Re: Release Apache Flex Installer 3.4

2018-04-16 Thread Piotr Zarzycki 
Alex,

I just pushed changes to the script and was able to generate on windows
signed artifacts! Now I can somehow build dmg on Mac. I hope that signing I
will be able to do on Windows, cause don't want to go through some
configuration for signing there.

I'm definitely not a Mac user.

Many Thanks for the help. It's moving forward slowly.
Piotr

2018-04-16 19:38 GMT+02:00 Alex Harui :

> Hi Piotr,
>
> In flex-utilities/flex-installer/build.xml, the "release" Ant target
> should take you through signing.  GPG is not used to generate the sha512
> checksums, the Ant checksum task is instead and you will have to modify
> those tasks in build.xml not only with the new algorithm but also the
> correct suffix since the default is not right for Apache.
>
> HTH,
> -Alex
>
> On 4/16/18, 10:30 AM, "Piotr Zarzycki"  wrote:
>
> >Hi Alex,
> >
> >I decided revoke my old key and created new one. I signed releases once,
> >but now I cannot find myself with that. In the Apache resources there
> >suggestion how to configure gpg in order to have SHA-512 [1]. I did it but
> >I'm not sure if I do this archives will be signed appropriately.
> >
> >gpg --armor --output myfile.zip.asc --detach-sig myfile.zip
> >
> >And later separately I should generate somehow SHA-512 hash ?
> >
> >[1]
> >https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fwww.apach
> >e.org%2Fdev%2Fopenpgp.html%23sha-defaults=02%7C01%7Caharui%
> 40adobe.co
> >m%7Cf74cd21ba9c746fa055c08d5a3bfbb2f%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C
> >0%7C0%7C636594966241934576=PG2KpG5LB4m72Z4B7hYJ01K2cPYFo4
> klpDs0U44lc
> >eI%3D=0
> >
> >Thanks,
> >Piotr
> >
> >2018-04-16 3:12 GMT+02:00 Alex Harui :
> >
> >> Hi Piotr,
> >>
> >> I don't see any way to recover your passphrase.  The advice I see is to
> >> keep trying to remember what it was.
> >>
> >> Otherwise, the advice says to create a new key and revoke the old one.
> >>I
> >> could sign this release, but you might as well take the time to either
> >> remember the passphrase or create a new key.
> >>
> >> HTH,
> >> -Alex
> >>
> >> On 4/15/18, 1:34 AM, "Piotr Zarzycki" 
> wrote:
> >>
> >> >Unfortunately I did not remeber may passphrase for signing files. I
> >>have
> >> >private key, revoking keys, but don't know how to actually use it to
> >> >recover it. I did search some way, but cannot find straight
> >>instruction.
> >> >
> >> >Can someone sign for me that release or pass some help on that ?
> >> >
> >> >Thanks,
> >> >Piotr
> >> >
> >> >2018-04-12 17:52 GMT+02:00 Piotr Zarzycki :
> >> >
> >> >> Hi Alex,
> >> >>
> >> >> I think it is a good idea to have 3.3.1 instead 3.4.
> >> >>
> >> >> Thanks,
> >> >> Piotr
> >> >>
> >> >> 2018-04-12 17:16 GMT+02:00 Alex Harui :
> >> >>
> >> >>> Hi Piotr,
> >> >>>
> >> >>> I think I didn't use the right certificate for 3.2 so folks moving
> >>to
> >> >>>3.3
> >> >>> had a problem.  As long as you use the right certificates for 3.4
> >>there
> >> >>> shouldn't be a problem.
> >> >>>
> >> >>> It occurs to me that we might want to call this release 3.3.1
> >>instead
> >> >>>of
> >> >>> 3.4 since it is a single bug fix release, but up to you.  Is the
> >>only
> >> >>> change the one fix you made?
> >> >>>
> >> >>> Thanks,
> >> >>> -Alex
> >> >>>
> >> >>> On 4/12/18, 1:27 AM, "Piotr Zarzycki" 
> >> >>>wrote:
> >> >>>
> >> >>> >Hi Alex,
> >> >>> >
> >> >>> >IMO something rings into my head that we have had some problems
> >>with
> >> >>>sign
> >> >>> >certificates last time. Do you recall something ?
> >> >>> >
> >> >>> >Thanks,
> >> >>> >Piotr
> >> >>> >
> >> >>> >2018-04-12 10:25 GMT+02:00 Alex Harui :
> >> >>> >
> >> >>> >> I would skip last call and cut the RC.  But yes, use SHA512 with
> >>a
> >> >>> >>.sha512
> >> >>> >> suffix.
> >> >>> >>
> >> >>> >> My 2 cents,
> >> >>> >> -Alex
> >> >>> >>
> >> >>> >> On 4/12/18, 12:48 AM, "Piotr Zarzycki"
> >>
> >> >>> >>wrote:
> >> >>> >>
> >> >>> >> >Hi Guys,
> >> >>> >> >
> >> >>> >> >Since I was able to fix issue with OSMF I would like to prepare
> >> >>> release
> >> >>> >> >candidate. Should I go through the LAST CALL ? Can I omit it and
> >> >>>just
> >> >>> >> >prepare RC1 ?
> >> >>> >> >
> >> >>> >> >I should also sign sources by SH1 yes ?
> >> >>> >> >
> >> >>> >> >Thanks,
> >> >>> >> >--
> >> >>> >> >
> >> >>> >> >Piotr Zarzycki
> >> >>> >> >
> >> >>> >> >Patreon:
> >> >>> >> >*https://na01.safelinks.protection.outlook.com/?url=
> >> >>> >> https%3A%2F%2Fwww.patr
> >> >>> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
> >> >>> >> 7C9f32952e7b6d49
> >> >>> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
> >> >>> >> cee1%7C0%7C0%7C6365911614
> >> >>> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
> >> >>> >> c0%2FkX6RW2doJo%3D=0
> >> >>> >>

