Ran all tests from the php end. Everything passes. Actually added a couple
more and those also pass.

VOTE: +1

On Fri, Apr 6, 2018 at 9:29 AM, Jason Plurad <plur...@gmail.com> wrote:

> Validated the binaries, did several manual tests with the Gremlin Server +
> Gremlin Console, looked over the documentation.
>
> The instructions on the download page to verify with gpg manually are fine
> since the output does say "Good signature" even with the [unknown] suffix.
>
> VOTE: +1
>
> On Wed, Apr 4, 2018 at 2:08 PM, Daniel Kuppitz <m...@gremlin.guru> wrote:
>
> > With the suffix ignored it all looks good.
> >
> > Validating binary distributions
> >
> > * downloading Apache TinkerPop Gremlin
> > (apache-tinkerpop-gremlin-console-3.3.2-bin.zip)... OK
> > * validating signatures and checksums ...
> >   * PGP signature ... OK
> >   * MD5 checksum ... OK
> >   * SHA1 checksum ... OK
> > * unzipping Apache TinkerPop Gremlin ... OK
> > * validating Apache TinkerPop Gremlin's docs ... OK
> > * validating Apache TinkerPop Gremlin's binaries ... OK
> > * validating Apache TinkerPop Gremlin's legal files ...
> >   * LICENSE ... OK
> >   * NOTICE ... OK
> > * validating Apache TinkerPop Gremlin's plugin directory ... OK
> > * validating Apache TinkerPop Gremlin's lib directory ... OK
> > * testing script evaluation ... OK
> >
> > * downloading Apache TinkerPop Gremlin
> > (apache-tinkerpop-gremlin-server-3.3.2-bin.zip)... OK
> > * validating signatures and checksums ...
> >   * PGP signature ... OK
> >   * MD5 checksum ... OK
> >   * SHA1 checksum ... OK
> > * unzipping Apache TinkerPop Gremlin ... OK
> > * validating Apache TinkerPop Gremlin's docs ... OK
> > * validating Apache TinkerPop Gremlin's binaries ... OK
> > * validating Apache TinkerPop Gremlin's legal files ...
> >   * LICENSE ... OK
> >   * NOTICE ... OK
> > * validating Apache TinkerPop Gremlin's plugin directory ... OK
> > * validating Apache TinkerPop Gremlin's lib directory ... OK
> >
> > Validating source distribution
> >
> > * downloading Apache TinkerPop 3.3.2 (apache-tinkerpop-3.3.2-src.zip)...
> > OK
> > * validating signatures and checksums ...
> >   * PGP signature ... OK
> >   * MD5 checksum ... OK
> >   * SHA1 checksum ... OK
> > * unzipping Apache TinkerPop 3.3.2 ... OK
> > * building project ... OK
> >
> >
> > VOTE: +1 (if nobody has any objections regarding the suffix)
> >
> > Furthermore, here's the output of the verification step shown on the
> > download page:
> >
> > $ gpg --verify apache-tinkerpop-3.3.2-src.zip.asc
> > apache-tinkerpop-3.3.2-src.zip
> > gpg: Signature made Tue 03 Apr 2018 12:45:53 PM MST
> > gpg:                using RSA key EA53A99854EAB0E6
> > gpg: Good signature from "Stephen Mallette <spmalle...@apache.org>"
> > [unknown]
> > gpg: WARNING: This key is not certified with a trusted signature!
> > gpg:          There is no indication that the signature belongs to the
> > owner.
> > Primary key fingerprint: 0871 A360 AAB5 FD42 2516  E2FB EA53 A998 54EA
> B0E6
> >
> >
> > Cheers,
> > Daniel
> >
> >
> > On Wed, Apr 4, 2018 at 1:59 PM, Daniel Kuppitz <m...@gremlin.guru> wrote:
> >
> > > Much newer.
> > >
> > > $ gpg --version
> > > gpg (GnuPG) 2.1.15
> > > libgcrypt 1.7.8
> > > Copyright (C) 2016 Free Software Foundation, Inc.
> > > License GPLv3+: GNU GPL version 3 or later <
> https://gnu.org/licenses/gpl
> > .
> > > html>
> > > This is free software: you are free to change and redistribute it.
> > > There is NO WARRANTY, to the extent permitted by law.
> > >
> > > Home: /home/daniel/.gnupg
> > > Supported algorithms:
> > > Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
> > > Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
> > >         CAMELLIA128, CAMELLIA192, CAMELLIA256
> > > Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> > > Compression: Uncompressed, ZIP, ZLIB, BZIP2
> > >
> > >
> > >
> > > On Wed, Apr 4, 2018 at 1:57 PM, Stephen Mallette <spmalle...@gmail.com
> >
> > > wrote:
> > >
> > >> out of curiosity - what gpg version do you have? i'm on:
> > >>
> > >> $ gpg --version
> > >> gpg (GnuPG) 1.4.16
> > >>
> > >> is that ancient or something? i'd be curious if anyone else has this
> > >> problem. it's also semi-concerning that this doesn't work because we'd
> > >> want
> > >> to the verification to behave right with the instructions we have
> here:
> > >>
> > >> http://tinkerpop.apache.org/downloads.html
> > >>
> > >> wonder if that's a problem too?
