Thank you!! On Thu, Feb 13, 2020 at 3:51 AM Francois Papon <[email protected]> wrote:
> Hi all, > > I merged the SHIRO-742 on master, and will send the new vote on monday > next week. > > If someone want to include another PR, please let us know before ;) > > regards, > > François > [email protected] > > Le 12/02/2020 à 19:31, Brian Demers a écrit : > > This release vote has been canceled. > > > > We will include SHIRO-742 (from PR 201) and re-vote on 1.5.1. > > > > If you feel strongly about another issue going into this release, please > > speak now! > > > > Thanks, everyone! > > -Brian > > > > On Wed, Feb 12, 2020 at 1:25 PM Brian Demers <[email protected]> > wrote: > > > >> Works for me. > >> > >> I'll cancel the vote > >> > >> On Tue, Feb 11, 2020 at 3:15 PM Jean-Baptiste Onofre <[email protected]> > >> wrote: > >> > >>> Yeah, good point especially as some other projects are waiting for this > >>> fix. > >>> > >>> Regards > >>> JB > >>> > >>>> Le 11 févr. 2020 à 15:55, Colm O hEigeartaigh <[email protected]> a > >>> écrit : > >>>> I wonder if we shouldn't cancel the vote and merge > >>>> https://github.com/apache/shiro/pull/201 before calling another vote? > >>> It's > >>>> blocking other projects (e.g. Apache Knox) into upgrading to Shiro > >>> 1.5.x. > >>>> Colm. > >>>> > >>>> On Fri, Feb 7, 2020 at 5:14 PM Brian Demers <[email protected]> > >>> wrote: > >>>>> I answered my own question, id.apache.org is the correct approach > now: > >>>>> > >>>>> > >>> > https://www.apache.org/dev/new-committers-guide.html#set-up-security-and-pgp-keys > >>>>> On Fri, Feb 7, 2020 at 12:06 PM Brian Demers <[email protected] > > > >>>>> wrote: > >>>>> > >>>>>> Agreed, I'll follow up with infra and figure out what the > _recomended_ > >>>>>> approach is, maybe it's just a KEYS file in git, or something > through > >>>>>> id.apache.org > >>>>>> > >>>>>> On Fri, Feb 7, 2020 at 11:00 AM Colm O hEigeartaigh < > >>> [email protected] > >>>>>> wrote: > >>>>>> > >>>>>>> Thanks, that's working now. We will have to find a way of updating > >>>>>>> http://www.apache.org/dist/shiro/KEYS though, as otherwise users > >>> won't > >>>>>>> be able to reliably check the signature on the releases. > >>>>>>> > >>>>>>> +1 from me on the release. > >>>>>>> > >>>>>>> Colm. > >>>>>>> > >>>>>>> On Fri, Feb 7, 2020 at 4:31 PM Brian Demers < > [email protected]> > >>>>>>> wrote: > >>>>>>> > >>>>>>>> Hey sorry everyone, I should have checked that copy's expiration > >>> before > >>>>>>>> responding to Colm. > >>>>>>>> > >>>>>>>> repository.apache.org uses the following key servers: > >>>>>>>> https://keyserver.ubuntu.com/ > >>>>>>>> http://pool.sks-keyservers.net/ > >>>>>>>> (And checks the signatures when a staging repository is closed) > >>>>>>>> You can grab my key from either of those servers (which was > >>> previously > >>>>>>>> extended and is valid until 2021). > >>>>>>>> > >>>>>>>> I attempted to update the old SVN copy of `KEYS` but it looks like > >>> it > >>>>> is > >>>>>>>> read-only (now that we have moved to git). > >>>>>>>> > >>>>>>>> TL;DR: I shared the wrong link, use one of the key servers above. > >>>>>>>> > >>>>>>>> Sorry for the confusion, > >>>>>>>> -Brian > >>>>>>>> > >>>>>>>> On Fri, Feb 7, 2020 at 9:50 AM Benjamin Marwell < > [email protected] > >>>>>>>> wrote: > >>>>>>>> > >>>>>>>>> Good catch! > >>>>>>>>> > >>>>>>>>> Yes, this would change my vote as well to -1 until the key is > >>>>> extended. > >>>>>>>>> Non binding. