Hey Lewis, Hmm, not sure on the MD5 and SHA -- they seem to validate for me and seemed to work at least Sami (and Markus?). Guys, any idea what's up with Lewis's verification step here?
Lewis, you may try re-downloading and verifying them again, but wait until RC #2 on that. I'll fix the NOTICE file for RC #2 as you mention below and not sure why the extension was .tar.gz.tar.gz, I'll fix that too. Cheers, Chris On Apr 16, 2012, at 3:12 AM, Lewis John Mcgibbney wrote: > Hi Chris, > > On Mon, Apr 16, 2012 at 6:43 AM, Mattmann, Chris A (388J) < > chris.a.mattm...@jpl.nasa.gov> wrote: > >> Hi Folks, >> >> A candidate for the Nutch 1.5 release is available at: >> >> http://people.apache.org/~mattmann/apache-nutch-1.5/rc1/ >> > > I used the KEYS file stored on SVN under the 1.5 tag (as below), and got > the following when verifying the above RC (stored on your p.a.o area) > > lewis@lewis-01:~/Desktop$ gpg --import KEYS > gpg: key A7239D59: "Doug Cutting (Lucene guy) <cutt...@apache.org>" not > changed > gpg: key 7C491924: public key "Piotr Kosiorowski <pkosiorow...@apache.org>" > imported > gpg: key 0B7E6CFA: public key "Sami Siren <si...@apache.org>" imported > gpg: key 57163A4D: public key "Dennis E. Kubes <ku...@apache.org>" imported > gpg: key 24BCF054: public key "Chris A. Mattmann <mattm...@apache.org>" > imported > gpg: Total number processed: 5 > gpg: imported: 4 > gpg: unchanged: 1 > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model > gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u > > lewis@lewis-01:~/Desktop$ gpg --verify apache-nutch-1.5-bin.tar.tar.gz.asc > gpg: no signed data > gpg: can't hash datafile: file open error > lewis@lewis-01:~/Desktop$ gpg --verify apache-nutch-1.5-bin.zip.asc > gpg: Signature made Mon 16 Apr 2012 06:00:20 BST using DSA key ID B876884A > gpg: Can't check signature: public key not found > lewis@lewis-01:~/Desktop$ gpg --verify apache-nutch-1.5-src.tar.gz.asc > gpg: Signature made Mon 16 Apr 2012 06:00:18 BST using DSA key ID B876884A > gpg: Can't check signature: public key not found > lewis@lewis-01:~/Desktop$ gpg --verify apache-nutch-1.5-src.zip.asc > gpg: Signature made Mon 16 Apr 2012 06:00:22 BST using DSA key ID B876884A > gpg: Can't check signature: public key not found > lewis@lewis-01:~/Desktop$ md5sum apache-nutch-1.5-bin.tar.tar.gz.asc > e32088205efd59ffc882c79add0bafae apache-nutch-1.5-bin.tar.tar.gz.asc > lewis@lewis-01:~/Desktop$ md5sum apache-nutch-1.5-bin.zip.asc > ff7960b8540673a86756f6b3f53ffd79 apache-nutch-1.5-bin.zip.asc > lewis@lewis-01:~/Desktop$ md5sum apache-nutch-1.5-src.tar.gz.asc > 9da161bcd5ec0de3f702a12e6bfbf9e6 apache-nutch-1.5-src.tar.gz.asc > lewis@lewis-01:~/Desktop$ md5sum apache-nutch-1.5-src.zip.asc > 6750bbc93b028776fa888f988df3a614 apache-nutch-1.5-src.zip.asc > > Some comments: > 1) I don't think the tar should be appended twice for the > apache-nutch-1.5-bin.tar.tar.gz artefact and accompanying sigs. > 2) None of my other attempts to verify the other artefacts via gpg worked! > 3) All attempts to verify via md5sum did not match the strings present in > your p.a.o area! > 4) Really really trivial, but in our NOTICE file, it stated a date of 2009. > I should have picked this up a while ago when I updated the other dates in > these files, this one seems to have slipped through the net. > > >> The release candidate is a zip and tar.gz archive of the sources in: >> >> http://svn.apache.org/repos/asf/nutch/tags/release-1.5/ >> > > Stuff in SVN tag looks OK apart from the stuff I mentioned above. > > >> >> And a binary build suitable for deployment. >> >> A staged Maven repository is available here: >> >> https://repository.apache.org/content/repositories/orgapachenutch-054/ >> > > I've not got around to checking the gpg and md5sum verifications yet, as > I'm waiting for someone to confirm that the above failed verifications are > correct before I do so. I'm hoping that I've made a mistake somewhere. > > >> >> [X ] -1 Do not release this package because... >> >> Because of the above, unless I discover that I've done something wrong > then I can't VOTE yes. I'm open to discussion on this, if someone can > display that I've taken a wrong turn somewhere then I might change my VOTE > however for the time being I need to call this one down. > > Thanks for spinning the RC Chris. > > Lewis ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Chris Mattmann, Ph.D. Senior Computer Scientist NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA Office: 171-266B, Mailstop: 171-246 Email: chris.a.mattm...@nasa.gov WWW: http://sunset.usc.edu/~mattmann/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Adjunct Assistant Professor, Computer Science Department University of Southern California, Los Angeles, CA 90089 USA ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