> > >>
> > >>
> > >>
> > >> On Wed, Apr 4, 2018 at 4:54 PM, Daniel Kuppitz <m...@gremlin.guru>
> wrote:
> > >>
> > >> > Either this or I might have a newer gpg version which changed the
> > output
> > >> > slightly. We already ignore the suffix for Ted and Jason, so I guess
> > we
> > >> > should just use the same pattern for everyone. I can CTR this change
> > >> into
> > >> > all main branches; it's just that:
> > >> >
> > >> > -[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature
> from
> > >> > "Stephen Mallette <spmalle...@apache.org>"$'` -eq 1 ] || \
> > >> > -[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature
> from
> > >> > "Marko Rodriguez <ok...@apache.org>"$'` -eq 1 ] || \
> > >> > +[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature
> from
> > >> > "Stephen Mallette <spmalle...@apache.org>"'` -eq 1 ] || \
> > >> > +[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature
> from
> > >> > "Marko Rodriguez <ok...@apache.org>"'` -eq 1 ] || \
> > >> >
> > >> > Cheers,
> > >> > Daniel
> > >> >
> > >> >
> > >> > On Wed, Apr 4, 2018 at 1:49 PM, Stephen Mallette <
> > spmalle...@gmail.com>
> > >> > wrote:
> > >> >
> > >> > > I haven't changed anything - i wonder why this is suddenly an
> > issue. I
> > >> > > guess it worked for me locally because i was the person who signed
> > it?
> > >> > >
> > >> > > On Wed, Apr 4, 2018 at 4:47 PM, Daniel Kuppitz <m...@gremlin.guru>
> > >> wrote:
> > >> > >
> > >> > > > gpg: Signature made Tue 03 Apr 2018 12:53:16 PM MST
> > >> > > > gpg:                using RSA key EA53A99854EAB0E6
> > >> > > > gpg: Good signature from "Stephen Mallette <
> spmalle...@apache.org
> > >"
> > >> > > > [unknown]
> > >> > > > gpg: WARNING: This key is not certified with a trusted
> signature!
> > >> > > > gpg:          There is no indication that the signature belongs
> to
> > >> the
> > >> > > > owner.
> > >> > > > Primary key fingerprint: 0871 A360 AAB5 FD42 2516  E2FB EA53
> A998
> > >> 54EA
> > >> > > B0E6
> > >> > > >
> > >> > > > The [unkown] suffix is what breaks the check.
> > >> > > >
> > >> > > > If you haven't changed anything in the way you're signing the
> > >> > artifacts,
> > >> > > we
> > >> > > > can probably just ignore the suffix.
> > >> > > >
> > >> > > >
> > >> > > >
> > >> > > > On Wed, Apr 4, 2018 at 1:39 PM, Daniel Kuppitz <m...@gremlin.guru
> >
> > >> > wrote:
> > >> > > >
> > >> > > > > The PGP signature check fails for me.
> > >> > > > >
> > >> > > > > daniel@cube /projects/apache/tinkerpop (tp33) $
> > >> > > > > bin/validate-distribution.sh 3.3.2
> > >> > > > >
> > >> > > > > Validating binary distributions
> > >> > > > >
> > >> > > > > * downloading Apache TinkerPop Gremlin
> > (apache-tinkerpop-gremlin-
> > >> > > > console-3.3.2-bin.zip)...
> > >> > > > > OK
> > >> > > > > * validating signatures and checksums ...
> > >> > > > >   * PGP signature ... failed
> > >> > > > >
> > >> > > > > daniel@cube /projects/apache/tinkerpop (tp33) $ pushd /tmp
> > >> > > > > /tmp /projects/apache/tinkerpop
> > >> > > > > daniel@cube /tmp $ wget https://dist.apache.org/repos/
> > >> > > > > dist/dev/tinkerpop/KEYS
> > >> > > > > --2018-04-04 13:36:03--  https://dist.apache.org/repos/
> > >> > > > > dist/dev/tinkerpop/KEYS
> > >> > > > > Resolving dist.apache.org (dist.apache.org)... 209.188.14.144
> > >> > > > > Connecting to dist.apache.org (dist.apache.org)|209.188.14.
> > >> > 144|:443...
> > >> > > > > connected.
