zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andor Molnar <an...@apache.org>
Subject Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4
Date Wed, 09 Oct 2019 16:07:47 GMT
Yeah, we supply SHA512 sum and GPG signature for the tarballs.
But I don’t think we need to supply checksum for the GPG signatures too.

Here: https://archive.apache.org/dist/zookeeper/zookeeper-3.5.5/

Andor



> On 2019. Oct 9., at 17:54, Jordan Zimmerman <jordan@jordanzimmerman.com> wrote:
> 
> It's required by the Apache Release process:
> 
> http://www.apache.org/dev/release-distribution <http://www.apache.org/dev/release-distribution>
> 
> For every artifact distributed to the public through Apache channels, the PMC
> 
> 	• MUST supply a valid OpenPGP-compatible ASCII-armored detached signature file
> 	• MUST supply at least one checksum file
> 	• SHOULD supply a SHA-256 and/or SHA-512 checksum file
> 	• SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are deprecated)
> 
> For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT supply MD5
or SHA-1. Existing releases do not need to be changed.
> 
>> On Oct 9, 2019, at 6:50 PM, Andor Molnar <andor@apache.org> wrote:
>> 
>> Checking.
>> Why do we generated SHA512 sums for the gpg signatures?
>> Is that intentional?
>> 
>> Andor
>> 
>> 
>> 
>>> On 2019. Oct 8., at 22:36, Enrico Olivelli <eolivelli@gmail.com> wrote:
>>> 
>>> This is a bugfix release candidate for 3.5.6.
>>> 
>>> It fixes 29 issues, including upgrade of third party libraries,
>>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty 4
>>> and better procedure for the upgrade of servers from 3.4 to 3.5.
>>> 
>>> The full release notes is available at:
>>> 
>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12345243
>>> 
>>> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0. ***
>>> 
>>> Source files:
>>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
>>> 
>>> Maven staging repo:
>>> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
>>> 
>>> The release candidate tag in git to be voted upon: release-3.5.6-rc4
>>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
>>> 
>>> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
>>> https://www.apache.org/dist/zookeeper/KEYS
>>> 
>>> Should we release this candidate?
>>> 
>>> Enrico Olivelli
>> 
> 


Mime
View raw message