Hi Chris, Thank you very much for your time to review the release, we really need help getting this one right and will greatly appreciate your time in letting us jump these initial barriers. Please see my answered embedded below:
On Jan 29, 2012, at 12:56 PM, Mattmann, Chris A (388J) wrote: > Hi Suresh, > > First off, thanks for the work in putting this together! What a great job. > > That being said: how would I do a gpg key and verification check? And, The signed GPG key is at - https://svn.apache.org/repos/asf/incubator/airavata/KEYS > how would I verify the MD5 checksums? Typically, we put up a copy of > the dist artifacts that will end up on > minotaur:/www/www.apache.org/dist/incubator/airavata > in someone's people.a.o/~<user>/apache-airavata-<version>-rc-<num>/ folder, > with: > > 1. source releases > 2. MD5s and SHA1 and ASC files 1 and 2 are in https://repository.apache.org/content/repositories/orgapacheairavata-152/org/apache/airavata/airavata/0.2-incubating/ Please let me know if this is not what you are looking for. > 3. (optional) binaries The binaries and MD5, SHA1, and ASC files for binaries are at - http://people.apache.org/builds/incubator/airavata/0.2-incubating/ > 4. (optional) CHANGES.txt file The changes.txt files is same as release notes in this case and it is at - https://svn.apache.org/repos/asf/incubator/airavata/tags/airavata-0.2-incubating/RELEASE_NOTES, let me know if it has to be named CHANGES.txt. > > Then, 1-4 are what get copied to /www/www.apache.org/dist/incubator/airavata > on successful VOTE completion. With your existing setup, I'm not sure > how I would execute steps 1-2 to do checksum and signature verification. I am following at the Rave incubator project in this case, where once passed the release, we will publish the nexus repo for source and move the binaries to http://www.apache.org/dist/incubator/ area. Thank you, Suresh > > Let me know and I'd be happy to spend time reviewing the release. > > Cheers, > Chris > > On Jan 29, 2012, at 12:47 AM, Suresh Marru wrote: > >> Discussion thread for vote on airavata 0.2-incubating release candidate 2. >> >> If you have any questions or feedback or to post results of validating the >> release, please reply to this thread. >> >> For reference, the Apache release guide - >> http://www.apache.org/dev/release.html >> Incubator specific release guidelines - >> http://incubator.apache.org/guides/releasemanagement.html >> >> Some tips to validate the release before you vote: >> >> * Download the binary version and run the 5 minute or 10 minute tutorial as >> described in README and website. >> * Download the source files from compressed files and release tag and build >> (which includes tests). >> * Verify the distributon for the required LICENSE, NOTICE and DISCLAIMER >> files >> * Verify if all the staged files are signed and the signature is verifiable. >> * Verify if the signing key in the project's KEYS file is hosted on a public >> server >> >> Thanks for your time in validating the release and voting, >> Suresh > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Chris Mattmann, Ph.D. > Senior Computer Scientist > NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA > Office: 171-266B, Mailstop: 171-246 > Email: [email protected] > WWW: http://sunset.usc.edu/~mattmann/ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Adjunct Assistant Professor, Computer Science Department > University of Southern California, Los Angeles, CA 90089 USA > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >
signature.asc
Description: Message signed with OpenPGP using GPGMail