> > >> > > > > HTTP request sent, awaiting response... 200 OK
> > >> > > > > Length: 13788 (13K) [text/plain]
> > >> > > > > Saving to: ‘KEYS’
> > >> > > > >
> > >> > > > > KEYS
> > >> > > > >  100%[======================================================
> > >> > > > > ==========================================================>]
> > >> 13.46K
> > >> > > > > --.-KB/s    in 0s
> > >> > > > >
> > >> > > > > 2018-04-04 13:36:03 (98.0 MB/s) - ‘KEYS’ saved [13788/13788]
> > >> > > > >
> > >> > > > > daniel@cube /tmp $ gpg --import KEYS
> > >> > > > > gpg: key 59028A48CB97E87B: "Marko Rodriguez <ok...@apache.org
> >"
> > >> not
> > >> > > > > changed
> > >> > > > > gpg: key EA53A99854EAB0E6: "Stephen Mallette <
> > >> spmalle...@apache.org
> > >> > >"
> > >> > > > not
> > >> > > > > changed
> > >> > > > > gpg: key A39CC3ADAEAEF36E: "Theodore Ratte Wilmes (CODE
> SIGNING
> > >> KEY)
> > >> > <
> > >> > > > > twil...@apache.org>" not changed
> > >> > > > > gpg: key 66B85FF141802BA8: "Jason Plurad (CODE SIGNING KEY) <
> > >> > > > > plur...@apache.org>" not changed
> > >> > > > > gpg: Total number processed: 4
> > >> > > > > gpg:              unchanged: 4
> > >> > > > > daniel@cube /tmp $ popd
> > >> > > > > /projects/apache/tinkerpop
> > >> > > > > daniel@cube /projects/apache/tinkerpop (tp33) $
> > >> > > > > bin/validate-distribution.sh 3.3.2
> > >> > > > >
> > >> > > > > Validating binary distributions
> > >> > > > >
> > >> > > > > * downloading Apache TinkerPop Gremlin
> > (apache-tinkerpop-gremlin-
> > >> > > > console-3.3.2-bin.zip)...
> > >> > > > > OK
> > >> > > > > * validating signatures and checksums ...
> > >> > > > >   * PGP signature ... failed
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > > Cheers,
> > >> > > > > Daniel
> > >> > > > >
> > >> > > > >
> > >> > > > > On Tue, Apr 3, 2018 at 2:05 PM, Stephen Mallette <
> > >> > spmalle...@gmail.com
> > >> > > >
> > >> > > > > wrote:
> > >> > > > >
> > >> > > > >>  Hello,
> > >> > > > >>
> > >> > > > >> We are happy to announce that TinkerPop 3.3.2 is ready for
> > >> release.
> > >> > > > >>
> > >> > > > >> The release artifacts can be found at this location:
> > >> > > > >>         https://dist.apache.org/repos/
> > dist/dev/tinkerpop/3.3.2/
> > >> > > > >>
> > >> > > > >> The source distribution is provided by:
> > >> > > > >>         apache-tinkerpop-3.3.2-src.zip
> > >> > > > >>
> > >> > > > >> Two binary distributions are provided for user convenience:
> > >> > > > >>         apache-tinkerpop-gremlin-console-3.3.2-bin.zip
> > >> > > > >>         apache-tinkerpop-gremlin-server-3.3.2-bin.zip
> > >> > > > >>
> > >> > > > >> The GPG key used to sign the release artifacts is available
> at:
> > >> > > > >>     https://dist.apache.org/repos/dist/dev/tinkerpop/KEYS
> > >> > > > >>
> > >> > > > >> The online docs can be found here:
> > >> > > > >>         http://tinkerpop.apache.org/docs/3.3.2/ (user docs)
> > >> > > > >>         http://tinkerpop.apache.org/docs/3.3.2/upgrade/
> > (upgrade
> > >> > > docs)
> > >> > > > >>         http://tinkerpop.apache.org/javadocs/3.3.2/core/
> (core
> > >> > > javadoc)
> > >> > > > >>         http://tinkerpop.apache.org/javadocs/3.3.2/full/
> (full
> > >> > > javadoc)
> > >> > > > >>
> > >> > > > >> The tag in Apache Git can be found here:
> > >> > > > >>
> > >> > > > >> https://git-wip-us.apache.org/repos/asf?p=tinkerpop.git;a=ta
> > >> > > > >> g;h=5938d84a350e048357e3b40f335a0ed161180cc3
> > >> > > > >>
> > >> > > > >> The release notes are available here (i linked to the branch
> -
> > >> > github
> > >> > > > >> hasn't sync'd the tag yet for some reason - not sure what the
> > >> delay
> > >> > is
> > >> > > > >> with
> > >> > > > >> Apache infra):
> > >> > > > >>
> > >> > > > >> https://github.com/apache/tinkerpop/blob/tp33/CHANGELOG.asci
> > >> > > > >> idoc#release-3-3-2
> > >> > > > >>
> > >> > > > >> The [VOTE] will be open for the next 72 hours --- closing
> > Friday,
> > >> > > April
> > >> > > > 6,
> > >> > > > >> 2018 at 5:00pm EST.
> > >> > > > >>
> > >> > > > >> My vote is +1.
> > >> > > > >>
> > >> > > > >> Thank you very much,
> > >> > > > >> Stephen
> > >> > > > >>
> > >> > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> > >
> > >
> >
>

Reply via email to