Re: [VOTE] [log4net] Release 2.0.11

Sat, 19 Sep 2020 23:26:57 -0700

Thanks Matt, I've updated the artifacts on GitHub to have detached signatures. I had previously also uploaded my key to sks-keyservers.net, but I've also uploaded to MIT, though search there always times out.
The document you've linked mentions face-to-face interactions to get my key into the official KEYS file. Not sure how many apache people are at my end of the world (Durban, South Africa), but I can do an online meeting if that helps. Last release, Ralph said I should sign, so I did. I'm new to signing release artifacts - I've generally relied on authentication during upload as verification of authenticity, with 2FA wherever possible (GitHub and NPM; nuget survives with an apikey - but for the last 2 releases, I've regenerated the key on each use and only supplied it on the cli at upload, so as not to store it locally) 

-d


On September 19, 2020 22:23:41 Matt Sicker <boa...@gmail.com> wrote:


Oh and there's a bit of an issue with the signed files: it looks like
you included _signed files_ rather than detached signatures. Thus, the
.asc files are only verifying themselves rather than the accompanying
file.

There's a --detached option in gpg for this (yeah, it's always had a bad UI).

On Sat, 19 Sep 2020 at 15:19, Matt Sicker <boa...@gmail.com> wrote:


The KEYS file [1] that's linked on the download page does not have
your key in it. Neither does other KEYS file [2]. Check out [3] for
more info.

[1]: https://downloads.apache.org/logging/log4net/KEYS
[2]: https://downloads.apache.org/logging/KEYS
[3]: https://infra.apache.org/release-signing.html#keys-policy



On Sat, 19 Sep 2020 at 12:48, Davyd McColl <dav...@gmail.com> wrote:
>
> Thanks Matt, I've done so. Hopefully that makes it easier to verify
> artifacts that I have signed.
>
> -d
>
>
> On September 18, 2020 23:11:48 Matt Sicker <boa...@gmail.com> wrote:
>
> > If you upload your key to your GitHub profile, that also makes it
> > simple to find. For example, just add ".gpg" to your profile URL:
> > https://github.com/fluffynuts.gpg
> >
> > On Fri, 18 Sep 2020 at 16:08, Remko Popma <remko.po...@gmail.com> wrote:
> >>
> >> +1 remko
> >>
> >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker <boa...@gmail.com> wrote:
> >>
> >> > How about your gpg key? I don't think we've imported that to the KEYS
> >> > file as far as I can tell?
> >> >
> >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker <boa...@gmail.com> wrote:
> >> > >
> >> > > Oh sorry, I didn't notice that you uploaded them there (wasn't even
> >> > > aware that it was possible to be honest).
> >> > >
> >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl <dav...@gmail.com> wrote:
> >> > > >
> >> > > > Hi Matt
> >> > > >
> >> > > > Release artifacts are available on the GitHub release page
> >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - expand the
> >> > assets
> >> > > > list if it's collapsed.
> >> > > >

> >> > > > I'll need someone to upload them to the downloads source as I 
think I

> >> > don't

> >> > > > have access to do so (if I'm wrong, I'd love to be corrected, 
because

> >> > I'd
> >> > > > be less of an annoyance then!). Ralph has stepped in to help here in
> >> > the past.
> >> > > >
> >> > > > -d
> >> > > >
> >> > > >
> >> > > > On September 18, 2020 20:09:07 Matt Sicker <boa...@gmail.com> wrote:
> >> > > >

> >> > > > > Do you have links to the release artifacts? The download page 
links

> >> > to

> >> > > > > the live site which doesn't have the artifacts yet since 
they're not

> >> > > > > released yet. :)
> >> > > > >

> >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl 
<davyd.mcc...@codeo.co.za>

> >> > wrote:
> >> > > > >>
> >> > > > >> Hi all
> >> > > > >>
> >> > > > >> I have another potential release available: 2.0.11, tagged as
> >> > rc/2.0.11
> >> > > > >>
> >> > > > >> Changes are really minor:

> >> > > > >> - fixed assembly versioning (all assemblies should report 
2.0.11.0

> >> > as their
> >> > > > >> version now)
> >> > > > >> - properly dispose of StreamWriters within logging appenders
> >> > (thanks to
> >> > > > >> @NicholasNoise)
> >> > > > >>
> >> > > > >> Binaries are up at

> >> > > > >> 
https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11

> >> > and I've
> >> > > > >> pushed to asf-staging for logging, now up at
> >> > > > >> https://logging.staged.apache.org/log4net/download_log4net.html
> >> > > > >>
> >> > > > >> Thanks
> >> > > > >> -d
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > > --
> >> > > > > Matt Sicker <boa...@gmail.com>
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > Matt Sicker <boa...@gmail.com>
> >> >
> >> >
> >> >
> >> > --
> >> > Matt Sicker <boa...@gmail.com>
> >> >
> >
> >
> >
> > --
> > Matt Sicker <boa...@gmail.com>



--
Matt Sicker <boa...@gmail.com>




--
Matt Sicker <boa...@gmail.com>
























					Reply via email to