NOTICE checked. LICENSE.txt checked. README checked. md5 checked. Gpg not check.
[ey...@minotaur:~]$ gpg --list-key Warning: using insecure memory! /home/eyang/.gnupg/pubring.gpg ------------------------------ pub 1024D/E382551F 2009-06-08 uid Eric Yang <[email protected]> sub 2048g/0AB8F236 2009-06-08 pub 1024D/4D2386D8 2009-07-01 [expires: 2011-07-01] uid Ariel Rabkin (CODE SIGNING KEY) <[email protected]> sub 2048g/8C186169 2009-07-01 [expires: 2011-07-01] [ey...@minotaur:~]$ gpg --verify chukwa-0.3.0.tar.gz.asc chukwa-0.3.0.tar.gz Warning: using insecure memory! gpg: Signature made Tue Oct 20 19:12:19 2009 UTC using DSA key ID 4D2386D8 gpg: Good signature from "Ariel Rabkin (CODE SIGNING KEY) <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4B53 4CB5 525E 3AAA B3A8 7EA7 641E 3B9C 4D23 86D8 The key seems to belong to [email protected], and you probably should generate key on the apache server. I am not sure about the policy, and it's best to ask Owen. Regards, Eric On 10/20/09 12:29 PM, "Ariel Rabkin" <[email protected]> wrote: > OK. Can someone give me a quick sanity check of > http://people.apache.org/~asrabkin/chukwa-0.3.0-candidate-3/ ? It's > the same tarball as before, with three files added (as per > CHUKWA-402). So it really should be fine. > > Mostly, I want to be reassured that the tarball unwraps correctly. > Also, can you check that the MD5 and signature match? The > appropriate KEYS file is http://people.apache.org/~asrabkin/KEYS > > --Ari > > On Tue, Oct 20, 2009 at 9:39 AM, Eric Yang <[email protected]> wrote: >> Sounds good. >> >> >> On 10/20/09 1:08 AM, "Ariel Rabkin" <[email protected]> wrote: >> >>> Hi all. >>> >>> One last snag with a release. I just checked the Apache release >>> rules, and we need a NOTICE file. I've opened CHUKWA-402 for it. I >>> intend to just add it to the rc-2 build, do a last sanity check, >>> re-generate signatures, then poke the PMC. How's that sound? >>> >>> --Ari >> >> > >
