openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Albert Lee" <allee8...@gmail.com>
Subject Re: [VOTE] Approve OpenJPA 1.0.2 release
Date Mon, 18 Feb 2008 17:40:34 GMT
I tried again the following:

=======================================
C:\temp\openjpa.102>gpg --fingerprint
C:/Documents and Settings/Administrator/Application Data/gnupg\pubring.gpg
--------------------------------------------------------------------------
pub   1024D/8007117F 2007-11-05
      Key fingerprint = 013B BCF6 B476 946D 58A0  7E61 0A81 07A9 8007 117F
uid                  Albert Lee (CODE SIGNING KEY) <allee8285@apache.org>
sub   2048g/8D910F8A 2007-11-05

pub   1024D/11A1AE9C 2006-10-19
      Key fingerprint = 2A75 CD76 045B 2967 48C1  4A2C F794 0AF4 11A1 AE9C
uid                  Marc Prud'hommeaux (CODE SIGNING KEY) <
mprudhom@apache.org>
sub   2048g/4AA825C2 2006-10-19

pub   1024D/7E3BEB2D 2007-04-10
      Key fingerprint = A250 2854 3231 7355 FFEB  81F8 99D5 0E5E 7E3B EB2D
uid                  Michael Dick (code signing key) <mikedd@apache.org>
sub   2048g/4723001B 2007-04-10

pub   1024D/513CA0DC 2007-07-28
      Key fingerprint = 2611 868E F232 A24A 3B4B  C0BC DCBA 5243 513C A0DC
uid                  Patrick Linskey (CODE SIGNING KEY) <pcl@apache.org>
sub   2048g/F415B175 2007-07-28


C:\temp\openjpa.102>gpg --verify apache-openjpa-1.0.2-binary.zip.asc
gpg: Signature made 02/12/08 19:43:14 using DSA key ID 513CA0DC
gpg: Good signature from "Patrick Linskey (CODE SIGNING KEY) <pcl@apache.org
>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 2611 868E F232 A24A 3B4B  C0BC DCBA 5243 513C A0DC

C:\temp\openjpa.102>gpg --verify apache-openjpa-1.0.2-source.zip.asc
gpg: Signature made 02/12/08 19:43:14 using DSA key ID 513CA0DC
gpg: Good signature from "Patrick Linskey (CODE SIGNING KEY) <pcl@apache.org
>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 2611 868E F232 A24A 3B4B  C0BC DCBA 5243 513C A0DC

C:\temp\openjpa.102>gpg --verify apache-openjpa-1.0.2-*.zip.asc
gpg: Signature made 02/12/08 19:43:14 using DSA key ID 513CA0DC
gpg: BAD signature from "Patrick Linskey (CODE SIGNING KEY) <pcl@apache.org
>"

C:\temp\openjpa.102>
=======================================

It looks like the wild card --verify does not work and indicates the "Bad
signature" but succeeded when verify individual *.asc file.

Sorry for the false alarm.

+1.

Patrick, thanks for getting the release out.

Albert Lee.

On Feb 18, 2008 10:21 AM, Michael Dick <mikedd@apache.org> wrote:

