Re: [request to review, and vote] XalanJ 2.7.3 release candidate RC8

[Mukul Gandhi]

Hi Gary,

On Sun, Jan 8, 2023 at 8:05 PM Gary Gregory <garydgreg...@gmail.com> wrote:

> I cannot get a SHA 512 match on:
>
> shasum -a 512 xalan-j_2_7_3-src.zip.asc
> fbf3dfd1440275994efb324c1a5ce19dae3383b379d498f56136a2d91e39dbe9f93ed02d5da281c26f9f6f596bf2899c52cd7744a4966286095bdf2f2f10717e
>  xalan-j_2_7_3-src.zip.asc
>
> cat xalan-j_2_7_3-src.zip.sha512
> build\xalan-j_2_7_3-src.zip: EFBB5976 EFC81E1C 9688F5CF C2C24DAB 9B7F89FC
>                              49C7D244 6CC09339 DC7D7214 E681DD03 AE6065B8
>                              734CB6F0 231D21D0 7AC07B10 8F6F32F6 1BB0E862
>                              E0395334
>
> Also:
>
> shasum -a 512 --check xalan-j_2_7_3-src.zip.asc
> shasum: xalan-j_2_7_3-src.zip.asc: no properly formatted SHA checksum
> lines found

Lets say, we've following three files available within the XalanJ 2.7.3 RC8,

xalan-j_2_7_3-src.zip,
xalan-j_2_7_3-src.zip.sha512,
xalan-j_2_7_3-src.zip.asc

1) The contents of file xalan-j_2_7_3-src.zip.sha512 are following,

build\xalan-j_2_7_3-src.zip: EFBB5976 EFC81E1C 9688F5CF C2C24DAB 9B7F89FC
                                             49C7D244 6CC09339
DC7D7214 E681DD03 AE6065B8
                                             734CB6F0 231D21D0
7AC07B10 8F6F32F6 1BB0E862
                                             E0395334

On Windows PowerShell, when I run the command : Get-FileHash
xalan-j_2_7_3-src.zip -Algorithm SHA512

I get following result (please note the ... at the end of Hash value,
which is produced by windows),

Algorithm       Hash

                       Path
-------------       ------

                              ------
SHA512         
EFBB5976EFC81E1C9688F5CFC2C24DAB9B7F89FC49C7D2446CC09339DC7D7214E68...

Therefore, I don't see any issues with the sha512 checksum that I've
published for the file xalan-j_2_7_3-src.zip.

2) xalan-j_2_7_3-src.zip.asc has the signature of file
xalan-j_2_7_3-src.zip, produced by my private key.

When I run the command gpg --verify xalan-j_2_7_3-src.zip.asc
xalan-j_2_7_3-src.zip, to verify this signature, I get following
result,

gpg: Signature made 07-01-2023 22:49:27 India Standard Time
gpg:                            using RSA key
4D8FB572FB6ADCFD69CBFE0D7B2586A6B5E25C3D
gpg: Good signature from "Mukul Gandhi (CODE SIGNING KEY)
<muk...@apache.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:                    There is no indication that the signature
belongs to the owner.
Primary key fingerprint: 4D8F B572 FB6A DCFD 69CB  FE0D 7B25 86A6 B5E2 5C3D

The above xalan-j_2_7_3-src.zip, file signature also looks ok to me.


-- 
Regards,
Mukul Gandhi

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@xalan.apache.org
For additional commands, e-mail: dev-h...@xalan.apache.org