Joe, James, Mike, I think I got confused. Do we need to get Mike's gpg public key which he used to sign in that KEYS file, or is the key Mike put in the helper sufficient? If it isn't sufficient, we need someone with access to svn to add Mike, correct?
Tony On Mon, May 15, 2017 at 4:34 PM, Michael Moser <[email protected]> wrote: > Yeah, I didn't have write permission to SVN > https://dist.apache.org/repos/dist/ which I assumed was because I'm a > committer and not on the PMC. I've enlisted a PMC member's help to > put the release up there if this vote passes. > > > On Mon, May 15, 2017 at 3:13 PM, Joe Witt <[email protected]> wrote: > > just need to update that dist key file is all. I think mike did > > update the git entry. > > > > On Mon, May 15, 2017 at 3:12 PM, James Wing <[email protected]> wrote: > >> Michael, > >> > >> What's the plan for the PGP key distribution, or how do we get your key > >> into the KEYS file? > >> > >> Thanks, > >> > >> James > >> > >> On Sun, May 14, 2017 at 5:36 PM, Michael Moser <[email protected]> > wrote: > >> > >>> Hello Apache NiFi community, > >>> > >>> Please find the associated guidance to help those interested in > >>> validating/verifying the 0.7.3 release so they can vote. > >>> > >>> # Download latest KEYS file: > >>> https://dist.apache.org/repos/dist/dev/nifi/KEYS > >>> > >>> # Download the key used to sign this release: > >>> https://people.apache.org/keys/committer/mosermw.asc > >>> > >>> # Import keys file: > >>> gpg --import KEYS > >>> > >>> # Import key used to sign this release: > >>> gpg --import mosermw.asc > >>> > >>> # [optional] Clear out local maven artifact repository > >>> > >>> # Pull down nifi-0.7.3 source release artifacts for review: > >>> wget https://repository.apache.org/content/repositories/ > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > >>> source-release.zip > >>> wget https://repository.apache.org/content/repositories/ > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > >>> source-release.zip.asc > >>> wget https://repository.apache.org/content/repositories/ > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > >>> source-release.zip.md5 > >>> wget https://repository.apache.org/content/repositories/ > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > >>> source-release.zip.sha1 > >>> > >>> # Verify the signature > >>> gpg --verify nifi-0.7.3-source-release.zip.asc > >>> > >>> # Verify the hashes (md5, sha1, sha256) match the source and what was > >>> provided in the vote email thread > >>> # NOTE: the repository does not have the > >>> nifi-0.7.3-source-release.zip.sha256 file, please find that hash in > >>> the vote email thread > >>> md5sum nifi-0.7.3-source-release.zip > >>> sha1sum nifi-0.7.3-source-release.zip > >>> sha256sum nifi-0.7.3-source-release.zip > >>> > >>> # Unzip nifi-0.7.3-source-release.zip > >>> > >>> # Verify the build works including release audit tool (RAT) checks > >>> cd nifi-0.7.3 > >>> mvn clean install -Pcontrib-check > >>> > >>> # Verify the contents contain a good README, NOTICE, and LICENSE. > >>> > >>> # Verify the git commit ID is correct > >>> > >>> # Verify the RC was branched off the correct git commit ID > >>> > >>> # Look at the resulting convenience binary as found in > nifi-assembly/target > >>> > >>> # Make sure the README, NOTICE, and LICENSE are present and correct > >>> > >>> # Run the resulting convenience binary and make sure it works as > expected > >>> > >>> # Send a response to the vote thread indicating a +1, 0, -1 based on > >>> your findings. > >>> > >>> Thank you for your time and effort to validate the release! > >>> >
