I am getting issues verifying the signature for the pekko-grpc-gradle plugin, i.e.
<~/pekko-release-check-jars>-> gpg --verify pekko-grpc-gradle-plugin-1.0.0-RC2.jar.asc pekko-grpc-gradle-plugin-1.0.0-RC2.jar gpg: Signature made Sa 12 Aug 12:26:08 2023 CEST gpg: using RSA key 6E77DFA74070290A gpg: bad data signature from key 6E77DFA74070290A: Wrong key usage (0x00, 0x2) gpg: Can't check signature: Wrong key usage The other jars which were signed by sbt work as expected <~/pekko-release-check-jars>-2-> gpg --verify pekko-grpc-runtime_2.13-1.0.0-RC2.jar.asc pekko-grpc-runtime_2.13-1.0.0-RC2.jar gpg: Signature made Sa 12 Aug 12:21:01 2023 CEST gpg: using RSA key 6BA4DA8B1C88A49428A29C3D0C69C1EF41181E13 gpg: Good signature from "PJ Fanning <fannin...@yahoo.com>" [unknown] gpg: aka "PJ Fanning (http://www.apache.org/) < fannin...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6BA4 DA8B 1C88 A494 28A2 9C3D 0C69 C1EF 4118 1E13 Can someone else check its not a problem on my end? You can just download the jar/asc directly from https://repository.apache.org/content/groups/staging/org/apache/pekko/pekko-grpc-gradle-plugin/1.0.0-RC2/ , add PJ Fanning's key[1] to gpg and then run gpg --verify as I did [1] https://github.com/apache/incubator-pekko/blob/main/KEYS#L31-L69 On Mon, Aug 14, 2023 at 11:28 AM Samuele Resca <samuele.re...@gmail.com> wrote: > Hi, > > I checked the followings: > - Download links are valid. > - Checksums and signatures. > - LICENSE/NOTICE files exist > - No unexpected binary files > - Source files have ASF headers > - Can compile from source > > tests from source looks fine to me. > > One thing that I noticed is that .scala-steward.conf has still the old > references to Akka modules. > I don't think this is blocking, but it brought to my mind the borader topic > on how (and if) we want to manage dependencies updates. I going to open a > separate thread. > > +1 (Non-PPMC) > > Thanks in advance. > Samuele > > > Il giorno sab 12 ago 2023 alle ore 11:33 PJ Fanning <fannin...@apache.org> > ha scritto: > > > Hello Pekko Community, > > > > This is a call for a vote to release Apache Pekko(incubating) > > gRPC version 1.0.0-RC2. > > > > The discussion thread: > > > > https://lists.apache.org/thread/r76o8bchv4d9xlkbj6drcpvohcdkvxf3 > > > > The release candidate: > > > > https://dist.apache.org/repos/dist/dev/incubator/pekko/GRPC-1.0.0-RC2/ > > > > This release has been signed with a PGP key available here: > > > > https://dist.apache.org/repos/dist/dev/incubator/pekko/KEYS > > > > Release Notes: > > > > > https://pekko.apache.org/docs/pekko-grpc/current/release-notes/index.html > > > > Git branch for the release: > > > > https://github.com/apache/incubator-pekko-grpc/tree/v1.0.0-RC2 > > Git commit ID: 3ca2531749bbb28001c5c57d9bdcd913f7570369 > > > > Please download, verify, and test. > > > > We have also staged jars in the Apache Nexus Repository. These were > > built with the same code > > as appears in this Source Release Candidate. We would appreciate if > > users could test with these too. > > If anyone finds any serious problems with these jars, please also > > notify us on this thread. > > > > https://repository.apache.org/content/groups/staging/org/apache/pekko/ > > > > In sbt, you can add this resolver. > > > > resolvers += "Apache Pekko Staging" at > > "https://repository.apache.org/content/groups/staging"; > > > > > > The VOTE will pass if we have more positive votes than negative votes > > and there must be a minimum of 3 approvals from Pekko PPMC members. > > Anyone voting in favour of the release, could you please provide a > > list of the checks you have done? > > The vote will be left open until 11:00 UTC on 15 August 2023. > > > > [ ] +1 approve > > [ ] +0 no opinion > > [ ] -1 disapprove with the reason > > > > To learn more about Apache Pekko, please see https://pekko.apache.org/ > > > > Checklist for reference: > > > > [ ] Download links are valid. > > [ ] Checksums and signatures. > > [ ] LICENSE/NOTICE files exist > > [ ] No unexpected binary files > > [ ] Source files have ASF headers > > [ ] Can compile from source > > > > To compile from the source, please refer to: > > > > > > > https://github.com/apache/incubator-pekko-grpc/blob/main/README.md#building-from-source > > > > Some notes about verifying downloads can be found at: > > > > https://pekko.apache.org/download.html#verifying-downloads > > > > > > Here is my +1. > > > > Thanks, > > > > PJ Fanning (Apache Pekko PPMC member) > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > > For additional commands, e-mail: dev-h...@pekko.apache.org > > > > > -- Matthew de Detrich *Aiven Deutschland GmbH* Immanuelkirchstraße 26, 10405 Berlin Amtsgericht Charlottenburg, HRB 209739 B Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen *m:* +491603708037 *w:* aiven.io *e:* matthew.dedetr...@aiven.io