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> On Fri, 7 Feb 2020, 12:18 Colm O hEigeartaigh, < > >>> [email protected]> > >>>>>>>>> wrote: > >>>>>>>>> > >>>>>>>>>> Hi Brian, > >>>>>>>>>> > >>>>>>>>>> Looks like this is the problem: > >>>>>>>>>> > >>>>>>>>>> gpg: assuming signed data in > 'shiro-root-1.5.1-source-release.zip' > >>>>>>>>>> gpg: Signature made Mon 03 Feb 2020 21:02:40 GMT > >>>>>>>>>> gpg: using DSA key > >>>>>>>>> 9C1FC83FF3B877CDE53B337C525875B36BFC416A > >>>>>>>>>> gpg: Good signature from "Brian Demers <[email protected] > >" > >>>>>>>>> [expired] > >>>>>>>>>> gpg: Note: This key has expired! > >>>>>>>>>> > >>>>>>>>>> "sub 4096g/AD11985E 2009-12-10 [expires: 2015-01-03] > >>>>>>>>>> sig 6BFC416A 2012-01-04 Brian Demers < > >>>>>>>>> [email protected]>" > >>>>>>>>>> I think I'll have to -1 the vote as the signing keys have > >>> expired... > >>>>>>>>>> Colm. > >>>>>>>>>> > >>>>>>>>>> On Thu, Feb 6, 2020 at 6:32 PM Brian Demers < > >>> [email protected] > >>>>>>>>>> wrote: > >>>>>>>>>> > >>>>>>>>>>> Which key server are you using? > >>>>>>>>>>> > >>>>>>>>>>> My pub key should also be included here: > >>>>>>>>>>> https://svn.apache.org/repos/asf/shiro/KEYS > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> On Thu, Feb 6, 2020 at 5:34 AM Colm O hEigeartaigh < > >>>>>>>>> [email protected]> > >>>>>>>>>>> wrote: > >>>>>>>>>>> > >>>>>>>>>>>> Hi Brian, > >>>>>>>>>>>> > >>>>>>>>>>>> Just a query on the key you used to sign the release: > >>>>>>>>>>>> > >>>>>>>>>>>> > >>> > https://repository.apache.org/content/repositories/orgapacheshiro-1025/org/apache/shiro/shiro-root/1.5.1/shiro-root-1.5.1-source-release.zip.asc > >>>>>>>>>>>> When I try to verify with gpg I get: gpg: Can't check > signature: > >>>>> No > >>>>>>>>>> public > >>>>>>>>>>>> key > >>>>>>>>>>>> > >>>>>>>>>>>> Contrast for example with the signature for 1.5.0: > >>>>>>>>>>>> > >>>>>>>>>>>> > >>> > https://repo.maven.apache.org/maven2/org/apache/shiro/shiro-root/1.5.0/shiro-root-1.5.0-source-release.zip.asc > >>>>>>>>>>>> Colm. > >>>>>>>>>>>> > >>>>>>>>>>>> On Tue, Feb 4, 2020 at 4:02 PM Les Hazlewood < > >>>>>>>>> [email protected]> > >>>>>>>>>>>> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>>> +1 (binding) > >>>>>>>>>>>>> > >>>>>>>>>>>>> On Mon, Feb 3, 2020 at 1:37 PM Brian Demers < > >>>>> [email protected]> > >>>>>>>>>> wrote: > >>>>>>>>>>>>>> This is a call to vote in favor of releasing Apache Shiro > >>>>>>>>> version > >>>>>>>>>>>> 1.5.1. > >>>>>>>>>>>>>> The 3 issues solved for 1.5.1: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>> > https://issues.apache.org/jira/issues/?jql=project%20%3D%20SHIRO%20AND%20fixVersion%20%3D%20%221.5.1%22%20AND%20(status%20!%3D%20Open%20and%20status%20!%3D%20%22In%20Progress%22)%20ORDER%20BY%20priority%20DESC > >>>>>>>>>>>>>> The source to be voted upon: > >>>>>>>>>>>>>> > >>> https://github.com/apache/shiro/tree/shiro-root-1.5.1-release-vote1 > >>>>>>>>>>>>>> (8024450868cb5cd0d9a8cc3a481ce17cd77d37f2 > >>>>>>>>>>>>>> < > >>> > https://github.com/apache/shiro/tree/shiro-root-1.5.1-release-vote1(8024450868cb5cd0d9a8cc3a481ce17cd77d37f2 > >>>>>>>>>>>>>> ) > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Staging repo for binaries: > >>>>>>>>>>>>>> > >>>>> > https://repository.apache.org/content/repositories/orgapacheshiro-1025 > >>>>>>>>>>>>>> Project website (just for informational purposes, not to be > >>>>>>>>> voted > >>>>>>>>>>>> upon): > >>>>>>>>>>>>>> http://shiro.apache.org/ > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Guide to testing staged releases: > >>>>>>>>>>>>>> > >>>>> > http://maven.apache.org/guides/development/guide-testing-releases.html > >>>>>>>>>>>>>> Vote open for 72 hours. Please do examine the source and > >>>>>>>>> binaries > >>>>>>>>>>>> before > >>>>>>>>>>>>>> voting. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> [ ] +1 > >>>>>>>>>>>>>> [ ] +0 > >>>>>>>>>>>>>> [ ] -1 (please include reasoning) > >>>>>>>>>>>>>> > >>> >
