Thanks for preparing the release. Please send the “helper” email to accompany 
this (example from 1.0.0 here [1]) and include the SHA-256 hash of the release 
ZIP as well.

Similarly, when you perform the GPG signing activity, please use SHA-256 as the 
hash algorithm. Currently you are configured to use SHA-1. You can find 
instructions for changing that here [2].

(master) alopresto
🔓 17s @ 10:46:02 $ gpg --verify -vvv
gpg: using character set `utf-8'
Version: GnuPG v1
:signature packet: algo 1, keyid 941C14437D84EBD6
        version 4, created 1476642289, md5len 0, sigclass 0x00
        digest algo 2, begin of digest f1 9b
        hashed subpkt 2 len 4 (sig created 2016-10-16)
        subpkt 16 len 8 (issuer key ID 941C14437D84EBD6)
        data: [4096 bits]
gpg: armor header:
gpg: assuming signed data in ''
gpg: Signature made Sun Oct 16 11:24:49 2016 PDT using RSA key ID 7D84EBD6
gpg: using PGP trust model
gpg: key 00D026C4: accepted as trusted key
gpg: key 51BF2B79: accepted as trusted key
gpg: key 2F7DEF69: accepted as trusted key
gpg: Good signature from "Joseph Skora (CODE SIGNING KEY) <>" 
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6B4E F25B 89D2 D330 2D60  1BD3 941C 1443 7D84 EBD6
gpg: binary signature, digest algorithm SHA1



Andy LoPresto
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Oct 16, 2016, at 8:32 PM, Joe Skora <> wrote:
> Hello,
> I am pleased to be calling this vote for the source release of Apache NiFi
> nifi-0.7.1.
> The source zip, including signatures, digests, etc. can be found at:
> The Git tag is nifi-0.7.1-RC1
> The Git commit ID is 421d5e61553e5fa160af9e0cc9fdc237af46906d
> *
> *
> Checksums of
> MD5: a15fc40ec887d82440f2de05ef71f810
> SHA1: 1565f4e123478e91fd26022b939d9d2f6ea6a2cf
> Release artifacts are signed with the following key:
> KEYS file available here:
> 41 issues were closed/resolved for this release:
> Release note highlights can be found here:
> The vote will be open for 72 hours.
> Please download the release candidate and evaluate the necessary items
> including checking hashes, signatures, build from source, and test.  The
> please vote:
> [ ] +1 Release this package as nifi-0.7.1
> [ ] +0 no opinion
> [ ] -1 Do not release this package because because...

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to