Hi, The previous vote has been canceled, and we have resolved the issues mentioned by mentors, below are change points:
1. Use a 4096 bit key to sign the RC. 2. Add license notice for all the dependencies. 3. Remove the 3rd party links in README. 4. Polish bin/README file. The new vote will be called soon. At your convenience, would you please check the RC3 and vote it again? Thanks, yukon On Thu, Feb 9, 2017 at 9:00 AM, Xinyu Zhou <[email protected]> wrote: > Hi Willem, > > The public key has been uploaded to key server[1], if it doesn't work in > your env, Could you please download the KEYS file and import it? And, next > time i will generate a 4096 bit key. > > [1]. https://pgp.mit.edu/pks/lookup?op=vindex&search=0x5710EE35C50AC1B1 > > Regards, > yukon > On Thu, Feb 09, 2017 at 8:50am, Willem Jiang <[email protected]> > wrote: > > Hi, > > I just tried to verify the artifact sign, I got these message: > > gpg rocketmq-test-4.0.0-incubating-sources.jar.asc > gpg: Signature made Tue Feb 7 17:17:14 2017 CST using RSA key ID C50AC1B1 > gpg: Can't check signature: public key not found > > it looks like the public key is not upload the keyserver. > You can upload the key to the key server here[1]. > > BTW the key that yukon uses is less than 2048 bit, it's better to choose a > strong one as this suggested[2] > > [1]https://pgp.mit.edu/ > [2]https://www.apache.org/dev/openpgp.html#generate-key > > > > > > Willem Jiang > > Blog: http://willemjiang.blogspot.com (English) > http://jnn.iteye.com (Chinese) > Twitter: willemjiang > Weibo: 姜宁willem > > On Tue, Feb 7, 2017 at 7:24 PM, Justin Mclean <[email protected]> > wrote: > > > Hi, > > > > Please put all non vote discussion here, rather than in the vote thread, > > as it makes it easier to count and review votes. > > > > Thanks, > > Justin > >
