Hi Yegor, No trouble for the vote since I was able to confirm the signature even if in a strange manner.
I did notice something that we will need to fix before the full release. We need to make Forrest add Apache license headers to the docs html files. Such fun participating with Apache OpenOffice.org and Apache ODF Toolkit :-D Best Regards, Dace On Aug 23, 2011, at 11:14 PM, Yegor Kozlov wrote: > All the signatures are correct. I used the same signing procedure as > for old releases, it signs all files in a batch and I didn't do > anything different for .zip and .gz files. Moreover, I used > multisign.sh which is a tried and tested script from the release > tools, see tools/releases/multisign.sh in the ASF committers > repository. > > I think it is a problem in the GPGTools for Mac OS X. > > I'm checking with with GNU gpg on Windows / cygwin and on Linux and > all signatures are fine. > > Yegor > > On Wed, Aug 24, 2011 at 5:34 AM, Dave Fisher <dave2w...@comcast.net> wrote: >> Hi Yegor, >> >> I'm not seeing a valid signature on the tar.gz files. The zips are fine. It >> looks like you did all of the signing on the tar files and not the tar.gz >> files. >> >> $ gpg --verify poi-bin-3.8-beta4-20110826.tar.gz.asc >> gpg: Signature made Tue Aug 23 11:26:14 2011 PDT using DSA key ID F5BB52CD >> gpg: BAD signature from "Yegor Kozlov <yegor.koz...@gmail.com>" >> >> $ gpg --verify poi-bin-3.8-beta4-20110826.zip.asc >> gpg: Signature made Tue Aug 23 11:26:16 2011 PDT using DSA key ID F5BB52CD >> gpg: Good signature from "Yegor Kozlov <yegor.koz...@gmail.com>" >> gpg: aka "Yegor Kozlov <ye...@dinom.ru>" >> gpg: aka "Yegor Kozlov <ye...@apache.org>" >> >> It looks like you signed poi-bin-3.8-beta4-20110826.tar and not >> poi-bin-3.8-beta4-20110826.tar.gz >> >> The sha1 hash matches that of the tar and no the tar.gz >> >> $ more poi-bin-3.8-beta4-20110826.tar.gz.sha1 >> 44eb9badbe80b99768b8d821d74b106dc8c5a2c0 *poi-bin-3.8-beta4-20110826.tar.gz >> >> $ openssl sha1 poi-bin-3.8-beta4-20110826.tar >> SHA1(poi-bin-3.8-beta4-20110826.tar)= >> 44eb9badbe80b99768b8d821d74b106dc8c5a2c0 >> >> Rename the tar.gz.asc to tar.asc and the signature checks. >> >> $ gpg --verify poi-src-3.8-beta4-20110826.tar.asc >> gpg: Signature made Tue Aug 23 11:26:27 2011 PDT using DSA key ID F5BB52CD >> gpg: Good signature from "Yegor Kozlov <yegor.koz...@gmail.com>" >> gpg: aka "Yegor Kozlov <ye...@dinom.ru>" >> gpg: aka "Yegor Kozlov <ye...@apache.org>" >> >> >> I am using this GPG: http://www.gpgtools.org/installer/index.html >> >> And this reference for SHA1 hash - http://support.apple.com/kb/ht1652 >> >> Regards, >> Dave >> >> On Aug 23, 2011, at 12:04 PM, Yegor Kozlov wrote: >> >>> Hi All, >>> >>> Please test-drive the release candidate for POI 3.8 beta4 (take 2). >>> Compared to the first version, two release blockers have been found and >>> fixed: >>> >>> (1) https://issues.apache.org/bugzilla/show_bug.cgi?id=51686 >>> (2) Our collection of test files included a document that we are not >>> allowed to distribute. The doc in question has been removed. >>> >>> The release candidate files are available from: >>> >>> https://dist.apache.org/repos/dist/dev/poi/ >>> >>> (The jars and poms to feed into the maven repo are in /maven/ >>> directory, they will be pushed using mvn-deploy.sh) >>> >>> As with all Apache release votes, please check that not only does the >>> code work, and no major breakages have occurred since the last >>> release, but also that packaging is correct, license headers and >>> notices exist etc. >>> >>> The vote options are: >>> >>> +1 - I support this release >>> 0 - I don't object to this release, but I haven't checked it >>> -1 - There's a problem with the release, and that is .... >>> >>> I'm voting [+1]. Vote open for 72 hours and ends on Friday, 26th August. >>> >>> Yegor >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org >>> For additional commands, e-mail: dev-h...@poi.apache.org >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org >> For additional commands, e-mail: dev-h...@poi.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
