Joe, Thanks for preparing the release. Please send the “helper” email to accompany this (example from 1.0.0 here ) and include the SHA-256 hash of the release ZIP as well.
Similarly, when you perform the GPG signing activity, please use SHA-256 as the hash algorithm. Currently you are configured to use SHA-1. You can find instructions for changing that here . hw12203:/Users/alopresto/Workspace/scratch/release_verification/nifi-0.7.1 (master) alopresto 🔓 17s @ 10:46:02 $ gpg --verify -vvv nifi-0.7.1-source-release.zip.asc gpg: using character set `utf-8' gpg: armor: BEGIN PGP SIGNATURE Version: GnuPG v1 :signature packet: algo 1, keyid 941C14437D84EBD6 version 4, created 1476642289, md5len 0, sigclass 0x00 digest algo 2, begin of digest f1 9b hashed subpkt 2 len 4 (sig created 2016-10-16) subpkt 16 len 8 (issuer key ID 941C14437D84EBD6) data: [4096 bits] gpg: armor header: gpg: assuming signed data in 'nifi-0.7.1-source-release.zip' gpg: Signature made Sun Oct 16 11:24:49 2016 PDT using RSA key ID 7D84EBD6 gpg: using PGP trust model gpg: key 00D026C4: accepted as trusted key gpg: key 51BF2B79: accepted as trusted key gpg: key 2F7DEF69: accepted as trusted key gpg: Good signature from "Joseph Skora (CODE SIGNING KEY) <jsk...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6B4E F25B 89D2 D330 2D60 1BD3 941C 1443 7D84 EBD6 gpg: binary signature, digest algorithm SHA1 Thanks.  https://lists.apache.org/thread.html/bc20784d6f8df22277c196e15f33e85cee4a0f409761a42acee54999@%3Cdev.nifi.apache.org%3E <https://lists.apache.org/thread.html/bc20784d6f8df22277c196e15f33e85cee4a0f409761a42acee54999@%3Cdev.nifi.apache.org%3E>  https://www.apache.org/dev/openpgp.html#key-gen-avoid-sha1 <https://www.apache.org/dev/openpgp.html#key-gen-avoid-sha1> Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Oct 16, 2016, at 8:32 PM, Joe Skora <jsk...@apache.org> wrote: > > Hello, > > I am pleased to be calling this vote for the source release of Apache NiFi > nifi-0.7.1. > > The source zip, including signatures, digests, etc. can be found at: > https://repository.apache.org/content/repositories/orgapachenifi-1091 > > The Git tag is nifi-0.7.1-RC1 > The Git commit ID is 421d5e61553e5fa160af9e0cc9fdc237af46906d > * > https://git-wip-us.apache.org/repos/asf?p=nifi.git;a=commit;h=421d5e61553e5fa160af9e0cc9fdc237af46906d > * > https://github.com/apache/nifi/commit/421d5e61553e5fa160af9e0cc9fdc237af46906d > > Checksums of nifi-0.7.1-source-release.zip: > MD5: a15fc40ec887d82440f2de05ef71f810 > SHA1: 1565f4e123478e91fd26022b939d9d2f6ea6a2cf > > Release artifacts are signed with the following key: > https://people.apache.org/keys/committer/jskora.asc > > KEYS file available here: > https://dist.apache.org/repos/dist/release/nifi/KEYS > > 41 issues were closed/resolved for this release: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12338025 > > Release note highlights can be found here: > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.7.1 > > The vote will be open for 72 hours. > Please download the release candidate and evaluate the necessary items > including checking hashes, signatures, build from source, and test. The > please vote: > > [ ] +1 Release this package as nifi-0.7.1 > [ ] +0 no opinion > [ ] -1 Do not release this package because because...
Description: Message signed with OpenPGP using GPGMail