> FWIW the signatures look good to me, running on Linux :
>
> mikedd@enoyls:~/Desktop$ gpg --verify apache-openjpa-1.0.2-source.zip.asc
> gpg: Signature made Tue 12 Feb 2008 07:43:14 PM CST using DSA key ID
> 513CA0DC
> gpg: Good signature from "Patrick Linskey (CODE SIGNING KEY) <
> pcl@apache.org
> >"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 2611 868E F232 A24A 3B4B  C0BC DCBA 5243 513C
> A0DC
>
> mikedd@enoyls:~/Desktop$ gpg --verify apache-openjpa-1.0.2-binary.zip.asc
> gpg: Signature made Tue 12 Feb 2008 07:43:14 PM CST using DSA key ID
> 513CA0DC
> gpg: Good signature from "Patrick Linskey (CODE SIGNING KEY) <
> pcl@apache.org
> >"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 2611 868E F232 A24A 3B4B  C0BC DCBA 5243 513C
> A0DC
>
> I was also able to run the examples (also on Linux). The release looks
> good
> to me.
>
> +1
>
> -Mike
> On Feb 15, 2008 9:28 PM, Albert Lee <allee8285@gmail.com> wrote:
>
> > From the reference download site, downloaded all zip and asc files. I am
> > running Win/XP.
> >
> > Install the source zip, maven built successful. All tests run
> successful.
> >
> > Check all artifacts, looks good.
> >
> > Following the instructions from http://openjpa.apache.org/downloads.html
> ,
> > downloaded the KEYS file and tried to verify the signatures.
> >
> > C:\temp>gpg --import KEYS
> > gpg: key 11A1AE9C: public key "Marc Prud'hommeaux (CODE SIGNING KEY) <
> > mprudhom@apache.org>" imported
> > gpg: key 7E3BEB2D: public key "Michael Dick (code signing key) <
> > mikedd@apache.org>" imported
> > gpg: key 513CA0DC: public key "Patrick Linskey (CODE SIGNING KEY) <
> > pcl@apache.org>" imported
> > gpg: key 8007117F: "Albert Lee (CODE SIGNING KEY) <allee8285@apache.org
> >"
> > not changed
> > gpg: Total number processed: 4
> > gpg:               imported: 3
> > gpg:              unchanged: 1
> >
> > C:\temp\openjpa.102>dir
> >  Volume in drive C has no label.
> >  Volume Serial Number is 6806-ABBD
> >
> >  Directory of C:\temp\openjpa.102
> >
> > 02/15/2008  09:24 PM    <DIR>          .
> > 02/15/2008  09:24 PM    <DIR>          ..
> > 02/15/2008  09:02 PM        16,273,253 apache-openjpa-1.0.2-binary.zip
> > 02/15/2008  09:16 PM               189
> apache-openjpa-1.0.2-binary.zip.asc
> > 02/15/2008  08:44 PM         5,057,185 apache-openjpa-1.0.2-source.zip
> > 02/15/2008  09:16 PM               189
> apache-openjpa-1.0.2-source.zip.asc
> >               4 File(s)     21,330,816 bytes
> >               2 Dir(s)   6,154,297,344 bytes free
> >
> > C:\temp\openjpa.102>gpg --verify apache-openjpa-*.zip.asc
> > gpg: Signature made 02/12/08 19:43:14 using DSA key ID 513CA0DC
> > gpg: BAD signature from "Patrick Linskey (CODE SIGNING KEY) <
> > pcl@apache.org
> > >"
> >
> > Looks like the signature does not match the KEYS.
> >
> > Albert Lee.
> >
> >
> > On Wed, Feb 13, 2008 at 11:11 AM, Patrick Linskey <plinskey@gmail.com>
> > wrote:
> >
> > > OpenJPA Developers-
> > >
> > > A candidate build for OpenJPA 1.0.2 is available at:
> > >
> > >   http://openjpa.apache.org/builds/1.0.2/downloads/
> > >
> > > Please review these artifacts and signatures, and vote whether we
> > > should release them as Apache OpenJPA version 1.0.2. Release notes
> > > for this release are included in the artifact, or can be browsed at:
> > >
> > >
> > >
> >
> http://svn.apache.org/repos/asf/openjpa/branches/1.0.2/openjpa-project/RELEASE-NOTES.html
> > >
> > > The Apache Release Audit Tool has been run on the release, and no
> > > missing licenses were found with the exceptions listed in the
> > > exclusion section of the "rat-maven-plugin" configuration in http://
> > > svn.apache.org/repos/asf/openjpa/branches/1.0.2/pom.xml .
> > >
> > > In accordance with http://www.apache.org/foundation/
> > > voting.html#ReleaseVotes<
> > http://www.apache.org/foundation/voting.html#ReleaseVotes>, three +1
> votes
> > will be sufficient to
> > > approve the release for publication. While it is not possible to veto
> > > a release, the vote will remain open for the standard 3 day period
> > > (ending at 9:00am Pacific on Monday 2/18) in order to allow people to
> > > thoroughly review the release and perform whatever additional testing
> > > they desire and raise any concerns or objections.
> > >
> > > A vote of "+1" means you approve of the release for publication, "-1"
> > > means you do not approve, and a "+0" or "-0" means you are neutral.
> > >
> > > Thanks in advance for your diligence in helping to ensure that the
> > > quality of the OpenJPA 1.0.2 release reflects the high quality of all
> > > of its contributors!
> > >
> > > -Patrick
> > >
> > > --
> > > Patrick Linskey
> > > 202 669 5907
> > >
> >
> >
> >
> > --
> > Albert Lee.
> >
>



-- 
Albert Lee.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message