Re: Release Apache Flex Installer 3.4

2018-04-16 Thread Alex Harui 
Hi Piotr,

In flex-utilities/flex-installer/build.xml, the "release" Ant target
should take you through signing.  GPG is not used to generate the sha512
checksums, the Ant checksum task is instead and you will have to modify
those tasks in build.xml not only with the new algorithm but also the
correct suffix since the default is not right for Apache.

HTH,
-Alex

On 4/16/18, 10:30 AM, "Piotr Zarzycki"  wrote:

>Hi Alex,
>
>I decided revoke my old key and created new one. I signed releases once,
>but now I cannot find myself with that. In the Apache resources there
>suggestion how to configure gpg in order to have SHA-512 [1]. I did it but
>I'm not sure if I do this archives will be signed appropriately.
>
>gpg --armor --output myfile.zip.asc --detach-sig myfile.zip
>
>And later separately I should generate somehow SHA-512 hash ?
>
>[1] 
>https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.apach
>e.org%2Fdev%2Fopenpgp.html%23sha-defaults=02%7C01%7Caharui%40adobe.co
>m%7Cf74cd21ba9c746fa055c08d5a3bfbb2f%7Cfa7b1b5a7b34438794aed2c178decee1%7C
>0%7C0%7C636594966241934576=PG2KpG5LB4m72Z4B7hYJ01K2cPYFo4klpDs0U44lc
>eI%3D=0
>
>Thanks,
>Piotr
>
>2018-04-16 3:12 GMT+02:00 Alex Harui :
>
>> Hi Piotr,
>>
>> I don't see any way to recover your passphrase.  The advice I see is to
>> keep trying to remember what it was.
>>
>> Otherwise, the advice says to create a new key and revoke the old one.
>>I
>> could sign this release, but you might as well take the time to either
>> remember the passphrase or create a new key.
>>
>> HTH,
>> -Alex
>>
>> On 4/15/18, 1:34 AM, "Piotr Zarzycki"  wrote:
>>
>> >Unfortunately I did not remeber may passphrase for signing files. I
>>have
>> >private key, revoking keys, but don't know how to actually use it to
>> >recover it. I did search some way, but cannot find straight
>>instruction.
>> >
>> >Can someone sign for me that release or pass some help on that ?
>> >
>> >Thanks,
>> >Piotr
>> >
>> >2018-04-12 17:52 GMT+02:00 Piotr Zarzycki :
>> >
>> >> Hi Alex,
>> >>
>> >> I think it is a good idea to have 3.3.1 instead 3.4.
>> >>
>> >> Thanks,
>> >> Piotr
>> >>
>> >> 2018-04-12 17:16 GMT+02:00 Alex Harui :
>> >>
>> >>> Hi Piotr,
>> >>>
>> >>> I think I didn't use the right certificate for 3.2 so folks moving
>>to
>> >>>3.3
>> >>> had a problem.  As long as you use the right certificates for 3.4
>>there
>> >>> shouldn't be a problem.
>> >>>
>> >>> It occurs to me that we might want to call this release 3.3.1
>>instead
>> >>>of
