Thanks Nikita! I see that website announcement is already committed in our CMS staging area: http://svn.apache.org/viewvc?view=revision&revision=1785615 I was planning to review it tonight or tomorrow, publish it, and make a mailing list / twitter announcement.
Andrus > On Mar 6, 2017, at 2:43 PM, Nikita Timofeev <ntimof...@objectstyle.com> wrote: > > And to keep everything in order, here is the final voting results. > We have 3 PMC votes in total: > > Andrus Adamchik (PMC): +1 > Savva Kolbachev (PMC): +1 > Aristedes Maniatis (PMC): +1 > > Cayenne release 4.0.M5 is done! > Thank you all once again! > > On Mon, Mar 6, 2017 at 12:26 PM, Nikita Timofeev > <ntimof...@objectstyle.com> wrote: >> Hi all, >> >> As we have everything required for the M5 release I'm going to >> complete it today. >> >> Thank you for your votes and ideas! >> >> On Thu, Mar 2, 2017 at 4:49 PM, Aristedes Maniatis <a...@maniatis.org> wrote: >>> On 2/3/17 8:51pm, Andrus Adamchik wrote: >>>> >>>> >>>>> On Mar 2, 2017, at 11:55 AM, Aristedes Maniatis <a...@maniatis.org> wrote: >>>>> >>>>> Would it help if we set up a Jenkins job to create the build artifacts >>>>> then we have an easier to verify chain from source checkout to artifact >>>>> creation? >>>> >>>> It most certainly will. How do we sign the files though? >>> >>> There can still be a step of downloading the files from jenkins, signing >>> and uploading. md5 hashes are still there for verifying the Jenkins output >>> is intact. >>> >>> I'm not sure how we verify that Jenkins itself isn't compromised, but >>> perhaps we can ask what others do. >>> >>> >>> Ari >>> >>> >>> >>> -- >>> --------------------------> >>> Aristedes Maniatis >>> GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A >> >> >> >> -- >> Best regards, >> Nikita Timofeev > > > > -- > Best regards, > Nikita Timofeev
