Hi, I performed another check. Everything looks good.
This is my +1. Thanks, Samuele > On 9 Sep 2024, at 23:17, PJ Fanning <fannin...@apache.org> wrote: > > The KEYS file in https://downloads.apache.org/pekko/KEYS now works for > me (when verifying the asc file). > Reaffirming my +1. > > On Mon, 9 Sept 2024 at 23:10, Arnout Engelen <enge...@apache.org> wrote: >> >> Added this (long-standing) key to the KEYS file both in the GitHub >> repo (thanks PJ for the quick review) and in subversion (keeping it in >> sync with GitHub) >> >> On Mon, Sep 9, 2024 at 11:52 PM PJ Fanning <fannin...@apache.org> wrote: >>> >>> Either approach works. If you like, just add the extra key to the KEYS file. >>> >>> On Mon, 9 Sept 2024 at 22:48, Arnout Engelen <enge...@apache.org> wrote: >>>> >>>> Ah, sorry. I can replace the signature with one from >>>> FF992B876CA27A76139C4619F8B1B4404F9F0EE2 but I can also add >>>> 2A5E8D8495DD653F753C4C7E061107B0F74A6DAA to the KEYS - is there any >>>> particular preference? >>>> >>>> On Mon, Sep 9, 2024 at 11:36 PM PJ Fanning <fannin...@apache.org> wrote: >>>>> >>>>> Apologies - I missed that when I tested earlier. I concur with Samuele >>>>> that the key used to produce the asc file is not in the KEYS file. >>>>> >>>>> gpg --verify apache-pekko-1.1.1-src-20240909.tgz.asc >>>>> apache-pekko-1.1.1-src-20240909.tgz >>>>> gpg: Signature made Mon 9 Sep 09:00:14 2024 IST >>>>> gpg: using RSA key 2A5E8D8495DD653F753C4C7E061107B0F74A6DAA >>>>> gpg: Can't check signature: No public key >>>>> >>>>> Arnout - can you use the FF992B876CA27A76139C4619F8B1B4404F9F0EE2 key >>>>> to sign instead? >>>>> >>>>> On Mon, 9 Sept 2024 at 22:27, Samuele Resca <samuele.re...@gmail.com> >>>>> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> Performed the following checks: >>>>>> - Download links are valid. >>>>>> - Checksums and signatures. >>>>>> - LICENSE/NOTICE files exist >>>>>> - No unexpected binary files >>>>>> - All source files have ASF headers >>>>>> - Can compile from source >>>>>> - Can verify the binary build >>>>>> >>>>>> The tgz archive has been signed with a different public key not >>>>>> available in https://downloads.apache.org/pekko/KEYS. >>>>>> >>>>>> Could you please double check? >>>>>> >>>>>> Thanks in advance. >>>>>> Samuele >>>>>> >>>>>>> On 9 Sep 2024, at 12:47, PJ Fanning <fannin...@apache.org> wrote: >>>>>>> >>>>>>> +1 (binding) fanningpj >>>>>>> >>>>>>> [x] Download links are valid. >>>>>>> [x] Checksums and signatures. >>>>>>> [x] LICENSE/NOTICE files exist >>>>>>> [x] No unexpected binary files >>>>>>> [x] All source files have ASF headers >>>>>>> [x] Can compile from source >>>>>>> [x] Can verify the binary build >>>>>>> >>>>>>> On Mon, 9 Sept 2024 at 09:35, Arnout Engelen <enge...@apache.org> wrote: >>>>>>>> >>>>>>>> Hello Pekko Community, >>>>>>>> >>>>>>>> This is a call for a vote to release Apache Pekko version 1.1.1-RC1. >>>>>>>> >>>>>>>> The discussion thread: >>>>>>>> >>>>>>>> https://lists.apache.org/thread/8rp1xg2fddk742zkz7pb58p40zgy0vrr >>>>>>>> >>>>>>>> The release candidate: >>>>>>>> >>>>>>>> https://dist.apache.org/repos/dist/dev/pekko/1.1.1-RC1/ >>>>>>>> >>>>>>>> This release has been signed with a PGP key available here: >>>>>>>> >>>>>>>> https://downloads.apache.org/pekko/KEYS >>>>>>>> >>>>>>>> Release Notes: >>>>>>>> >>>>>>>> https://github.com/apache/pekko/pull/1469 >>>>>>>> >>>>>>>> Git branch for the release: >>>>>>>> >>>>>>>> https://github.com/apache/pekko/tree/v1.1.1-RC1 >>>>>>>> Git commit ID: 498c4713ab1eade7b0c792f375badd7095074a13 >>>>>>>> >>>>>>>> Please download, verify, and test. >>>>>>>> >>>>>>>> We