Return-Path: Delivered-To: apmail-openjpa-dev-archive@www.apache.org Received: (qmail 98081 invoked from network); 28 May 2008 16:38:06 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 May 2008 16:38:06 -0000 Received: (qmail 73174 invoked by uid 500); 28 May 2008 16:38:07 -0000 Delivered-To: apmail-openjpa-dev-archive@openjpa.apache.org Received: (qmail 73160 invoked by uid 500); 28 May 2008 16:38:07 -0000 Mailing-List: contact dev-help@openjpa.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@openjpa.apache.org Delivered-To: mailing list dev@openjpa.apache.org Received: (qmail 73149 invoked by uid 99); 28 May 2008 16:38:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 May 2008 09:38:07 -0700 X-ASF-Spam-Status: No, hits=-0.8 required=10.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [192.18.43.133] (HELO sca-es-mail-2.sun.com) (192.18.43.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 May 2008 16:37:18 +0000 Received: from fe-sfbay-10.sun.com ([192.18.43.129]) by sca-es-mail-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id m4SGbWo4007375 for ; Wed, 28 May 2008 09:37:33 -0700 (PDT) Received: from conversion-daemon.fe-sfbay-10.sun.com by fe-sfbay-10.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id <0K1L00B017DNI700@fe-sfbay-10.sun.com> (original mail from Craig.Russell@Sun.COM) for dev@openjpa.apache.org; Wed, 28 May 2008 09:37:32 -0700 (PDT) Received: from [10.0.241.238] ([192.18.41.196]) by fe-sfbay-10.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <0K1L00KFQ7ICVK60@fe-sfbay-10.sun.com> for dev@openjpa.apache.org; Wed, 28 May 2008 09:37:24 -0700 (PDT) Date: Wed, 28 May 2008 09:37:23 -0700 From: Craig L Russell Subject: Re: [VOTE] Approve OpenJPA 1.1.0 release In-reply-to: <17514352.post@talk.nabble.com> Sender: Craig.Russell@Sun.COM To: dev@openjpa.apache.org Message-id: MIME-version: 1.0 X-Mailer: Apple Mail (2.919.2) Content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=Apple-Mail-30--390274364 References: <592470C8-3549-4127-8BF2-9EEA0D0A09FE@gmail.com> <17481701.post@talk.nabble.com> <12E27C78-D335-4EA2-B5F2-BFA4F12EDD6C@SUN.com> <17514352.post@talk.nabble.com> X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail-30--390274364 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Hi Wendy, I double checked a few of the artifacts, and you're right: the signatures are BAD on the .jar artifacts. Interestingly, the asc signatures are Good on the pom files. Henk's web site is not as alarming as I had hoped it would be. What I got from the page http://people.apache.org/~henkp/repo/ was that Patrick's signing key wasn't in the Apache web of trust, which isn't a huge problem. If the note had been "BAD signature" instead of "file/ sig inconsistency" it would have raised a redder flag. The staging artifacts at http://people.apache.org/~pcl/release-candidates/1.1.0/repo/m2-ibiblio-rsync-repository-2/ have the same problem: the .jar.asc signatures are bad but the .pom.asc signatures are good. Patrick, do you know what happened? Craig On May 28, 2008, at 7:45 AM, wsmoak wrote: > > > Craig L Russell wrote: >> >> Sounds like your info is out of date by a couple of days. >> I signed Patrick's key a few days ago. >> > > (Signed keys are a good thing, though it doesn't look like that has > propagated yet. Not sure how that happens.) > > The main issue that Henk raised [1] is inconsistent signatures-- > the .asc > file does not match the .jar file for those eight artifacts. For > example: > > $ gpg --verify openjpa-jdbc-1.1.0.jar.asc openjpa-jdbc-1.1.0.jar > gpg: Signature made Tue May 20 02:22:19 2008 UTC using DSA key ID > 513CA0DC > gpg: BAD signature from "Patrick Linskey (CODE SIGNING KEY) > " > > It usually means the file changed after it was signed. Given that the > release was re-done, is it possible something happened then? (I do > see the > other vote thread now that I look, thanks for the info... Google > didn't send > me an alert. :/ ) > > [1] http://people.apache.org/~henkp/repo/ > > Thanks, > -- > Wendy > -- > View this message in context: http://www.nabble.com/-VOTE--Approve-OpenJPA-1.1.0-release-tp17246915p17514352.html > Sent from the OpenJPA Developers mailing list archive at Nabble.com. > Craig Russell Architect, Sun Java Enterprise System http://java.sun.com/products/jdo 408 276-5638 mailto:Craig.Russell@sun.com P.S. A good JDO? O, Gasp! --Apple-Mail-30--390274364 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGUDCCAwkw ggJyoAMCAQICECvOQSuIjHMvOZRC95BRg/wwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MTIxMDE1MjM1MVoXDTA4MTIwOTE1MjM1 MVowbDEQMA4GA1UEBBMHUnVzc2VsbDEUMBIGA1UEKhMLQ3JhaWcgTGFpcmQxHDAaBgNVBAMTE0Ny YWlnIExhaXJkIFJ1c3NlbGwxJDAiBgkqhkiG9w0BCQEWFUNyYWlnLlJ1c3NlbGxAU3VuLkNPTTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKzqGlLUastboCRqc0iBoTz2ODcqpMpEyPUo nYtluchkSIoWzOW63AuoTczRt9sKfhwoK5mope+62B6Li06WJabm2UHqKAaNSuMHLsmyqvOdwbSt enY7/HxOSCMqVoyVBTRJc2M8feCSVgi7ptGq9cM+Maa64R1/p9zqaQNucceU/1uper90bWplsjAT rHgicgr9XJIQb6uYjhjlgxxnY/aispnCvLxMX+CiA2FWeeJTI7AiFlLwibTXYF4v12ToByvXtTiJ knuND8qpwhK3Wp0tL4ae8mZ0nlKjCuNnqh99ZyEyTFHZBfVx8WSWRXkY4qxCG/IDQUo7WUaefOQT 1mECAwEAAaMyMDAwIAYDVR0RBBkwF4EVQ3JhaWcuUnVzc2VsbEBTdW4uQ09NMAwGA1UdEwEB/wQC MAAwDQYJKoZIhvcNAQEFBQADgYEAEqfFNFoch0QPVKWJ4maAZl3MJD10yMeWt5xb+WNSkhYKHD8I 42E8tpdE3kmc5wp2cZrz9JqJF/KCQ/gI4pmDk1qpTs5pvXzFNiD5Lu5eLza4iyxSlTHUXcCnyNC6 4m0qC8p4m/51NEql5hyacj/+vdlEe5dygpyNGUCiyA/SdAswggM/MIICqKADAgECAgENMA0GCSqG SIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQH EwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZp Y2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMw NzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWls IElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUE cJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/Ef kTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMB AAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3Js LnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYD VR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GB AEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+ hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC 3CEZNd4ksdMdRv9dX2VPMYIDEDCCAwwCAQEwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt YWlsIElzc3VpbmcgQ0ECECvOQSuIjHMvOZRC95BRg/wwCQYFKw4DAhoFAKCCAW8wGAYJKoZIhvcN AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDgwNTI4MTYzNzIzWjAjBgkqhkiG9w0B CQQxFgQUUm2Yu2LfXKGmyC6d7l1D64KIzzowgYUGCSsGAQQBgjcQBDF4MHYwYjELMAkGA1UEBhMC WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0 ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhArzkEriIxzLzmUQveQUYP8MIGHBgsqhkiG 9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhAr zkEriIxzLzmUQveQUYP8MA0GCSqGSIb3DQEBAQUABIIBACDTlGfegXhp2/TmVpRIamv24ZtoQuQ9 ojmkcr20931AsTdeS3bAXcjTtIA9IusrMb4oerXqejkQBhnLJv/kTJ65uhYoA9IRM77Ph5/BhQLU PbnIrg272ut07lsJlE/Eh7cKWkvRhI7Gun6agaXBn3f3nOBFyH8zx9s/SVyGtSK7nilBz0fJc3BN 1bHGS4LkxH4uMmHeZuqt2CVxviAV6UuaBmr5ggNPX5SAibLskHcX86DE+pP6s0KirvLJkuwh0eOy nk27qC6zyBeD3WX2r97P7NcZkxoDVPyoyjL/QZnISeCxc6ePg3XfV1A/AgaosKGJYyXtOltyd1cS spaOpDkAAAAAAAA= --Apple-Mail-30--390274364--