Thanks for catching that. I'm sorry, those both crossed my mind early on,
but once I got into the instructions I tracked to those.
I will fix those add the hash and send the email ASAP.
And I'll look at updating the release instructions this week while it's
fresh in my mind.
On Mon, Oct 17, 2016 at 1:53 PM, Andy LoPresto <alopre...@apache.org> wrote:
> Thanks for preparing the release. Please send the “helper” email to
> accompany this (example from 1.0.0 here ) and include the SHA-256 hash
> of the release ZIP as well.
> Similarly, when you perform the GPG signing activity, please use SHA-256
> as the hash algorithm. Currently you are configured to use SHA-1. You can
> find instructions for changing that here .
> (master) alopresto
> 🔓 17s @ 10:46:02 $ gpg --verify -vvv nifi-0.7.1-source-release.zip.asc
> gpg: using character set `utf-8'
> gpg: armor: BEGIN PGP SIGNATURE
> Version: GnuPG v1
> :signature packet: algo 1, keyid 941C14437D84EBD6
> version 4, created 1476642289, md5len 0, sigclass 0x00
> digest algo 2, begin of digest f1 9b
> hashed subpkt 2 len 4 (sig created 2016-10-16)
> subpkt 16 len 8 (issuer key ID 941C14437D84EBD6)
> data: [4096 bits]
> gpg: armor header:
> gpg: assuming signed data in 'nifi-0.7.1-source-release.zip'
> gpg: Signature made Sun Oct 16 11:24:49 2016 PDT using RSA key ID 7D84EBD6
> gpg: using PGP trust model
> gpg: key 00D026C4: accepted as trusted key
> gpg: key 51BF2B79: accepted as trusted key
> gpg: key 2F7DEF69: accepted as trusted key
> gpg: Good signature from "Joseph Skora (CODE SIGNING KEY) <
> jsk...@apache.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
> Primary key fingerprint: 6B4E F25B 89D2 D330 2D60 1BD3 941C 1443 7D84 EBD6
> gpg: binary signature, digest algorithm SHA1
>  https://lists.apache.org/thread.html/bc20784d6f8df22277c196e15f33e8
>  https://www.apache.org/dev/openpgp.html#key-gen-avoid-sha1
> Andy LoPresto
> *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>*
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
> On Oct 16, 2016, at 8:32 PM, Joe Skora <jsk...@apache.org> wrote:
> I am pleased to be calling this vote for the source release of Apache NiFi
> The source zip, including signatures, digests, etc. can be found at:
> The Git tag is nifi-0.7.1-RC1
> The Git commit ID is 421d5e61553e5fa160af9e0cc9fdc237af46906d
> Checksums of nifi-0.7.1-source-release.zip:
> MD5: a15fc40ec887d82440f2de05ef71f810
> SHA1: 1565f4e123478e91fd26022b939d9d2f6ea6a2cf
> Release artifacts are signed with the following key:
> KEYS file available here:
> 41 issues were closed/resolved for this release:
> Release note highlights can be found here:
> The vote will be open for 72 hours.
> Please download the release candidate and evaluate the necessary items
> including checking hashes, signatures, build from source, and test. The
> please vote:
> [ ] +1 Release this package as nifi-0.7.1
> [ ] +0 no opinion
> [ ] -1 Do not release this package because because...