Added this (long-standing) key to the KEYS file both in the GitHub repo (thanks PJ for the quick review) and in subversion (keeping it in sync with GitHub)
On Mon, Sep 9, 2024 at 11:52 PM PJ Fanning <fannin...@apache.org> wrote: > > Either approach works. If you like, just add the extra key to the KEYS file. > > On Mon, 9 Sept 2024 at 22:48, Arnout Engelen <enge...@apache.org> wrote: > > > > Ah, sorry. I can replace the signature with one from > > FF992B876CA27A76139C4619F8B1B4404F9F0EE2 but I can also add > > 2A5E8D8495DD653F753C4C7E061107B0F74A6DAA to the KEYS - is there any > > particular preference? > > > > On Mon, Sep 9, 2024 at 11:36 PM PJ Fanning <fannin...@apache.org> wrote: > > > > > > Apologies - I missed that when I tested earlier. I concur with Samuele > > > that the key used to produce the asc file is not in the KEYS file. > > > > > > gpg --verify apache-pekko-1.1.1-src-20240909.tgz.asc > > > apache-pekko-1.1.1-src-20240909.tgz > > > gpg: Signature made Mon 9 Sep 09:00:14 2024 IST > > > gpg: using RSA key 2A5E8D8495DD653F753C4C7E061107B0F74A6DAA > > > gpg: Can't check signature: No public key > > > > > > Arnout - can you use the FF992B876CA27A76139C4619F8B1B4404F9F0EE2 key > > > to sign instead? > > > > > > On Mon, 9 Sept 2024 at 22:27, Samuele Resca <samuele.re...@gmail.com> > > > wrote: > > > > > > > > Hi, > > > > > > > > Performed the following checks: > > > > - Download links are valid. > > > > - Checksums and signatures. > > > > - LICENSE/NOTICE files exist > > > > - No unexpected binary files > > > > - All source files have ASF headers > > > > - Can compile from source > > > > - Can verify the binary build > > > > > > > > The tgz archive has been signed with a different public key not > > > > available in https://downloads.apache.org/pekko/KEYS. > > > > > > > > Could you please double check? > > > > > > > > Thanks in advance. > > > > Samuele > > > > > > > > > On 9 Sep 2024, at 12:47, PJ Fanning <fannin...@apache.org> wrote: > > > > > > > > > > +1 (binding) fanningpj > > > > > > > > > > [x] Download links are valid. > > > > > [x] Checksums and signatures. > > > > > [x] LICENSE/NOTICE files exist > > > > > [x] No unexpected binary files > > > > > [x] All source files have ASF headers > > > > > [x] Can compile from source > > > > > [x] Can verify the binary build > > > > > > > > > > On Mon, 9 Sept 2024 at 09:35, Arnout Engelen <enge...@apache.org> > > > > > wrote: > > > > >> > > > > >> Hello Pekko Community, > > > > >> > > > > >> This is a call for a vote to release Apache Pekko version 1.1.1-RC1. > > > > >> > > > > >> The discussion thread: > > > > >> > > > > >> https://lists.apache.org/thread/8rp1xg2fddk742zkz7pb58p40zgy0vrr > > > > >> > > > > >> The release candidate: > > > > >> > > > > >> https://dist.apache.org/repos/dist/dev/pekko/1.1.1-RC1/ > > > > >> > > > > >> This release has been signed with a PGP key available here: > > > > >> > > > > >> https://downloads.apache.org/pekko/KEYS > > > > >> > > > > >> Release Notes: > > > > >> > > > > >> https://github.com/apache/pekko/pull/1469 > > > > >> > > > > >> Git branch for the release: > > > > >> > > > > >> https://github.com/apache/pekko/tree/v1.1.1-RC1 > > > > >> Git commit ID: 498c4713ab1eade7b0c792f375badd7095074a13 > > > > >> > > > > >> Please download, verify, and test. > > > > >> > > > > >> We have also staged jars in the Apache Nexus Repository. These were > > > > >> built with the same code > > > > >> as appears in this Source Release Candidate. We would appreciate if > > > > >> users could test with these too. > > > > >> If anyone finds any serious problems with these jars, please also > > > > >> notify us on this thread. > > > > >> > > > > >> https://repository.apache.org/content/groups/staging/org/apache/pekko/ > > > > >> > > > > >> For sbt 1.9.4 or greater you can add this resolver > > > > >> > > > > >> resolvers += Resolver.ApacheMavenStagingRepo > > > > >> > > > > >> Otherwise for older versions of sbt > > > > >> > > > > >> resolvers += "Apache Pekko Staging" at > > > > >> "https://repository.apache.org/content/groups/staging"; > > > > >> > > > > >> > > > > >> The VOTE will pass if we have more positive votes than negative votes > > > > >> and there must be a minimum of 3 approvals from Pekko PMC members. > > > > >> Anyone voting in favour of the release, could you please provide a > > > > >> list of the checks you have done? > > > > >> The vote will be left open until <insert date/time here>. > > > > >> > > > > >> [ ] +1 approve > > > > >> [ ] +0 no opinion > > > > >> [ ] -1 disapprove with the reason > > > > >> > > > > >> To learn more about Apache Pekko, please see > > > > >> https://pekko.apache.org/ > > > > >> > > > > >> Checklist for reference: > > > > >> > > > > >> [ ] Download links are valid. > > > > >> [ ] Checksums and signatures. > > > > >> [ ] LICENSE/NOTICE files exist > > > > >> [ ] No unexpected binary files > > > > >> [ ] All source files have ASF headers > > > > >> [ ] Can compile from source > > > > >> [ ] Can verify the binary build > > > > >> > > > > >> To compile from the source, please refer to: > > > > >> > > > > >> https://github.com/apache/pekko/blob/main/README.md#building-from-source > > > > >> > > > > >> To verify the binary build, please refer to: > > > > >> > > > > >> https://github.com/apache/pekko-site/wiki/Pekko-Release-Process#verifying-the-binary-build > > > > >> > > > > >> Some notes about verifying downloads can be found at: > > > > >> > > > > >> https://pekko.apache.org/download.html#verifying-downloads > > > > >> > > > > >> > > > > >> Here is my +1. > > > > >> > > > > >> Thanks, > > > > >> > > > > >> Arnout Engelen (Apache Pekko PMC member) > > > > >> > > > > >> --------------------------------------------------------------------- > > > > >> To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > > > > >> For additional commands, e-mail: dev-h...@pekko.apache.org > > > > >> > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > > > > > For additional commands, e-mail: dev-h...@pekko.apache.org > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > > > For additional commands, e-mail: dev-h...@pekko.apache.org > > > > > > > > > -- > > Arnout Engelen > > ASF Security Response > > Apache Pekko PMC member, ASF Member > > NixOS Committer > > Independent Open Source consultant > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > > For additional commands, e-mail: dev-h...@pekko.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > For additional commands, e-mail: dev-h...@pekko.apache.org > -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org For additional commands, e-mail: dev-h...@pekko.apache.org
