The release looks good but there are only checksums and no pgp sigs on the artifacts. As of last week Nexus is automatically verifying pgp sigs while promoting from stage to Maven central and will fail if none are present or validation fails. There is an email from Brian Fox dated Feb 12 about this on [email protected] (anyone who does releases should subscribe to it) but I have inserted the content below. This also means our sigs MUST be on a public key server as mentioned below.
=============== We converted http://repository.apache.org to authenticate against LDAP today. For most users this should be a transparent migration. It was previously authenticating against svn. This means if you have changed your password recently, there is a possibility that the password you used to login to Nexus and deploy artifacts has changed. You should use the same password that you would use to access people. Additionally, we are now validating that proper pgp signatures are present on and available for all artifacts being deployed. The system will pull your key from a public key server to validate it. This means that if you haven't already, you should upload your public key to a server like http://pgp.mit.edu (you can also use the gpg --send-keys command) or you will get an error that your key can't be verified when you attempt to close or promote a staged repository. Thanks, Brian ================ -- Chris Custine FUSESource :: http://fusesource.com My Blog :: http://blog.organicelement.com Apache ServiceMix :: http://servicemix.apache.org Apache Felix :: http://felix.apache.org Apache Directory Server :: http://directory.apache.org On Thu, Feb 18, 2010 at 1:08 AM, Carsten Ziegeler <[email protected]>wrote: > Hi, > > We solved 6 issues in this release: > https://issues.apache.org/jira/browse/FELIX/fixforversion/12314393 > > Staging repository: > https://repository.apache.org/content/repositories/orgapachefelix-008/ > > You can use this UNIX script to download the release and verify the > signatures: > http://svn.apache.org/repos/asf/felix/trunk/check_staged_release.sh > > Usage: > sh check_staged_release.sh 008 /tmp/felix-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] -1 Veto the release (please provide specific comments) > > This vote will be open for 72 hours. > > Carsten > -- > Carsten Ziegeler > [email protected] > >
