Re: [VOTE] [RELEASE] Apache OFBiz 16.11.04

Thu, 28 Dec 2017 02:15:03 -0800 

Hi Jacques,
you could simply use our verification script (verify-ofbiz-release.sh) in tools... it follows the process mentioned in the link ;-) 

Regards,

Michael

Am 28.12.17 um 10:44 schrieb Jacques Le Roux:

MD5, tests and few UI interactions OK

BTW what about http://markmail.org/message/ag2pafvuxe7qq4pd ?


This time I tried to follow 
http://www.apache.org/info/verification.html (on Windows)


$  gpg --fingerprint 847AF9E0
pub   4096R/847AF9E0 2010-04-05

      Key fingerprint = 3545 C5E3 1CC2 D029 B2CC  AD06 7A58 0908 847A 
F9E0
uid                  Jacopo Cappellato (CODE SIGNING KEY) 
<jaco...@apache.org>

sub   4096R/384F8B0B 2010-04-05

pub   4096R/847AF9E0 2014-06-16 [revoked: 2016-08-16]

      Key fingerprint = E173 9BDA 08EA 018D 8BC6  B44D 28BA 80E8 847A 
F9E0
uid                  Jacopo Cappellato (CODE SIGNING KEY) 
<jaco...@apache.org>


Jacques@LDLC MINGW64 /c/projectsASF/ofbiz

$ gpg --verify 
C:/Users/Jacques/Downloads/apache-ofbiz-16.11.04.zip.asc 
apache-ofbiz-16.11.04.zip
gpg: Signature made dim. 24 déc. 2017 10:32:13     using RSA key ID 
847AF9E0
gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) 
<jaco...@apache.org>"

gpg: WARNING: This key is not certified with a trusted signature!

gpg:          There is no indication that the signature belongs to the 
owner.
Primary key fingerprint: 3545 C5E3 1CC2 D029 B2CC  AD06 7A58 0908 847A 
F9E0


So that's also OK :)


I finally checked SHA. It's a SHA512 (OK), but is 512 mentioned 
somewhere?


+1

Jacques


Le 24/12/2017 à 10:50, Jacopo Cappellato a écrit :

  This is the vote thread to release a new bug fix release for the
release16.11 branch. This new release, "Apache OFBiz 16.11.04" will
supersede all the previous releases from the same branch.

The release files can be downloaded from here:

https://dist.apache.org/repos/dist/dev/ofbiz/

and are:

* apache-ofbiz-16.11.04.zip
* KEYS: text file with keys
* apache-ofbiz-16.11.04.zip.asc: the detached signature file
* apache-ofbiz-16.11.04.zip.md5, apache-ofbiz-16.11.04.zip.sha: hashes


Please download and test the zip file and its signatures (for 
instructions
on testing the signatures see 
http://www.apache.org/info/verification.html).


Then vote:

[ +1] release as Apache OFBiz 16.11.04
[ -1] do not release

This vote will be open for at least 5 days.

For more details about this process please read
http://www.apache.org/foundation/voting.html

Kind Regards,

Jacopo









Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature






















					Reply via email to