I did some similar tests, took a look at the generated artifacts from a build, compared them to the artifacts here, and checked out the sigs. Andrew Bayer's key is on the public key servers, so I'm comfortable with the signature, I guess we should all sign eachother's keys if that matters enough to people.
I'm happy. +1, PPMC On Mon, Jun 3, 2013 at 2:15 PM, Andrew Phillips <[email protected]>wrote: > Tests performed (many thanks for the guidance, David and Andrew B!): > > * checked out the release tag (verified that the commit ID matches the > link being voted on) and successfully ran 'mvn clean package' with a clean > Maven repo > > * successfully ran 'mvn apache-rat:check' to verify licenses > > * built a source release ZIP using 'mvn clean package -Papache-release' > and compared with [1] to verify that size, CRC and number of files match > > * [1] contains one NOTICE and LICENSE file. LICENSE file looks OK but > NOTICE file begins "jclouds" and not "Apache jclouds" (see > http://apache.org/legal/src-**headers.html#notice<http://apache.org/legal/src-headers.html#notice> > ) > > @mentors: is that a blocker? > > * matched GPG key in KEYS file against http://pgp.mit.edu:11371/pks/** > lookup?op=get&search=**0xB12E3E253ADD02D6<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB12E3E253ADD02D6> > > * verified MD5 of ASC against published MD5 [2] > > * GPG sig of the release ZIP verified: > > C:\Program Files (x86)\GnuPG>gpg --verify ...\jclouds-1.6.1-incubating-** > source-release.zip.asc > gpg: Signature made 05/31/13 17:38:15 using RSA key ID 3ADD02D6 > gpg: Good signature from "Andrew Bayer (CODE SIGNING KEY) < > [email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: E2F3 1807 1F65 6A62 F88F 252C B12E 3E25 3ADD 02D6 > > @abayer: trust web? > > Vote: +1 PPMC. > > Thanks for all the preparation, Andrew B! > > ap > > [1] https://repository.apache.org/**content/repositories/** > orgapachejclouds-043/org/**apache/jclouds/jclouds/1.6.1-** > incubating/jclouds-1.6.1-**incubating-source-release.zip<https://repository.apache.org/content/repositories/orgapachejclouds-043/org/apache/jclouds/jclouds/1.6.1-incubating/jclouds-1.6.1-incubating-source-release.zip> > [2] https://repository.apache.org/**content/repositories/** > orgapachejclouds-043/org/**apache/jclouds/jclouds/1.6.1-** > incubating/jclouds-1.6.1-**incubating-source-release.zip.**asc.md5<https://repository.apache.org/content/repositories/orgapachejclouds-043/org/apache/jclouds/jclouds/1.6.1-incubating/jclouds-1.6.1-incubating-source-release.zip.asc.md5> >
