I would use sha512sum (as it's done in other ASF Projects as well). We should update the docs.
Am 22. Juli 2024 14:09:53 MESZ schrieb Rui Abreu <rui.ab...@gmail.com>: >Hi Julien, > >Thanks for taking the time to review the release. > >The difference in the checksum comes down to the binaries that were used to >generate them. Source archives are using sha512sum whereas final packages >are using gpg --print-md. > > According to the release procedures: > >pushd storm-dist/source/target >sha512sum apache-storm-2.6.0-src.zip > apache-storm-2.6.0-src.zip.sha512 >sha512sum apache-storm-2.6.0-src.tar.gz > >apache-storm-2.6.0-src.tar.gz.sha512popd >pushd storm-dist/binary/final-package/target >gpg --print-md SHA512 apache-storm-2.6.0.zip > apache-storm-2.6.0.zip.sha512 >gpg --print-md SHA512 apache-storm-2.6.0.tar.gz > >apache-storm-2.6.0.tar.gz.sha512pop > > >Happy to fix this if the procedure is wrong. > >On Mon, 22 Jul 2024 at 08:34, Julien Nioche <lists.digitalpeb...@gmail.com> >wrote: > >> Thanks for taking care of the release Rui. >> >> The signatures apache-storm-2.6.3.tar.gz.sha512 >> < >> https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.6.3-rc1/apache-storm-2.6.3.tar.gz.sha512 >> > >> and apache-storm-2.6.3.zip.sha512 >> < >> https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.6.3-rc1/apache-storm-2.6.3.zip.sha512 >> > >> are >> not at the same format as the others. Can you please check that they are >> correct and replace them if needed? >> >> Apart from that, +1 from me >> >> - checked the other signatures >> - created a distribution from source >> - used it to run a local topology >> - ran a distributed cluster >> >> Thanks! >> >> Julien >> >> On Tue, 16 Jul 2024 at 16:42, Rui Abreu <rui.ab...@gmail.com> wrote: >> >> > Hi folks, >> > >> > I have posted a 1st release candidate for the Apache Storm 2.6.3 release >> > and it is ready for testing. >> > >> > The Nexus staging repository is here: >> > >> https://repository.apache.org/content/repositories/orgapachestorm-1112 >> > >> > Storm Source and Binary Release with sha512 signature files are here: >> > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.6.3-rc1/ >> > The release artifacts are signed with the following key: >> > >> > >> > >> http://keyserver.ubuntu.com/pks/lookup?search=rabreu&fingerprint=on&op=index >> > in this file https://www.apache.org/dist/storm/KEYS >> > >> > The release was made from the Apache Storm 2.6.3 tag at: >> > https://github.com/apache/storm/tree/v2.6.3 >> > >> > Full list of changes in this release: >> > >> > >> > >> https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.6.3-rc1/RELEASE_NOTES.html >> > >> > To use it in a maven build set the version for Storm to 2.6.3 and add the >> > following URL to your settings.xml file: >> > https://repository.apache.org/content/repositories/orgapachestorm-1112 >> > >> > The release was made using the Storm release process, documented on the >> > GitHub repository: >> > https://github.com/apache/storm/blob/master/RELEASING.md >> > >> > Please vote on releasing these packages as Apache Storm 2.6.3. The vote >> is >> > open for at least the next 72 hours. >> > "How to vote" is described here: >> > >> > >> https://github.com/apache/storm/blob/master/RELEASING.md#how-to-vote-on-a-release-candidate >> > When voting, please list the actions taken to verify the release. >> > >> > Only votes from the Storm PMC are binding, but everyone is welcome to >> check >> > the release candidate and vote. >> > The vote passes if at least three binding +1 votes are cast. >> > >> > [ ] +1 Release this package as Apache Storm [VERSION] >> > [ ] 0 No opinion >> > [ ] -1 Do not release this package because... >> > >> > Thanks to everyone who contributed to this release. >> > >> > Thanks! >> > >> >> >> -- >> *Julien Nioche * >> >> >> digitalpebble.com <http://www.digitalpebble.com/> >>
