+1 the RC1 looks good besides of the extra file issue already fixed on master
I am not sure how to proceed with this. Shall we consider the original [VOTE] thread valid and simply call the tally? Or there's a feeling that we need to restart to vote and make it more formal than it is right now? Cos On Sun, Feb 07, 2016 at 11:56PM, Evans Ye wrote: > I think it's OK to just update the KEYS file. > > > Here's my evaluation result of 1.1.0 RC1: > > 1. sha1, md5, signature verified > 2. build bigtop/slaves 1.1.0 images > 3. use above 1.1.0 slave images to build 1.1.0 packages > 4. run Docker Provisioner to deploy 1.1.0 packages > 5. run Vagrant Provisioner to deploy 1.1.0 packages > 6. run hadoop and pig smoke tests > 7. run hadoop itest > > Surely I didn't cover all the features, but the core feature I touched all > works well. > Hence here's my +1 to the RC1. > > > 2016-02-07 15:23 GMT+08:00 Konstantin Boudnik <[email protected]>: > > > Argh... the keys again. CB588E12 is one of my subs, but it is DSA key and > > we > > had a lot of troubles with the RPMs (because RPM only works with "secure" > > RSA > > keys). Eventually, for package signing I've used FA08B173, which is a part > > of > > the KEYS file. > > > > Technically, speaking there's no rule dictating to sign release artifacts > > and > > binary package with the same key. So, if having two keys is ok, then I will > > need to add CB588E12 to the KEYS as well. Or alternatively, I (or someone > > else) would need to do RC2 with correct signature. > > > > Cos > > > > On Sun, Feb 07, 2016 at 03:15PM, Evans Ye wrote: > > > Hi Olaf, did you get the key from keyserver? > > > > > > $ gpg --verify bigtop-1.1.0-project.tar.gz.asc > > bigtop-1.1.0-project.tar.gz > > > gpg: Signature made Sun Jan 31 12:09:46 2016 CST using DSA key ID > > CB588E12 > > > gpg: Can't check signature: public key not found > > > > > > $ gpg --keyserver pgpkeys.mit.edu --recv-key CB588E12 # Took a while to > > > finish > > > > > > $ gpg --verify bigtop-1.1.0-project.tar.gz.asc > > bigtop-1.1.0-project.tar.gz > > > gpg: Signature made Sun Jan 31 12:09:46 2016 CST using DSA key ID > > CB588E12 > > > gpg: Good signature from "Konstantin I Boudnik (Cos) <[email protected]>" > > > gpg: aka "Konstantin I Boudnik (Cos) <[email protected]>" > > > gpg: WARNING: This key is not certified with a trusted signature! > > > gpg: There is no indication that the signature belongs to the > > > owner. > > > Primary key fingerprint: 2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 > > E622 > > > Subkey fingerprint: 88C5 8332 D1A9 6A83 F9B3 2776 7A7C 8596 CB58 > > 8E12 > > > > > > > > > 2016-02-05 17:01 GMT+08:00 Olaf Flebbe <[email protected]>: > > > > > > > hi, > > > > > > > > the signature file is made with a key CB588E12 , not contained in KEYS. > > > > Or missed I something important? > > > > > > > > Olaf > > > > > > > > > Am 31.01.2016 um 05:35 schrieb Konstantin Boudnik <[email protected]>: > > > > > > > > > > This is the vote for release 1.1.0 of Apache Bigtop. > > > > > > > > > > It fixes the following issues: > > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311420&version=12329714 > > > > > > > > > > The vote will be going for at least 72 hours and will be closed on > > > > Wednesday, > > > > > February 3rd, 2016 at noon PDT. Please download, test and vote with > > > > > > > > > > [ ] +1, accept rc1 as the official 1.1.0 release of Apache Bigtop > > > > > [ ] +0, I don't care either way, > > > > > [ ] -1, do not accept rc1 as the official 1.1.0 release of Apache > > > > Bigtop, because... > > > > > > > > > > Source and binary files: > > > > > https://dist.apache.org/repos/dist/dev/bigtop/1.1.0-rc1 > > > > > > > > > > Maven staging repo: > > > > > > > https://repository.apache.org/content/repositories/orgapachebigtop-1006 > > > > > > > > > > The git tag to be voted upon is release-1.1.0 > > > > > > > > > > Bigtop's KEYS file containing PGP keys we use to sign the release: > > > > > https://dist.apache.org/repos/dist/release/bigtop/KEYS > > > > > > > > > > Thanks! > > > > > Cos > > > > > >
signature.asc
Description: Digital signature
