Source signing will be done tonight. Thanks Andrea for the detailed line-up. Also I hope all requirements are met in the second mail. However there seems a misunderstanding on Keith side. It is not required to vote all test marks. It is required to fill in general and then what OS Version you have tested and if you have tested from source or not. Simone state in order to create a binding vote it has to be tested from source. We need 3 of those. Also we should have an overview which Binaries has been reviewed.
That is all. All the best Peter Am 5. November 2018 00:22:33 MEZ schrieb Matthias Seidel <matthias.sei...@hamburg.de>: >Hi Andrea, > >Am 05.11.18 um 00:07 schrieb Andrea Pescetti: >> On 31/10/2018 Marcus wrote: >>> To make it an official vote I miss the following information: >>> - What exactly do we vote for (link to the source and binaries)? >> >> Yes please, let's try to be reasonably serious about releases: due to >> legal implications (among other things), there are some formalities >> that are required; nothing more than what we did for any other >Release >> Candidate in history. >> >> I assume we are voting on (this is the only 4.1.6-RC1 available, but >> it needs to be recorded in the vote discussion!) >> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/ >> >>> - What is the time for the vote? Please more than just the normal 72 >>> hours so that we all can use a weekend for more testing. >> >> Elsewhere Peter mentioned until Wednesday 7 November but again this >> should be in the vote thread (so, here). >> >> And most important: the Release Manager (Peter) must sign the source >> files. I've just spent a lot of time trying to make sense of various >> ways to have multiple signature in one file, concluding that it is >> easy to do that for a binary signature, but it is a hack to do so for >> the ASCII-armored signatures we use. >> >> So, in short, Peter as the Release Manager should rectify things by: >> >> 1) Confirming that the URL and deadline above are correct >> >> 2) Replace, before the vote ends, current signatures with only his >> signature as follows: >> >> $ svn checkout >> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/source >> $ rm *.asc >> $ gpg -a -b --digest-algo=SHA512 *.bz2 >> $ gpg -a -b --digest-algo=SHA512 *.gz >> $ gpg -a -b --digest-algo=SHA512 *.zip >> $ svn commit >> >> About this second item, I see that Matthias concatenated his >signature >> to Jim's one: this is possible for the binary format but GPG will >> complain if this is done for the ASCII format, and as you can see by >> searching the net there is no clean way to do it. I checked back in >> version 4.1.2 (that was signed by Juergen and me) and I found out >that >> I had simply replaced Juergen's signature with mine in that case (I >> was the Release Manager for 4.1.2). We can do the same this time. > >I found double signatures in 4.1.3: >https://archive.apache.org/dist/openoffice/4.1.3/source/apache-openoffice-4.1.3-r1761381-src.zip.asc > >But yes, GPG complains about it and will only verify the first. So >Peter's signature should be the only one... > >(Of course he could also use our hash-sign.sh, which is fixed now for >SHA512). > >Regards, > > Matthias > >> >> Regards, >> Andrea. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org >> For additional commands, e-mail: dev-h...@openoffice.apache.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
