When trying to evaluate the release, I noticed that [1] requires SHA-256 or SHA-512 signature. While our release process currently produces SHA1 and MD5. These 2 must not be supplied. I didn't dig in to it yet. Roman, Cos would mind to point out where to look for?
[1] http://www.apache.org/dev/release-distribution#sigs-and-sums Naresh Bhat <[email protected]> 於 2018年9月26日 週三 下午4:51寫道: > +1 > I have compiled v1.3 branch and executing the smoke tests on ARM64 machine. > > On Wed, 26 Sep 2018 at 08:44, Jun HE <[email protected]> wrote: > > > This is the vote for release 1.3.0 of Apache Bigtop. > > > > It fixes the following issues: > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12338976&projectId=12311420 > > > > The vote will be going for at least 72 hours and will be closed on > > Saturday, > > September 29, 2018 at noon PDT. Please download, test and vote with > > > > [ ] +1, accept RC1 as the official 1.3.0 release of Apache Bigtop > > [ ] +0, I don't care either way, > > [ ] -1, do not accept RC1 as the official 1.3.0 release of Apache Bigtop, > > because... > > > > Source and binary files: > > https://dist.apache.org/repos/dist/dev/bigtop/bigtop-1.3.0-RC1/ > > > > Maven staging repo: > > > > https://repository.apache.org/content/repositories/orgapachebigtop-1019 > > > > The git tag to be voted upon is release-1.3.0 > > > > Bigtop's KEYS file containing PGP keys we use to sign the release: > > https://dist.apache.org/repos/dist/release/bigtop/KEYS > > >
