On Wed, Jan 7, 2009 at 2:36 PM, Simon Laws <[email protected]>wrote:
> > > On Wed, Jan 7, 2009 at 1:19 PM, ant elder <[email protected]> wrote: > >> Ram is presently otherwise engaged so i've created copies of his maven >> staging repo and update site and signed those artifacts: >> >> http://people.apache.org/~antelder/tuscany/1.4-RC4/<http://people.apache.org/%7Eantelder/tuscany/1.4-RC4/> >> >> These should be identical to the ones Ram published, you can see the >> date/time has only changed on the .asc files, so I think it should be ok to >> continue without restarting the vote on a new RC (pending the outcome of the >> TUSCANY-2593 issue). Could some people verify the new artifacts and say if >> they're happy with this continuing on approach? >> >> ...ant >> >> >> On Tue, Jan 6, 2009 at 5:48 PM, Luciano Resende <[email protected]> >> wrote: >> > >> > I'm seeing the same thing as Ant, it looks like the distribution >> > signatures were updated, but not the maven signatures as you can see >> > below by the key ID. >> > >> > Distribution: >> > gpg: Signature made Tue 06 Jan 2009 06:35:56 AM PST using DSA key ID >> 508BD6BB >> > >> > Maven artifacts: >> > >> > gpg: Signature made Wed 31 Dec 2008 08:42:14 AM PST using DSA key ID >> A124B386 >> > gpg: Can't check signature: public key not found >> > >> > >> > On Tue, Jan 6, 2009 at 8:58 AM, ant elder <[email protected]> wrote: >> > > The binary and src distribution signatures look ok to me but I'm >> getting >> > > some failures on the maven artifacts, eg these two: >> > > >> > > C:\Tuscany\Distros\1.4-RC4>gpg --verify >> > > tuscany-binding-ejb-runtime-1.4.jar.asc >> > > gpg: Signature made 12/31/08 17:11:13 using DSA key ID A124B386 >> > > gpg: requesting key A124B386 from hkp server pgp.surfnet.nl >> > > gpgkeys: key 341AA705A124B386 not found on keyserver >> > > gpg: no valid OpenPGP data found. >> > > gpg: Total number processed: 0 >> > > gpg: Can't check signature: public key not found >> > > >> > > C:\Tuscany\Distros\1.4-RC4>gpg --verify site.xml.asc >> > > gpg: Signature made 01/06/09 14:42:21 using DSA key ID 508BD6BB >> > > gpg: BAD signature from "Ramkumar Ramalingam (Code Signing Key) >> > > <[email protected]>" >> > > >> > > ...ant >> > > >> > > On Tue, Jan 6, 2009 at 3:27 PM, Ramkumar R <[email protected]> >> wrote: >> > >> >> > >> Thanks Simon, >> > >> >> > >> The KEYS files have been recreated and the artifacts have been >> resigned >> > >> with the new keys. And the keyserver >> > >> is been updated accordingly. >> > >> >> > >> On Tue, Jan 6, 2009 at 5:26 PM, Simon Laws < >> [email protected]> >> > >> wrote: >> > >>> >> > >>> >> > >>> On Tue, Jan 6, 2009 at 11:31 AM, Ramkumar R <[email protected]> >> > >>> wrote: >> > >>>> >> > >>>> Hi All, >> > >>>> >> > >>>> While including my public keys in the KEYS file[1], noticed that my >> keys >> > >>>> have got an expiry date with it which is one month from the date of >> > >>>> creation. >> > >>>> So I think I might have to recreate the public keys without any >> expiry >> > >>>> date and resign the artifacts in RC4, the actual artifacts (*.jar >> and *.zip) >> > >>>> will not >> > >>>> change but only the signature files. >> > >>>> >> > >>>> I might need your help in verifying the signature once I am done >> with >> > >>>> the same. >> > >>>> >> > >>>> [1] http://svn.apache.org/repos/asf/tuscany/KEYS >> > >>>> >> > >>>> On Mon, Jan 5, 2009 at 3:23 PM, Simon Laws < >> [email protected]> >> > >>>> wrote: >> > >>>>> >> > >>>>> Hi Ram. Happy new year to you also. Thanks for all your hard work >> in >> > >>>>> getting the release together. I've just taken a look through it. >> > >>>>> >> > >>>>> - The samples/demos I tried worked OK >> > >>>>> - The LICENSE file looks OK >> > >>>>> - The RAT files look OK. >> > >>>>> - The src distro built for me on windows >> > >>>>> - I checked the signature on the binary zip file and it looks >> good. >> > >>>>> However you need to include your public key in the KEYS file [1]. >> The KEYS >> > >>>>> file should then be copied to the distro dir when [2] when you >> actually copy >> > >>>>> up the rest of the files. >> > >>>>> >> > >>>>> So +1 from me for the release. >> > >>>>> >> > >>>>> Regards >> > >>>>> >> > >>>>> Simon >> > >>>>> >> > >>>>> [1] http://svn.apache.org/repos/asf/tuscany/KEYS >> > >>>>> [2] http://www.apache.org/dist/tuscany/KEYS >> > >>>> >> > >>>> >> > >>>> >> > >>>> -- >> > >>>> Thanks & Regards, >> > >>>> Ramkumar Ramalingam >> > >>> >> > >>> Ok, Ram. I can give it a spin when you are done. >> > >>> >> > >>> Simon >> > >> >> > >> >> > >> >> > >> -- >> > >> Thanks & Regards, >> > >> Ramkumar Ramalingam >> > > >> > > >> > >> > >> > >> > -- >> > Luciano Resende >> > Apache Tuscany, Apache PhotArk >> > http://people.apache.org/~lresende<http://people.apache.org/%7Elresende> >> > http://lresende.blogspot.com/ >> >> > Hi Ant > > I just ran a maven build of the calculator sample against you duplicate > repo. I verified the new sigs for a couple of modules manually and they look > OK. Having said that I see that Dave has raised an RC4 issue so I guess I > would be good to get a concensus on that before deploying these artifacts. > > Simon > I'm going to change my vote to -1 for the time being while some initial investigation is done on TUSCANY-2593, if we can get a fix done quickly i think it would be worth doing an RC5 with that as its quite a significant regression. ...ant
