openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wsmoak <wsm...@apache.org>
Subject Re: [VOTE] Approve OpenJPA 1.1.0 release
Date Wed, 28 May 2008 14:45:42 GMT


Craig L Russell wrote:
> 
> Sounds like your info is out of date by a couple of days.
> I signed Patrick's key a few days ago.
> 

(Signed keys are a good thing, though it doesn't look like that has
propagated yet.  Not sure how that happens.)

The main issue that Henk raised [1] is inconsistent signatures-- the .asc
file does not match the .jar file for those eight artifacts.  For example:

$ gpg --verify openjpa-jdbc-1.1.0.jar.asc openjpa-jdbc-1.1.0.jar
gpg: Signature made Tue May 20 02:22:19 2008 UTC using DSA key ID 513CA0DC
gpg: BAD signature from "Patrick Linskey (CODE SIGNING KEY)
<pcl@apache.org>"

It usually means the file changed after it was signed.  Given that the
release was re-done, is it possible something happened then?  (I do see the
other vote thread now that I look, thanks for the info... Google didn't send
me an alert. :/ )

[1] http://people.apache.org/~henkp/repo/

Thanks,
-- 
Wendy
-- 
View this message in context: http://www.nabble.com/-VOTE--Approve-OpenJPA-1.1.0-release-tp17246915p17514352.html
Sent from the OpenJPA Developers mailing list archive at Nabble.com.


Mime
View raw message