incubator-yoko-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars K├╝hne <lakue...@t-online.de>
Subject Re: [VOTE] Publish Yoko M1 release
Date Thu, 28 Sep 2006 04:59:39 GMT
Mosur Ravi, Balaji wrote:
> Please vote to publish the Milestone 1 release distributions. Please
> take some time to download the distributions, review them and test them
> in your environment before voting.
>
>   

Is anyone able to verify the signature? I'm a beginner with PGP, so the 
problem may very well be on my end. I followed the instructions on 
http://httpd.apache.org/dev/verification.html

    ~/downloads> gpg yoko-1.0-incubating-M1-SNAPSHOT-bin.tar.gz.asc
    gpg: Signature made Wed 20 Sep 2006 03:09:10 PM CEST using RSA key
    ID 03FE48F6
    gpg: Can't check signature: public key not found
    ~/downloads> gpg < $YOKO/trunk/KEYS
    pub   512R/BA5A3775 2006-08-10 bravi <bravi@apache.org>
    ~/downloads> gpg yoko-1.0-incubating-M1-SNAPSHOT-bin.tar.gz.asc
    gpg: Signature made Wed 20 Sep 2006 03:09:10 PM CEST using RSA key
    ID 03FE48F6
    gpg: Can't check signature: public key not found

The key used to sign the code is also not available via pgpkeys.mit.edu 
(see KEYS file in trunk).

    ~/downloads> gpg --keyserver pgpkeys.mit.edu --recv-key 03FE48F6
    gpgkeys: WARNING: this is an *experimental* HKP interface!
    gpgkeys: key 03FE48F6 not found on keyserver
    gpg: no valid OpenPGP data found.


Maybe the problem is that the ID used (03FE48F6) is different from the 
key id in the keys file (BA5A3775)?

Other than that I've only found some minor flaws:

    * the example code uses a yoko BootManager. There should be a
      comment in the code that this is only to minimize the required
      infrastructure for the example and typically clients find their
      servers in an implementation independent way like CosNaming.
    * the XMLSchema section of the NOTICE file contains capitalization
      errors, lowercase "apache software foundation")

I don't think any of those should prevent a release.

-1 until someone can verify the file signatures, +1 after that.

/Lars


Mime
View raw message