nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Bende <bbe...@gmail.com>
Subject Re: [VOTE] Release Apache NiFi 0.7.0 (RC2)
Date Tue, 12 Jul 2016 00:59:18 GMT
+1 (binding)

- Verified signatures and hashes
- Full build passed with contrib-check
- Basic testing of secure and unsecure standalone instance

On Mon, Jul 11, 2016 at 8:35 PM, Tony Kurc <trkurc@gmail.com> wrote:

> +1 (binding)
>
> Built and ran some simple test flows on Ubuntu Linux (14.04, x86_64) and
> Windows 10 (64 bit)
>
> On Mon, Jul 11, 2016 at 4:13 PM, Joe Percivall <
> joepercivall@yahoo.com.invalid> wrote:
>
> > Dist is updated, the current signature is SHA512. I verified both are
> > stored on dist as they should be:
> >
> >
> > Joseph-Percivall:verify jpercivall$ gpg -v --verify
> > nifi-0.7.0-source-release.zip.asc
> > gpg: armor header: Version: GnuPG v1
> > gpg: assuming signed data in `nifi-0.7.0-source-release.zip'
> > gpg: Signature made Mon Jul 11 14:45:25 2016 EDT using RSA key ID
> 22886FEE
> > gpg: using PGP trust model
> > gpg: Good signature from "Joseph Percivall (CODE SIGNING KEY) <
> > jpercivall@apache.org>"
> > gpg: binary signature, digest algorithm SHA512
> >
> >
> > Joseph-Percivall:verify jpercivall$ gpg -v --verify
> > nifi-0.7.0-source-release.zip-SHA1.asc nifi-0.7.0-source-release.zip
> > gpg: armor header: Version: GnuPG v1
> > gpg: Signature made Sat Jul  9 13:34:06 2016 EDT using RSA key ID
> 22886FEE
> > gpg: using PGP trust model
> > gpg: Good signature from "Joseph Percivall (CODE SIGNING KEY) <
> > jpercivall@apache.org>"
> > gpg: binary signature, digest algorithm SHA1
> >
> >
> > Sorry for the mix-up,
> > Joe
> >  - - - - - -
> > Joseph Percivall
> > linkedin.com/in/Percivall
> > e: joepercivall@yahoo.com
> >
> >
> >
> >
> > On Monday, July 11, 2016 4:00 PM, Joe Percivall
> > <joepercivall@yahoo.com.INVALID> wrote:
> > Sounds good, in dist I am going to move the SHA1 signature to
> > "nifi-0.7.0-source-release.zip-SHA1.asc" and replace
> > "nifi-0.7.0-source-release.zip.asc" with a SHA512 signature. I am keeping
> > the SHA1 for traceability but when adding the download to the website we
> > will use the SHA512.
> >
> >
> > Joe
> > - - - - - -
> > Joseph Percivall
> > linkedin.com/in/Percivall
> > e: joepercivall@yahoo.com
> >
> >
> >
> >
> >
> > On Monday, July 11, 2016 2:41 PM, Joe Witt <joe.witt@gmail.com> wrote:
> > Totally doable for the artifacts you put up in dist Joe.  Basically
> > just replacing the asc file.  I'd recommend not worrying about it for
> > the staged maven artifacts.
> >
> >
> > On Mon, Jul 11, 2016 at 2:34 PM, Tony Kurc <trkurc@gmail.com> wrote:
> > > Would it be appropriate to regenerate the signatures? I think Joe Witt
> > may
> > > have done something similar recently without cancelling the RC.
> > >
> > >
> > > On Mon, Jul 11, 2016 at 2:05 PM, Joe Percivall <
> > > joepercivall@yahoo.com.invalid> wrote:
> > >
> > >> @Tony - I apologize, I did not. I must have accidentally overlooked
> that
> > >> section of the Release Signing page. I just added the proper
> > configuration
> > >> to my gpg.conf file.
> > >>
> > >> Thank you for pointing it out,
> > >> Joe
> > >> - - - - - -
> > >> Joseph Percivall
> > >> linkedin.com/in/Percivall
> > >> e: joepercivall@yahoo.com
> > >>
> > >>
> > >>
> > >>
> > >> On Monday, July 11, 2016 1:37 PM, Tony Kurc <trkurc@gmail.com> wrote:
> > >> @JoePercivall - did you go through the steps to avoid SHA1 for signing
> > [1]?
> > >>
> > >> When verifying (with verbose) the nifi-0.7.0-source-release.zip.asc, I
> > got
> > >> this in the output:
> > >>
> > >> gpg: binary signature, digest algorithm SHA1
> > >>
> > >> 1. http://www.apache.org/dev/openpgp.html#sha1
> > >>
> > >>
> > >> On Mon, Jul 11, 2016 at 12:50 PM, James Wing <jvwing@gmail.com>
> wrote:
> > >>
> > >> > +1 (non-binding)
> > >> >
> > >> > I ran through the release helper and lightly tested the generated
> > binary.
> > >> >
> > >> >
> > >> > On Sat, Jul 9, 2016 at 11:47 AM, Joe Percivall <
> > >> > joepercivall@yahoo.com.invalid> wrote:
> > >> >
> > >> > > Hello Apache NiFi Community,
> > >> > >
> > >> > > I am pleased to be calling this vote for the source release of
> > Apache
> > >> > NiFi,
> > >> > > nifi-0.7.0.
> > >> > >
> > >> > > The source zip, including signatures, digests, etc. can be found
> at:
> > >> > >
> > https://repository.apache.org/content/repositories/orgapachenifi-1088/
> > >> > > The Git tag is nifi-0.7.0-RC2
> > >> > > The Git commit hash is f5629062c5e2a6c55fb62255aee74c4f25d93e7b
> > >> > > *
> > >> > >
> > >> >
> > >>
> >
> https://git-wip-us.apache.org/repos/asf?p=nifi.git;a=commit;h=f5629062c5e2a6c55fb62255aee74c4f25d93e7b
> > >> > > *
> > >> > >
> > >> >
> > >>
> >
> https://github.com/apache/nifi/commit/f5629062c5e2a6c55fb62255aee74c4f25d93e7b
> > >> > >
> > >> > > Checksums of nifi-0.7.0-source-release.zip:
> > >> > > MD5: 3a6af39c481fb0ad3eab5a4ea1a954fd
> > >> > > SHA1: 33e16b0a73242ddda91f89591c82aa5d6e9c8d21
> > >> > > SHA256:
> > >> 56ab3132c1fef31dcf50b716b8e08272075f92e476849360280822e0cdc3e993
> > >> > >
> > >> > > Release artifacts are signed with the following key:
> > >> > > https://people.apache.org/keys/committer/jpercivall
> > >> > > KEYS file available here:
> > >> > > https://dist.apache.org/repos/dist/release/nifi/KEYS
> > >> > >
> > >> > > 138 issues were closed/resolved for this release:
> > >> > >
> > >> > >
> > >> >
> > >>
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12335078
> > >> > > Release note highlights can be found here:
> > >> > >
> > >> > >
> > >> >
> > >>
> >
> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.7.0
> > >> > >
> > >> > > The vote will be open for 72 hours.
> > >> > > Please download the release candidate and evaluate the necessary
> > items
> > >> > > including checking hashes, signatures, build from source, and
> test.
> > >> Then
> > >> > > please vote:
> > >> > >
> > >> > > [ ] +1 Release this package as nifi-0.7.0
> > >> > > [ ] +0 no opinion
> > >> > > [ ] -1 Do not release this package because...
> > >> > >
> > >> > > Thanks!
> > >> > >
> > >> >
> > >>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message