On 07/06/18 16:50, jean-frederic clere wrote:
> Version 1.2.17 includes the following changes compared to 1.2.16:
> - Windows binaries built with OpenSSL 1.0.2o and APR 1.6.3
> Various other fixes and improvements. See the changelog for details.
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
> The Apache Tomcat Native 1.2.17 is
>  [ ] Stable, go ahead and release
>  [X] Broken because of ...

gpg --verify reports that the signature for
is bad.

Other notes:
- We should be providing sha1 and sha512 hashes, not md5.
  (build scripts may need updating)

- hashes match
- signatures match apart from exception noted above
- src.tar.gz structure matches tag (with expected differences)
- library builds from src.tar.gz on Ubuntu Linux
- unit tests pass on Linux with library built from source
  (apart from expected failures due to the version of
  OpenSSL being used)
- Windows binary layout as expected
- Windows binaries of expected size
- Windows binaries have no unexpected DLL dependencies
- unit tests pass on Windows with library from binaries

Given that we have a valid MD5 hash for
I'd be happy with the following:
- upload corrected signature file
- add SHA1 and SHA512 hashes for all files
- remove MD5 files once vote has passed and before moving to release

I am willing to change my vote to +1, stable once the above steps are


To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to