On 07/06/18 16:50, jean-frederic clere wrote: > Version 1.2.17 includes the following changes compared to 1.2.16: > > - Windows binaries built with OpenSSL 1.0.2o and APR 1.6.3 > > Various other fixes and improvements. See the changelog for details. > > The proposed release artefacts can be found at [1], > and the build was done using tag [2]. > > The Apache Tomcat Native 1.2.17 is > [ ] Stable, go ahead and release > [X] Broken because of ...
gpg --verify reports that the signature for tomcat-native-1.2.17-win32-src.zip is bad. Other notes: - We should be providing sha1 and sha512 hashes, not md5. (build scripts may need updating) Checks: - hashes match - signatures match apart from exception noted above - src.tar.gz structure matches tag (with expected differences) - library builds from src.tar.gz on Ubuntu Linux - unit tests pass on Linux with library built from source (apart from expected failures due to the version of OpenSSL being used) - Windows binary layout as expected - Windows binaries of expected size - Windows binaries have no unexpected DLL dependencies - unit tests pass on Windows with library from binaries Given that we have a valid MD5 hash for tomcat-native-1.2.17-win32-src.zip I'd be happy with the following: - upload corrected signature file - add SHA1 and SHA512 hashes for all files - remove MD5 files once vote has passed and before moving to release I am willing to change my vote to +1, stable once the above steps are complete. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org