Thanks a lot Colm for pointing out. I will add this to the release guide. Best, Hao
On Tue, Jun 7, 2016 at 11:01 PM, Sravya Tirukkovalur <sra...@cloudera.com> wrote: > Good catch Colm! I had Hao's public key locally as I fetched it when I > signed it earlier, so missed it. @Hao: We should also add this step to our > release guide. See here for details: > http://www.apache.org/dev/release-signing.html#keys-policy > > Regards, > > On Tue, Jun 7, 2016 at 9:53 AM, Colm O hEigeartaigh <cohei...@apache.org> > wrote: > > > I guess "https://people.apache.org/keys/group/sentry.asc"; needs to be > > copied/merged to "https://dist.apache.org/repos/dist/release/sentry/KEYS > ". > > This should be done before the release is promoted. As I can now verify > the > > signature, it's +1 from me on the release. > > > > Colm. > > > > > > > > On Tue, Jun 7, 2016 at 5:45 PM, Colm O hEigeartaigh <cohei...@apache.org > > > > wrote: > > > >> Hi Stravya/Hao, > >> > >> It's strange, it looks like Firefox corrupts the ".sha" file when > >> downloading it. When I download it via "wget" it's fine. I guess we can > >> ignore this anyway. > >> > >> Everything looks good, however I can't verify the signature on the > >> release, as Hao's key is not included in: > >> > >> https://dist.apache.org/repos/dist/release/sentry/KEYS > >> > >> The only keys in there are: > >> > >> gpg: key 22E26224: public key "Shreepadma Venugopalan (CODE SIGNING > KEY) < > >> shreepa...@apache.org>" imported > >> gpg: key 7D66174C: public key "Tuong Truong (CODE SIGNING KEY) < > >> tuong.tru...@gmail.com>" imported > >> gpg: key E2DE1E32: public key "gqshen (CODE SIGNING KEY) < > >> gqs...@apache.org>" imported > >> gpg: key AED7ED79: public key "Dapeng Sun (CODE SIGNING KEY) < > >> s...@apache.org>" imported > >> > >> Colm. > >> > >> On Fri, Jun 3, 2016 at 9:43 PM, Sravya Tirukkovalur < > sra...@cloudera.com> > >> wrote: > >> > >>> I checked as well and sha seems fine to me too. @Colm what exactly do > >>> you see ? > >>> > >>> +1 from me. > >>> > >>> Verified the following. > >>> > >>> - Made sure RCs are hosted @ > >>> https://dist.apache.org/repos/dist/dev/sentry > >>> - Is in format apache-$project-$version.tar.gz > >>> - Verified Signatures and hashes. > >>> - git tag matches the released bits (diff -rf) > >>> - Can compile successfully from source > >>> - Verified NOTICE has correct year > >>> - All files have correct headers (Rat check is clean) > >>> - No jar files in the release > >>> > >>> > >>> Regards, > >>> > >>> On Fri, Jun 3, 2016 at 11:59 AM, Hao Hao <hao....@cloudera.com> wrote: > >>> > >>>> Hi Colm, > >>>> > >>>> Thanks for checking! But not sure how did you verify it? I downloaded > >>>> the > >>>> sha file and it seems look good to me: > >>>> > >>>> cat apache-sentry-1.7.0-src.tar.gz.sha > >>>> 81c23908bc35e79a1a7c7e031cb904ee187f12bb > apache-sentry-1.7.0-src.tar.gz > >>>> > >>>> Does anyone else give it a try? Thanks a lot! > >>>> > >>>> Best, > >>>> Hao > >>>> > >>>> On Thu, Jun 2, 2016 at 7:57 AM, Colm O hEigeartaigh < > >>>> cohei...@apache.org> > >>>> wrote: > >>>> > >>>> > I think the ".sha" file is corrupted, it appears to contain binary > >>>> data. > >>>> > > >>>> > Colm. > >>>> > > >>>> > On Thu, Jun 2, 2016 at 7:56 AM, Hao Hao <hao....@cloudera.com> > wrote: > >>>> > > >>>> > > Hi all, > >>>> > > > >>>> > > This is the release of Apache Sentry, version 1.7.0. The list of > >>>> fixed > >>>> > > issues, added features and improvements can be found here: > >>>> > > https://s.apache.org/FTD1 > >>>> > > > >>>> > > Source files: > >>>> https://dist.apache.org/repos/dist/dev/sentry/1.7.0-rc0/ > >>>> > > > >>>> > > Tag to be voted on (rc0): > >>>> > > > >>>> > > > >>>> > > >>>> > https://git-wip-us.apache.org/repos/asf?p=sentry.git;a=commit;h=735543e71d478f5bcd6be2b991ed26fc95abbb1b > >>>> > > Sentry's KEYS containing the PGP key we used to sign the release: > >>>> > > https://people.apache.org/keys/group/sentry.asc > >>>> > > > >>>> > > Note that this is a source only release and we are voting on the > >>>> > > source: tag=release-1.7.0, > >>>> SHA=735543e71d478f5bcd6be2b991ed26fc95abbb1b > >>>> > > > >>>> > > > >>>> > > Vote will be open for 72 hours. > >>>> > > > >>>> > > [ ] +1 approve > >>>> > > [ ] +0 no opinion > >>>> > > [ ] -1 disapprove (and reason why) > >>>> > > > >>>> > > > >>>> > > Thanks, > >>>> > > Hao > >>>> > > > >>>> > > >>>> > > >>>> > > >>>> > -- > >>>> > Colm O hEigeartaigh > >>>> > > >>>> > Talend Community Coder > >>>> > http://coders.talend.com > >>>> > > >>>> > >>> > >>> > >>> > >>> -- > >>> Sravya Tirukkovalur > >>> > >> > >> > >> > >> -- > >> Colm O hEigeartaigh > >> > >> Talend Community Coder > >> http://coders.talend.com > >> > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > -- > Sravya Tirukkovalur >
