Hi Jacques,you could simply use our verification script (verify-ofbiz-release.sh) in tools... it follows the process mentioned in the link ;-)
Regards, Michael Am 28.12.17 um 10:44 schrieb Jacques Le Roux:
MD5, tests and few UI interactions OK BTW what about http://markmail.org/message/ag2pafvuxe7qq4pd ?This time I tried to follow http://www.apache.org/info/verification.html (on Windows)$ gpg --fingerprint 847AF9E0 pub 4096R/847AF9E0 2010-04-05Key fingerprint = 3545 C5E3 1CC2 D029 B2CC AD06 7A58 0908 847A F9E0 uid Jacopo Cappellato (CODE SIGNING KEY) <jaco...@apache.org>sub 4096R/384F8B0B 2010-04-05 pub 4096R/847AF9E0 2014-06-16 [revoked: 2016-08-16]Key fingerprint = E173 9BDA 08EA 018D 8BC6 B44D 28BA 80E8 847A F9E0 uid Jacopo Cappellato (CODE SIGNING KEY) <jaco...@apache.org>Jacques@LDLC MINGW64 /c/projectsASF/ofbiz$ gpg --verify C:/Users/Jacques/Downloads/apache-ofbiz-16.11.04.zip.asc apache-ofbiz-16.11.04.zip gpg: Signature made dim. 24 déc. 2017 10:32:13 using RSA key ID 847AF9E0 gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) <jaco...@apache.org>"gpg: WARNING: This key is not certified with a trusted signature!gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3545 C5E3 1CC2 D029 B2CC AD06 7A58 0908 847A F9E0So that's also OK :)I finally checked SHA. It's a SHA512 (OK), but is 512 mentioned somewhere?+1 Jacques Le 24/12/2017 à 10:50, Jacopo Cappellato a écrit :This is the vote thread to release a new bug fix release for the release16.11 branch. This new release, "Apache OFBiz 16.11.04" will supersede all the previous releases from the same branch. The release files can be downloaded from here: https://dist.apache.org/repos/dist/dev/ofbiz/ and are: * apache-ofbiz-16.11.04.zip * KEYS: text file with keys * apache-ofbiz-16.11.04.zip.asc: the detached signature file * apache-ofbiz-16.11.04.zip.md5, apache-ofbiz-16.11.04.zip.sha: hashesPlease download and test the zip file and its signatures (for instructions on testing the signatures see http://www.apache.org/info/verification.html).Then vote: [ +1] release as Apache OFBiz 16.11.04 [ -1] do not release This vote will be open for at least 5 days. For more details about this process please read http://www.apache.org/foundation/voting.html Kind Regards, Jacopo
smime.p7s
Description: S/MIME Cryptographic Signature