have also staged jars in the Apache Nexus Repository. These were >>>>>>>> built with the same code >>>>>>>> as appears in this Source Release Candidate. We would appreciate if >>>>>>>> users could test with these too. >>>>>>>> If anyone finds any serious problems with these jars, please also >>>>>>>> notify us on this thread. >>>>>>>> >>>>>>>> https://repository.apache.org/content/groups/staging/org/apache/pekko/ >>>>>>>> >>>>>>>> For sbt 1.9.4 or greater you can add this resolver >>>>>>>> >>>>>>>> resolvers += Resolver.ApacheMavenStagingRepo >>>>>>>> >>>>>>>> Otherwise for older versions of sbt >>>>>>>> >>>>>>>> resolvers += "Apache Pekko Staging" at >>>>>>>> "https://repository.apache.org/content/groups/staging"; >>>>>>>> >>>>>>>> >>>>>>>> The VOTE will pass if we have more positive votes than negative votes >>>>>>>> and there must be a minimum of 3 approvals from Pekko PMC members. >>>>>>>> Anyone voting in favour of the release, could you please provide a >>>>>>>> list of the checks you have done? >>>>>>>> The vote will be left open until <insert date/time here>. >>>>>>>> >>>>>>>> [ ] +1 approve >>>>>>>> [ ] +0 no opinion >>>>>>>> [ ] -1 disapprove with the reason >>>>>>>> >>>>>>>> To learn more about Apache Pekko, please see https://pekko.apache.org/ >>>>>>>> >>>>>>>> Checklist for reference: >>>>>>>> >>>>>>>> [ ] Download links are valid. >>>>>>>> [ ] Checksums and signatures. >>>>>>>> [ ] LICENSE/NOTICE files exist >>>>>>>> [ ] No unexpected binary files >>>>>>>> [ ] All source files have ASF headers >>>>>>>> [ ] Can compile from source >>>>>>>> [ ] Can verify the binary build >>>>>>>> >>>>>>>> To compile from the source, please refer to: >>>>>>>> >>>>>>>> https://github.com/apache/pekko/blob/main/README.md#building-from-source >>>>>>>> >>>>>>>> To verify the binary build, please refer to: >>>>>>>> >>>>>>>> https://github.com/apache/pekko-site/wiki/Pekko-Release-Process#verifying-the-binary-build >>>>>>>> >>>>>>>> Some notes about verifying downloads can be found at: >>>>>>>> >>>>>>>> https://pekko.apache.org/download.html#verifying-downloads >>>>>>>> >>>>>>>> >>>>>>>> Here is my +1. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Arnout Engelen (Apache Pekko PMC member) >>>>>>>> >>>>>>>> --------------------------------------------------------------------- >>>>>>>> To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org >>>>>>>> For additional commands, e-mail: dev-h...@pekko.apache.org >>>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org >>>>>>> For additional commands, e-mail: dev-h...@pekko.apache.org >>>>>>> >>>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org >>>>> For additional commands, e-mail: dev-h...@pekko.apache.org >>>>> >>>> >>>> >>>> -- >>>> Arnout Engelen >>>> ASF Security Response >>>> Apache Pekko PMC member, ASF Member >>>> NixOS Committer >>>> Independent Open Source consultant >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org >>>> For additional commands, e-mail: dev-h...@pekko.apache.org >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org >>> For additional commands, e-mail: dev-h...@pekko.apache.org >>> >> >> >> -- >> Arnout Engelen >> ASF Security Response >> Apache Pekko PMC member, ASF Member >> NixOS Committer >> Independent Open Source consultant >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org >> For additional commands, e-mail: dev-h...@pekko.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > For additional commands, e-mail: dev-h...@pekko.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org For additional commands, e-mail: dev-h...@pekko.apache.org
