Good catch Colm! I had Hao's public key locally as I fetched it when I signed it earlier, so missed it. @Hao: We should also add this step to our release guide. See here for details: http://www.apache.org/dev/release-signing.html#keys-policy
Regards, On Tue, Jun 7, 2016 at 9:53 AM, Colm O hEigeartaigh <cohei...@apache.org> wrote: > I guess "https://people.apache.org/keys/group/sentry.asc"; needs to be > copied/merged to "https://dist.apache.org/repos/dist/release/sentry/KEYS";. > This should be done before the release is promoted. As I can now verify the > signature, it's +1 from me on the release. > > Colm. > > > > On Tue, Jun 7, 2016 at 5:45 PM, Colm O hEigeartaigh <cohei...@apache.org> > wrote: > >> Hi Stravya/Hao, >> >> It's strange, it looks like Firefox corrupts the ".sha" file when >> downloading it. When I download it via "wget" it's fine. I guess we can >> ignore this anyway. >> >> Everything looks good, however I can't verify the signature on the >> release, as Hao's key is not included in: >> >> https://dist.apache.org/repos/dist/release/sentry/KEYS >> >> The only keys in there are: >> >> gpg: key 22E26224: public key "Shreepadma Venugopalan (CODE SIGNING KEY) < >> shreepa...@apache.org>" imported >> gpg: key 7D66174C: public key "Tuong Truong (CODE SIGNING KEY) < >> tuong.tru...@gmail.com>" imported >> gpg: key E2DE1E32: public key "gqshen (CODE SIGNING KEY) < >> gqs...@apache.org>" imported >> gpg: key AED7ED79: public key "Dapeng Sun (CODE SIGNING KEY) < >> s...@apache.org>" imported >> >> Colm. >> >> On Fri, Jun 3, 2016 at 9:43 PM, Sravya Tirukkovalur <sra...@cloudera.com> >> wrote: >> >>> I checked as well and sha seems fine to me too. @Colm what exactly do >>> you see ? >>> >>> +1 from me. >>> >>> Verified the following. >>> >>> - Made sure RCs are hosted @ >>> https://dist.apache.org/repos/dist/dev/sentry >>> - Is in format apache-$project-$version.tar.gz >>> - Verified Signatures and hashes. >>> - git tag matches the released bits (diff -rf) >>> - Can compile successfully from source >>> - Verified NOTICE has correct year >>> - All files have correct headers (Rat check is clean) >>> - No jar files in the release >>> >>> >>> Regards, >>> >>> On Fri, Jun 3, 2016 at 11:59 AM, Hao Hao <hao....@cloudera.com> wrote: >>> >>>> Hi Colm, >>>> >>>> Thanks for checking! But not sure how did you verify it? I downloaded >>>> the >>>> sha file and it seems look good to me: >>>> >>>> cat apache-sentry-1.7.0-src.tar.gz.sha >>>> 81c23908bc35e79a1a7c7e031cb904ee187f12bb apache-sentry-1.7.0-src.tar.gz >>>> >>>> Does anyone else give it a try? Thanks a lot! >>>> >>>> Best, >>>> Hao >>>> >>>> On Thu, Jun 2, 2016 at 7:57 AM, Colm O hEigeartaigh < >>>> cohei...@apache.org> >>>> wrote: >>>> >>>> > I think the ".sha" file is corrupted, it appears to contain binary >>>> data. >>>> > >>>> > Colm. >>>> > >>>> > On Thu, Jun 2, 2016 at 7:56 AM, Hao Hao <hao....@cloudera.com> wrote: >>>> > >>>> > > Hi all, >>>> > > >>>> > > This is the release of Apache Sentry, version 1.7.0. The list of >>>> fixed >>>> > > issues, added features and improvements can be found here: >>>> > > https://s.apache.org/FTD1 >>>> > > >>>> > > Source files: >>>> https://dist.apache.org/repos/dist/dev/sentry/1.7.0-rc0/ >>>> > > >>>> > > Tag to be voted on (rc0): >>>> > > >>>> > > >>>> > >>>> https://git-wip-us.apache.org/repos/asf?p=sentry.git;a=commit;h=735543e71d478f5bcd6be2b991ed26fc95abbb1b >>>> > > Sentry's KEYS containing the PGP key we used to sign the release: >>>> > > https://people.apache.org/keys/group/sentry.asc >>>> > > >>>> > > Note that this is a source only release and we are voting on the >>>> > > source: tag=release-1.7.0, >>>> SHA=735543e71d478f5bcd6be2b991ed26fc95abbb1b >>>> > > >>>> > > >>>> > > Vote will be open for 72 hours. >>>> > > >>>> > > [ ] +1 approve >>>> > > [ ] +0 no opinion >>>> > > [ ] -1 disapprove (and reason why) >>>> > > >>>> > > >>>> > > Thanks, >>>> > > Hao >>>> > > >>>> > >>>> > >>>> > >>>> > -- >>>> > Colm O hEigeartaigh >>>> > >>>> > Talend Community Coder >>>> > http://coders.talend.com >>>> > >>>> >>> >>> >>> >>> -- >>> Sravya Tirukkovalur >>> >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Sravya Tirukkovalur
