Return-Path: Delivered-To: apmail-incubator-river-dev-archive@minotaur.apache.org Received: (qmail 81373 invoked from network); 4 Jan 2010 00:33:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 4 Jan 2010 00:33:01 -0000 Received: (qmail 81128 invoked by uid 500); 4 Jan 2010 00:33:01 -0000 Delivered-To: apmail-incubator-river-dev-archive@incubator.apache.org Received: (qmail 81058 invoked by uid 500); 4 Jan 2010 00:33:01 -0000 Mailing-List: contact river-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: river-dev@incubator.apache.org Delivered-To: mailing list river-dev@incubator.apache.org Received: (qmail 81048 invoked by uid 99); 4 Jan 2010 00:33:01 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Jan 2010 00:33:01 +0000 X-ASF-Spam-Status: No, hits=-4.0 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [192.18.43.133] (HELO sca-es-mail-2.sun.com) (192.18.43.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Jan 2010 00:32:52 +0000 Received: from fe-sfbay-10.sun.com ([192.18.43.129]) by sca-es-mail-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id o040WV2b002217 for ; Sun, 3 Jan 2010 16:32:31 -0800 (PST) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII; delsp=yes; format=flowed Received: from conversion-daemon.fe-sfbay-10.sun.com by fe-sfbay-10.sun.com (Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)) id <0KVP000005GNBS00@fe-sfbay-10.sun.com> for river-dev@incubator.apache.org; Sun, 03 Jan 2010 16:32:31 -0800 (PST) Received: from [192.168.0.13] (c-24-23-181-209.hsd1.ca.comcast.net [24.23.181.209]) by fe-sfbay-10.sun.com (Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)) with ESMTPSA id <0KVP00GV45I7BW00@fe-sfbay-10.sun.com> for river-dev@incubator.apache.org; Sun, 03 Jan 2010 16:32:31 -0800 (PST) Date: Sun, 03 Jan 2010 16:32:30 -0800 From: Craig L Russell Subject: Re: Apache release signing on Solaris 10 In-reply-to: <4B412B7C.5050805@zeus.net.au> Sender: Craig.Russell@Sun.COM To: river-dev@incubator.apache.org Message-id: <285C2331-C1F0-4D67-A660-FA968B498653@SUN.com> X-Mailer: Apple Mail (2.936) References: <4B3DAB4C.7000702@zeus.net.au> <4B412B7C.5050805@zeus.net.au> Hi Peter, The only reason *not* to use 1.4.10 IMHO is if the generated artifacts somehow are incompatible with other GPG programs out there. If you want to create an example .asc from some file that you have in your public directory, I'd be happy to verify that it works. Craig On Jan 3, 2010, at 3:42 PM, Peter Firmstone wrote: > Thanks Robert, > > GnuPG 1.4.10 has no trouble creating 4096 bit keys and it compiles > cleanly on Solaris, I have a set generated, I just wasn't sure if > there was some reason I should be using the later version. 1.4.10 > is still being maintained, its recommended for servers and embedded, > while 2.0.14 is preferred for desktops. > > If no one objects, I'd be happy to use the keys to sign the AR2 > release. > > Cheers, > > Peter. > > > Robert Burrell Donkin wrote: >> On Fri, Jan 1, 2010 at 7:59 AM, Peter Firmstone >> wrote: >> >>> I've been attempting to compile and install GnuPG 2.0.14 as per >>> http://www.apache.org/dev/openpgp.html#generate-key >>> >>> Unfortunately GnuPG 2.0.14 depends upon libassuan-1.0.5 which uses >>> funopen >>> or fopencookie calls that don't exist on Solaris 10. NB. I >>> succeeded >>> getting GNU PThreads library version 2.0.7 compiled and installed, >>> which >>> incidentally requested I email the author, to included it the tested >>> platforms (after passing all tests). >>> >>> Other libraries required that I compiled and installed were: >>> libgcrypt >>> libksba >>> libgpg-error >>> >>> I have GnuPG 1.4.10 installed, it can generate 4096 bit RSA keys. >>> >>> Is there anything on Solaris 10 that is considered suitable for key >>> generation for Apache? >>> >> >> IIRC 1.4.10 has the required changes backported from the 2.x >> codestream but i haven't had time to verify that the keys are >> correctly generated or that the configuration instructions work (i >> may >> be able to find some time in Feb once my semester one exams are >> done). >> it is possible - with sufficient knowledge - to create secure keys >> using 1.4.9 or earlier but it's fiddly and error prone. i think - but >> haven't checked - that you should be able to follow the *full* >> instructions for 2.x using 1.4.10 and then verify that the signatures >> created by the new key are strong enough. >> >> - robert >> >> > Craig L Russell Architect, Sun Java Enterprise System http://db.apache.org/jdo 408 276-5638 mailto:Craig.Russell@sun.com P.S. A good JDO? O, Gasp!