Hi all, The result is that the the component will be released.
[binding] +1 - Georg Kallidis +1 - Thomas Vandahl +1 - Jeffery Painter Addressing Thomas's concerns: 1. Deprecation is coming from one of the test cases calling code in this component that is deprecated. CryptoUtil.copy() method, so I think all is OK there. 2. When I verified the signature, it looks good to me. Please let me know if you are seeing something different than below. painter@merlin:~/$ gpg --list-secret-key /home/painter/.gnupg/pubring.gpg -------------------------------- sec rsa4096 2018-09-25 [SC] [expires: 2023-09-24] F325EA8120E1E588FC5EC9A9207EE518D34FA936 uid [ultimate] Jeffery Painter <[email protected]> uid [ultimate] Jeffery Painter (CODE SIGNING KEY) <[email protected]> ssb rsa4096 2018-09-25 [E] [expires: 2023-09-24] painter@merlin:~/$ gpg --verify fulcrum-yaafi-crypto-1.0.7-bin.zip.asc gpg: assuming signed data in 'fulcrum-yaafi-crypto-1.0.7-bin.zip' gpg: Signature made Thu 08 Nov 2018 03:17:11 PM EST gpg: using RSA key F325EA8120E1E588FC5EC9A9207EE518D34FA936 gpg: Good signature from "Jeffery Painter <[email protected]>" [ultimate] gpg: aka "Jeffery Painter (CODE SIGNING KEY) <[email protected]>" [ultimate] 3. I updated the NOTICE.txt in the tagged version, and I also double checked all the other fulcrum components as well. I have released the artifacts from Nexus and continuing to follow Georg's notes on how to finalize the release. Thank you for all your help (and votes)! -- Jeffery On 11/18/18 1:08 PM, Thomas Vandahl wrote: > Hi Jeff, > > On 08.11.18 21:39, Jeffery Painter wrote: >> Please verify this release candidate carefully and vote. >> >> Tag: >> https://svn.apache.org/repos/asf/turbine/fulcrum/tags/fulcrum-yaafi-crypto-1.0.7 >> >> Artifacts: >> https://repository.apache.org/content/repositories/orgapacheturbine-1035 >> >> [X] +1 release it >> [ ] +0 go ahead I don't care >> [ ] -1 no, do not release it because > Build and tests run fine. The compiler complains about using deprecated > APIs (I didn't check that further). Signature is ok. Didn't you write > your key had been signed at ApacheCon? The key you used for signing has > no such signatures. > > Please update NOTICE.txt in the tag. The contents is utter nonsense. > > Bye, Thomas >
signature.asc
Description: OpenPGP digital signature
