+1 (binding) Built and ran some simple test flows on Ubuntu Linux (14.04, x86_64) and Windows 10 (64 bit)
On Mon, Jul 11, 2016 at 4:13 PM, Joe Percivall < [email protected]> wrote: > Dist is updated, the current signature is SHA512. I verified both are > stored on dist as they should be: > > > Joseph-Percivall:verify jpercivall$ gpg -v --verify > nifi-0.7.0-source-release.zip.asc > gpg: armor header: Version: GnuPG v1 > gpg: assuming signed data in `nifi-0.7.0-source-release.zip' > gpg: Signature made Mon Jul 11 14:45:25 2016 EDT using RSA key ID 22886FEE > gpg: using PGP trust model > gpg: Good signature from "Joseph Percivall (CODE SIGNING KEY) < > [email protected]>" > gpg: binary signature, digest algorithm SHA512 > > > Joseph-Percivall:verify jpercivall$ gpg -v --verify > nifi-0.7.0-source-release.zip-SHA1.asc nifi-0.7.0-source-release.zip > gpg: armor header: Version: GnuPG v1 > gpg: Signature made Sat Jul 9 13:34:06 2016 EDT using RSA key ID 22886FEE > gpg: using PGP trust model > gpg: Good signature from "Joseph Percivall (CODE SIGNING KEY) < > [email protected]>" > gpg: binary signature, digest algorithm SHA1 > > > Sorry for the mix-up, > Joe > - - - - - - > Joseph Percivall > linkedin.com/in/Percivall > e: [email protected] > > > > > On Monday, July 11, 2016 4:00 PM, Joe Percivall > <[email protected]> wrote: > Sounds good, in dist I am going to move the SHA1 signature to > "nifi-0.7.0-source-release.zip-SHA1.asc" and replace > "nifi-0.7.0-source-release.zip.asc" with a SHA512 signature. I am keeping > the SHA1 for traceability but when adding the download to the website we > will use the SHA512. > > > Joe > - - - - - - > Joseph Percivall > linkedin.com/in/Percivall > e: [email protected] > > > > > > On Monday, July 11, 2016 2:41 PM, Joe Witt <[email protected]> wrote: > Totally doable for the artifacts you put up in dist Joe. Basically > just replacing the asc file. I'd recommend not worrying about it for > the staged maven artifacts. > > > On Mon, Jul 11, 2016 at 2:34 PM, Tony Kurc <[email protected]> wrote: > > Would it be appropriate to regenerate the signatures? I think Joe Witt > may > > have done something similar recently without cancelling the RC. > > > > > > On Mon, Jul 11, 2016 at 2:05 PM, Joe Percivall < > > [email protected]> wrote: > > > >> @Tony - I apologize, I did not. I must have accidentally overlooked that > >> section of the Release Signing page. I just added the proper > configuration > >> to my gpg.conf file. > >> > >> Thank you for pointing it out, > >> Joe > >> - - - - - - > >> Joseph Percivall > >> linkedin.com/in/Percivall > >> e: [email protected] > >> > >> > >> > >> > >> On Monday, July 11, 2016 1:37 PM, Tony Kurc <[email protected]> wrote: > >> @JoePercivall - did you go through the steps to avoid SHA1 for signing > [1]? > >> > >> When verifying (with verbose) the nifi-0.7.0-source-release.zip.asc, I > got > >> this in the output: > >> > >> gpg: binary signature, digest algorithm SHA1 > >> > >> 1. http://www.apache.org/dev/openpgp.html#sha1 > >> > >> > >> On Mon, Jul 11, 2016 at 12:50 PM, James Wing <[email protected]> wrote: > >> > >> > +1 (non-binding) > >> > > >> > I ran through the release helper and lightly tested the generated > binary. > >> > > >> > > >> > On Sat, Jul 9, 2016 at 11:47 AM, Joe Percivall < > >> > [email protected]> wrote: > >> > > >> > > Hello Apache NiFi Community, > >> > > > >> > > I am pleased to be calling this vote for the source release of > Apache > >> > NiFi, > >> > > nifi-0.7.0. > >> > > > >> > > The source zip, including signatures, digests, etc. can be found at: > >> > > > https://repository.apache.org/content/repositories/orgapachenifi-1088/ > >> > > The Git tag is nifi-0.7.0-RC2 > >> > > The Git commit hash is f5629062c5e2a6c55fb62255aee74c4f25d93e7b > >> > > * > >> > > > >> > > >> > https://git-wip-us.apache.org/repos/asf?p=nifi.git;a=commit;h=f5629062c5e2a6c55fb62255aee74c4f25d93e7b > >> > > * > >> > > > >> > > >> > https://github.com/apache/nifi/commit/f5629062c5e2a6c55fb62255aee74c4f25d93e7b > >> > > > >> > > Checksums of nifi-0.7.0-source-release.zip: > >> > > MD5: 3a6af39c481fb0ad3eab5a4ea1a954fd > >> > > SHA1: 33e16b0a73242ddda91f89591c82aa5d6e9c8d21 > >> > > SHA256: > >> 56ab3132c1fef31dcf50b716b8e08272075f92e476849360280822e0cdc3e993 > >> > > > >> > > Release artifacts are signed with the following key: > >> > > https://people.apache.org/keys/committer/jpercivall > >> > > KEYS file available here: > >> > > https://dist.apache.org/repos/dist/release/nifi/KEYS > >> > > > >> > > 138 issues were closed/resolved for this release: > >> > > > >> > > > >> > > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12335078 > >> > > Release note highlights can be found here: > >> > > > >> > > > >> > > >> > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.7.0 > >> > > > >> > > The vote will be open for 72 hours. > >> > > Please download the release candidate and evaluate the necessary > items > >> > > including checking hashes, signatures, build from source, and test. > >> Then > >> > > please vote: > >> > > > >> > > [ ] +1 Release this package as nifi-0.7.0 > >> > > [ ] +0 no opinion > >> > > [ ] -1 Do not release this package because... > >> > > > >> > > Thanks! > >> > > > >> > > >> >
