stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lahiru Sandaruwan <lahi...@wso2.com>
Subject Re: PPMC diligence is needed in Voting
Date Thu, 24 Oct 2013 14:02:45 GMT
On Thu, Oct 24, 2013 at 7:17 PM, Suresh Marru <smarru@apache.org> wrote:

> Hi All,
>
> I do not see any discussion on the release discuss thread.


Suresh,

There is a [Discuss] thread for this release. Subject is "[Discuss] Release
Apache Stratos 3.0.0 Incubating RC4."

Thanks.


> I have a question to the 9 PPMC votes, what all did you verify? It is a
> good practice to send them to the DISCUSS thread your testing process and
> what you found. For this release, there is an issue with the key trust, and
> the PPMC should have very well caught it if you spent 5 minutes to verify
> the vote while not waiting for the mentors to catch it.
>
> Lahiru,
>
> I quickly tried to verify the signatures and I see this:
>
> gpg: Signature made Tue Oct 15 05:59:28 2013 EDT using RSA key ID 44BBC719
> gpg: Good signature from "Lahiru Sandaruwan (Opensource GPG key) <
> lahirus@apache.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 7746 771D C310 AC50 4A12  CAE9 B01D E39C 44BB C719
>
> I am sure you will raise some eye brows on the general vote. Can you get
> your key signed by existing Apache committers who are within Apache web of
> trust?
>
> See  [1] for explanation and mitigation about this warning.
>
> Cheers,
> Suresh
> [1] - http://www.apache.org/info/verification.html




-- 
--
Lahiru Sandaruwan
Software Engineer,
Platform Technologies,
WSO2 Inc., http://wso2.com
lean.enterprise.middleware

email: lahirus@wso2.com cell: (+94) 773 325 954
blog: http://lahiruwrites.blogspot.com/
twitter: http://twitter.com/lahirus
linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146

Mime
View raw message