On 15. 7. 2026 12:31, Ivan Zhakov wrote:
On Tue, 14 Jul 2026 at 18:38, Branko Čibej <[email protected]> wrote:

    On 14. 7. 2026 17:21, Ivan Zhakov wrote:
    On Tue, 14 Jul 2026 at 18:10, Branko Čibej <[email protected]> wrote:

        On 14. 7. 2026 15:33, Ivan Zhakov wrote:
        On Tue, 14 Jul 2026 at 16:24, Branko Čibej
        <[email protected]> wrote:

            On 13. 7. 2026 19:34, Ivan Zhakov wrote:
            On Mon, 13 Jul 2026 at 14:38, Evgeny Kotkov via dev
            <[email protected]> wrote:

                The 1.15.0-rc3 release artifacts are now available
                for testing/signing.
                Please get the tarballs from
                https://dist.apache.org/repos/dist/dev/subversion
                and add your signatures there.

            Summary:

              +1 to release.

            Platform:

              Windows 11 Version 10.0.26200.8737 (x64)

            Tested:

              [ fsfs ] x [ file | svn | http v2] x [x64]

            Results:

              All Tests Pass.

            Dependencies:

              - APR 1.7.6 (compiled with 1.7.6)
              - APR-Util 1.6.3 (compiled with 1.6.3)
              - Expat 2.8.2 (compiled with 2.8.2)
              - SQLite 3.41.2 (static)
              - Utf8proc 2.1.0 (compiled with 2.1.0)
              - ZLib 1.3.2 (compiled with 1.3.2)
              - LZ4 1.7.5 (compiled with 1.7.5)

            Build tools:

              MSVC v14.29-16.11 + vcxproj

-- Ivan Zhakov

            Ivan, did you forget to sign the tarballs? I didn't find
            your signatures.

        I didn't sign the tarballs yet. I need to recover my key or
        generate new one. I am working on it :)

        Ah, right, oops. To recover it, all you need is a working
        quantum computer and a couple weeks' time.

    Yup. Another option is just ask NSA for their copy ;)

        Or a supercomputer and a couple decades. To generate a new
        one, you need 10 minutes. Good luck! :D

    I decided to go this route. But it seems I need to wait 24h wait
    ASF will fetched updated key [1]:

    [1]: https://people.apache.org/keys/


    When I generated my new signing key, I just added it to KEYS
    myself. Added the fingerprint on id.apache.org
    <http://id.apache.org> but that's it. And I left my previous key
    in KEYS since I used it to sign older releases.


I have updated fingerprint on id.apache.org <http://id.apache.org>, but it took 24h to get KEYS files updated. I see that my key file on https://people.apache.org/keys/ is updated now.


I have added my signatures for the subversion-1.15.0-rc3.zip tarball. I am not sure if I should add my signature for Unix tarballs because I only checked Windows one.


Traditionally we only sign the tarballs that we test. For example, I didn't sign the .zip.

-- Brane

Reply via email to