+1 (non-binding) Disregard my last email, I didn't have your new strong signing key imported and I haven't had any coffee this morning :-D Everything looks good now.
Chris -- Chris Custine FUSESource :: http://fusesource.com My Blog :: http://blog.organicelement.com Apache ServiceMix :: http://servicemix.apache.org Apache Felix :: http://felix.apache.org Apache Directory Server :: http://directory.apache.org On Thu, Feb 18, 2010 at 8:21 AM, Chris Custine <[email protected]>wrote: > The release looks good but there are only checksums and no pgp sigs on the > artifacts. As of last week Nexus is automatically verifying pgp sigs while > promoting from stage to Maven central and will fail if none are present or > validation fails. There is an email from Brian Fox dated Feb 12 about this > on [email protected] (anyone who does releases should subscribe to it) > but I have inserted the content below. This also means our sigs MUST be on > a public key server as mentioned below. > > =============== > We converted http://repository.apache.org to authenticate against LDAP > today. For most users this should be a transparent migration. It was > previously authenticating against svn. This means if you have changed > your password recently, there is a possibility that the password you > used to login to Nexus and deploy artifacts has changed. You should > use the same password that you would use to access people. > > Additionally, we are now validating that proper pgp signatures are > present on and available for all artifacts being deployed. The system > will pull your key from a public key server to validate it. This means > that if you haven't already, you should upload your public key to a > server like http://pgp.mit.edu (you can also use the gpg --send-keys > command) or you will get an error that your key can't be verified when > you attempt to close or promote a staged repository. > > Thanks, > Brian > ================ > -- > Chris Custine > FUSESource :: http://fusesource.com > My Blog :: http://blog.organicelement.com > Apache ServiceMix :: http://servicemix.apache.org > Apache Felix :: http://felix.apache.org > Apache Directory Server :: http://directory.apache.org > > > > On Thu, Feb 18, 2010 at 1:08 AM, Carsten Ziegeler <[email protected]>wrote: > >> Hi, >> >> We solved 6 issues in this release: >> https://issues.apache.org/jira/browse/FELIX/fixforversion/12314393 >> >> Staging repository: >> https://repository.apache.org/content/repositories/orgapachefelix-008/ >> >> You can use this UNIX script to download the release and verify the >> signatures: >> http://svn.apache.org/repos/asf/felix/trunk/check_staged_release.sh >> >> Usage: >> sh check_staged_release.sh 008 /tmp/felix-staging >> >> Please vote to approve this release: >> >> [ ] +1 Approve the release >> [ ] -1 Veto the release (please provide specific comments) >> >> This vote will be open for 72 hours. >> >> Carsten >> -- >> Carsten Ziegeler >> [email protected] >> >> >
