By my estimation, this vote has passed, although the vote taker did call it early. :-) Not a problem, we can proceed to call it again in my opinion, unless there are objections.
On Wed, Feb 10, 2016 at 8:38 AM, Evans Ye <[email protected]> wrote: > It looks like BIGTOP-2318 is not a big deal. > I'd say go :) > > 2016-02-11 0:19 GMT+08:00 Konstantin Boudnik <[email protected]>: > > > +1 > > > > the RC1 looks good besides of the extra file issue already fixed on > master > > > > I am not sure how to proceed with this. Shall we consider the original > > [VOTE] > > thread valid and simply call the tally? Or there's a feeling that we need > > to > > restart to vote and make it more formal than it is right now? > > > > Cos > > > > On Sun, Feb 07, 2016 at 11:56PM, Evans Ye wrote: > > > I think it's OK to just update the KEYS file. > > > > > > > > > Here's my evaluation result of 1.1.0 RC1: > > > > > > 1. sha1, md5, signature verified > > > 2. build bigtop/slaves 1.1.0 images > > > 3. use above 1.1.0 slave images to build 1.1.0 packages > > > 4. run Docker Provisioner to deploy 1.1.0 packages > > > 5. run Vagrant Provisioner to deploy 1.1.0 packages > > > 6. run hadoop and pig smoke tests > > > 7. run hadoop itest > > > > > > Surely I didn't cover all the features, but the core feature I touched > > all > > > works well. > > > Hence here's my +1 to the RC1. > > > > > > > > > 2016-02-07 15:23 GMT+08:00 Konstantin Boudnik <[email protected]>: > > > > > > > Argh... the keys again. CB588E12 is one of my subs, but it is DSA key > > and > > > > we > > > > had a lot of troubles with the RPMs (because RPM only works with > > "secure" > > > > RSA > > > > keys). Eventually, for package signing I've used FA08B173, which is a > > part > > > > of > > > > the KEYS file. > > > > > > > > Technically, speaking there's no rule dictating to sign release > > artifacts > > > > and > > > > binary package with the same key. So, if having two keys is ok, then > I > > will > > > > need to add CB588E12 to the KEYS as well. Or alternatively, I (or > > someone > > > > else) would need to do RC2 with correct signature. > > > > > > > > Cos > > > > > > > > On Sun, Feb 07, 2016 at 03:15PM, Evans Ye wrote: > > > > > Hi Olaf, did you get the key from keyserver? > > > > > > > > > > $ gpg --verify bigtop-1.1.0-project.tar.gz.asc > > > > bigtop-1.1.0-project.tar.gz > > > > > gpg: Signature made Sun Jan 31 12:09:46 2016 CST using DSA key ID > > > > CB588E12 > > > > > gpg: Can't check signature: public key not found > > > > > > > > > > $ gpg --keyserver pgpkeys.mit.edu --recv-key CB588E12 # Took a > > while to > > > > > finish > > > > > > > > > > $ gpg --verify bigtop-1.1.0-project.tar.gz.asc > > > > bigtop-1.1.0-project.tar.gz > > > > > gpg: Signature made Sun Jan 31 12:09:46 2016 CST using DSA key ID > > > > CB588E12 > > > > > gpg: Good signature from "Konstantin I Boudnik (Cos) < > > [email protected]>" > > > > > gpg: aka "Konstantin I Boudnik (Cos) < > [email protected] > > >" > > > > > gpg: WARNING: This key is not certified with a trusted signature! > > > > > gpg: There is no indication that the signature belongs to > > the > > > > > owner. > > > > > Primary key fingerprint: 2CAC 8312 4870 D885 8616 6115 220F 6980 > > 1F27 > > > > E622 > > > > > Subkey fingerprint: 88C5 8332 D1A9 6A83 F9B3 2776 7A7C 8596 > > CB58 > > > > 8E12 > > > > > > > > > > > > > > > 2016-02-05 17:01 GMT+08:00 Olaf Flebbe <[email protected]>: > > > > > > > > > > > hi, > > > > > > > > > > > > the signature file is made with a key CB588E12 , not contained in > > KEYS. > > > > > > Or missed I something important? > > > > > > > > > > > > Olaf > > > > > > > > > > > > > Am 31.01.2016 um 05:35 schrieb Konstantin Boudnik < > > [email protected]>: > > > > > > > > > > > > > > This is the vote for release 1.1.0 of Apache Bigtop. > > > > > > > > > > > > > > It fixes the following issues: > > > > > > > > > > > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311420&version=12329714 > > > > > > > > > > > > > > The vote will be going for at least 72 hours and will be closed > > on > > > > > > Wednesday, > > > > > > > February 3rd, 2016 at noon PDT. Please download, test and vote > > with > > > > > > > > > > > > > > [ ] +1, accept rc1 as the official 1.1.0 release of Apache > Bigtop > > > > > > > [ ] +0, I don't care either way, > > > > > > > [ ] -1, do not accept rc1 as the official 1.1.0 release of > Apache > > > > > > Bigtop, because... > > > > > > > > > > > > > > Source and binary files: > > > > > > > https://dist.apache.org/repos/dist/dev/bigtop/1.1.0-rc1 > > > > > > > > > > > > > > Maven staging repo: > > > > > > > > > > > > > https://repository.apache.org/content/repositories/orgapachebigtop-1006 > > > > > > > > > > > > > > The git tag to be voted upon is release-1.1.0 > > > > > > > > > > > > > > Bigtop's KEYS file containing PGP keys we use to sign the > > release: > > > > > > > https://dist.apache.org/repos/dist/release/bigtop/KEYS > > > > > > > > > > > > > > Thanks! > > > > > > > Cos > > > > > > > > > > > > > -- Best regards, - Andy Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
