b2b9677 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable +1 On Tue, May 1, 2018 at 2:19 PM Dan Smith wrote: > +1 > > Ran geode-release-check, looks good to me. > > -Dan > > On Tue, May 1, 2018 at 11:55 AM, Anthony Baker wrote: > > > Ok, thanks Galen. AFAICT, the KEYS file being referred to is this one: > > https://dist.apache.org/repos/dist/release/geode/KEYS < > > https://dist.apache.org/repos/dist/release/geode/KEYS>. Other Apache > > projects like Flink, Beam, Impala, or Kafka don=E2=80=99t version contr= ol their > > KEYS file. > > > > @PMC - we need more reviews and votes to complete this release in a > timely > > manner. Please check it out. > > > > Anthony > > > > > > > On May 1, 2018, at 11:42 AM, Galen O'Sullivan > > wrote: > > > > > > Thanks for the clarification, Anthony. The release signing page you > > linked does say this: > > > > > > > Since the KEYS may be needed to check signatures for archived > > releases, it is important that all keys that have ever been used to sig= n > > releases are retained in the file. Entries should only be added (as > > described above), not removed. > > > > > > > Your public key should be exported and the result appended to the > > appropriate KEYS file(s). > > > > > > I think we should get Mike's key added to both the develop and releas= e > > branches. I would prefer if it was present in the release tag (it could > be > > confusing for someone checking release history). > > > > > > But I guess it shouldn't be too much of a problem if the key isn't in > > KEYS on the release. It won't affect the binary. > > > > > > I'll change to a +0. > > > > > > Galen > > > > > > On 5/1/18 10:15 AM, Anthony Baker wrote: > > >> Galen, > > >> > > >> Given the above information what are your thoughts? > > >> > > >> Anthony > > >> > > >> > > >>> On Apr 30, 2018, at 3:01 PM, Anthony Baker > wrote: > > >>> > > >>> Please review the ASF policy on signing releases [1]. I think thes= e > > points are pertinent: > > >>> > > >>> - The release manager signs the release. That provides the > > verification that the release binaries were in fact created by the > release > > manager and have not been modified. Multiple signatures are not requir= ed > > or even possible sometimes. > > >>> > > >>> - The KEYS file in git[2] is a convenience for keeping [3] up to > > date. In fact, the KEYS file is a secondary check for a fingerprint at > > id.apache.org (see [4] for how ASF checks signatures on releases). > > >>> > > >>> To me I don=E2=80=99t see a strict necessity to include the KEYS fi= le commit > > in the release tag. It=E2=80=99s on the release branch and it will be = merged to > > /develop. > > >>> > > >>> $.02, > > >>> Anthony > > >>> > > >>> [1] http://apache.org/dev/release-signing.html > > >>> [2] https://github.com/apache/geode/blob/develop/KEYS > > >>> [3] https://dist.apache.org/repos/dist/release/geode/KEYS > > >>> [4] https://mirror-vm.apache.org/~henkp/checker/faq.html > > >>> > > >>>> On Apr 30, 2018, at 10:31 AM, Galen O'Sullivan < > gosullivan@pivotal.io> > > wrote: > > >>>> > > >>>> -1 > > >>>> > > >>>> I don't see Mike's key in the KEYS file on either rel/v1.6.0.RC1 ( > > 5ce726bd7b4f8d2648fd011a807a1bcc624ddfa5) or on develop. > > >>>> > > >>>> It seems odd to me to add a new key and use it to sign the release > > without using an already-existing key to sign the release as well. If > > someone's trying to verify a source tag, there isn't a chain of > signatures > > with the last signer of the release signing a commit with the addition = of > > the next new key. > > >>>> > > >>>> Galen > > > > > > > > --0000000000004d5219056b2b9677--