The following guidance should help anyone interested in validating/verifying the release so they can provide their vote.
# Download latest KEYS file so i get all the public keys. https://dist.apache.org/repos/dist/release/nifi/KEYS # Import keys file: gpg --import KEYS # Clear out my local maven artifact repository # Pull down nifi-0.3.0 items for review: wget https://repository.apache.org/content/repositories/orgapachenifi-1060/org/apache/nifi/nifi/0.3.0/nifi-0.3.0-source-release.zip wget https://repository.apache.org/content/repositories/orgapachenifi-1060/org/apache/nifi/nifi/0.3.0/nifi-0.3.0-source-release.zip.asc wget https://repository.apache.org/content/repositories/orgapachenifi-1060/org/apache/nifi/nifi/0.3.0/nifi-0.3.0-source-release.zip.md5 wget https://repository.apache.org/content/repositories/orgapachenifi-1060/org/apache/nifi/nifi/0.3.0/nifi-0.3.0-source-release.zip.sha1 # Verify the signature gpg --verify nifi-0.3.0-source-release.zip.asc nifi-0.3.0-source-release.zip # Verify the hashes (md5 and sha1) match the source and what was provided in the vote email thread md5sum nifi-0.3.0-source-release.zip sha1sum nifi-0.3.0-source-release.zip # Unzip nifi-0.3.0-source-release.zip # Verify the build works. Did this by running the following which includes the RAT/license/header checks and checkstyle consistency checks mvn clean install -Pcontrib-check # Verify the contents contain a good readme LICENSE, NOTICE, DISCLAIMER # Verify the git commit ID is correct # Look at the resulting convenience binary as found in nifi-assembly/target/nifi-0.3.0-bin/nifi-0.3.0/ # Make sure the README, LICENSE, NOTICE, DISCLAIMER are present and correct # Run the resulting convenience binary. Make sure it works as expected. Dataflows can be setup, etc.. # Send a response to the vote thread indicating a +1, 0, -1 based on your findings. Also indicate whether the vote is binding or not.
