This vote is closed. On Sat, Jul 22, 2017 at 11:26 PM, Konstantin Boudnik <[email protected]> wrote:
> Retracting this, found the KEYS (douh...). Still > > -1 (binding). The release isn't signed by the release manager. Someone else > key is used. > > - Checked the sha1 > - Successfully ran the build > - Checked the signature > - The archive is signed by the key 593A743B belonging to > [email protected]. > However, none of the 2.1.0 RC [VOTE] attempts were started by this > person. > Which tells me that the private key is simply shared by a number of the > committers. And there's no guarantee that it hasn't been leaked outside > of > the group. And that's pretty serious security flaw, actually. > > Why the release managers aren't using their own keys? It is easy to > generate > and sign the keys following guidelines [1]. Committers' keys are easy to > validate against the Apache repository [2] > > Things that need to be improved in the next release: > - neither sha1 nor md5 are trustful checksum'ing methods and aren't > guaranteeing the authenticity of the source archive. We should be > switching > to at least sha265 or higher. This has been brought up since the > incubation. > And warrants for -1 in the next release. > - why every other RC Vote is started by a different person? > > With regards, > Cos > > [1] https://people.apache.org/keys/committer/ > [2] https://www.apache.org/dev/new-committers-guide.html#set- > up-security-and-pgp-keys > > On Sat, Jul 22, 2017 at 01:00PM, Konstantin Boudnik wrote: > > Am I missing the location of the signing keys? I cannot verivy the > signature > > of the archive. > > > > -1 (binding) until then. > > > > Thanks > > Cos > > > > On Thu, Jul 20, 2017 at 03:34PM, Denis Magda wrote: > > > Igniters, > > > > > > Setting off the vote one more time. Hope I’ll be successful this time, > keeping fingers crossed :) > > > > > > We have uploaded a 2.1.0 release candidate to > > > https://dist.apache.org/repos/dist/dev/ignite/2.1.0-rc3/ > > > > > > Git tag name is > > > 2.1.0-rc3 > > > > > > This release includes the following changes: > > > > > > Ignite: > > > * Persistent cache store > > > * Added IgniteFuture.listenAsync() and IgniteFuture.chainAsync() > mehtods > > > * Deprecated IgniteConfiguration.marshaller > > > * Updated Lucene dependency to version 5.5.2 > > > * Machine learning: implemented K-means clusterization algorithm > optimized > > > for distributed storages > > > * SQL: CREATE TABLE and DROP TABLE commands support > > > * SQL: New thin JDBC driver > > > * SQL: Improved performance of certain queries, when affinity node can > be > > > calculated in advance > > > * SQL: Fixed return type of AVG() function > > > * SQL: BLOB type support added to thick JDBC driver > > > * SQL: Improved LocalDate, LocalTime and LocalDateTime support for > Java 8 > > > * SQL: Added FieldsQueryCursor interface to get fields metadata for > > > SqlFieldsQuery > > > * ODBC: Implemented DML statement batching > > > * Massive performance and stability improvements > > > > > > Ignite.NET: > > > * Automatic remote assembly loading > > > * NuGet-based standalone node deployment > > > * Added conditional data removeal via LINQ DeleteAll > > > * Added TimestampAttribute to control DateTime serialization mode > > > * Added local collections joins support to LINQ. > > > > > > Ignite CPP: > > > * Added Compute::Call and Compute::Broadcast methods > > > > > > Web Console: > > > * Implemented support for UNIQUE indexes for key fields on import model > > > from RDBMS > > > * Added option to show full stack trace on Queries screen > > > * Added PK alias generation on Models screen. > > > > > > Complete list of closed issues: > > > https://issues.apache.org/jira/issues/?jql=project%20% > 3D%20IGNITE%20AND% > > > 20fixVersion%20%3D%202.1%20AND%20(status%20%3D% > 20closed%20or%20status%20%3D% > > > 20resolved) > > > > > > DEVNOTES > > > https://git-wip-us.apache.org/repos/asf?p=ignite.git;a=blob_ > plain;f=DEVNOTES.txt;hb=refs/tags/2.1.0-rc3 > > > > > > RELEASE NOTES > > > https://git-wip-us.apache.org/repos/asf?p=ignite.git;a=blob_ > plain;f=RELEASE_NOTES.txt;hb=refs/tags/2.1.0-rc3 > > > > > > Please start voting. > > > > > > +1 - to accept Apache Ignite 2.1.0-rc3 > > > 0 - don't care either way > > > -1 - DO NOT accept Apache Ignite 2.1.0-rc3 (explain why) > > > > > > This vote will go for 72 hours. > > > > > > — > > > Denis > > > > > >