>> >>> 3.4 since it is a single bug fix release, but up to you.  Is the
>>only
>> >>> change the one fix you made?
>> >>>
>> >>> Thanks,
>> >>> -Alex
>> >>>
>> >>> On 4/12/18, 1:27 AM, "Piotr Zarzycki" 
>> >>>wrote:
>> >>>
>> >>> >Hi Alex,
>> >>> >
>> >>> >IMO something rings into my head that we have had some problems
>>with
>> >>>sign
>> >>> >certificates last time. Do you recall something ?
>> >>> >
>> >>> >Thanks,
>> >>> >Piotr
>> >>> >
>> >>> >2018-04-12 10:25 GMT+02:00 Alex Harui :
>> >>> >
>> >>> >> I would skip last call and cut the RC.  But yes, use SHA512 with
>>a
>> >>> >>.sha512
>> >>> >> suffix.
>> >>> >>
>> >>> >> My 2 cents,
>> >>> >> -Alex
>> >>> >>
>> >>> >> On 4/12/18, 12:48 AM, "Piotr Zarzycki"
>>
>> >>> >>wrote:
>> >>> >>
>> >>> >> >Hi Guys,
>> >>> >> >
>> >>> >> >Since I was able to fix issue with OSMF I would like to prepare
>> >>> release
>> >>> >> >candidate. Should I go through the LAST CALL ? Can I omit it and
>> >>>just
>> >>> >> >prepare RC1 ?
>> >>> >> >
>> >>> >> >I should also sign sources by SH1 yes ?
>> >>> >> >
>> >>> >> >Thanks,
>> >>> >> >--
>> >>> >> >
>> >>> >> >Piotr Zarzycki
>> >>> >> >
>> >>> >> >Patreon:
>> >>> >> >*https://na01.safelinks.protection.outlook.com/?url=
>> >>> >> https%3A%2F%2Fwww.patr
>> >>> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
>> >>> >> 7C9f32952e7b6d49
>> >>> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
>> >>> >> cee1%7C0%7C0%7C6365911614
>> >>> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
>> >>> >> c0%2FkX6RW2doJo%3D=0
>> >>> >> >> >>> >> https%3A%2F%2Fwww.patr
>> >>> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
>> >>> >> 7C9f32952e7b6d49
>> >>> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
>> >>> >> cee1%7C0%7C0%7C6365911614
>> >>> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
>> >>> >> c0%2FkX6RW2doJo%3D=0
>> >>> >> >>*
>> >>> >>
>> >>> >>
>> >>> >
>> >>> >
>> >>> >--
>> >>> >
>> >>> >Piotr Zarzycki
>> >>> >
>> >>> >Patreon:
>> >>> >*https://na01.safelinks.protection.outlook.com/?url=https%
>> >>> 3A%2F%2Fwww.patr
>> >>> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7
>> >>> Cc66b636ca44d41
>> >>> >a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%
>> >>>

Re: Release Apache Flex Installer 3.4

2018-04-16 Thread Piotr Zarzycki 
Hi Alex,

I decided revoke my old key and created new one. I signed releases once,
but now I cannot find myself with that. In the Apache resources there
suggestion how to configure gpg in order to have SHA-512 [1]. I did it but
I'm not sure if I do this archives will be signed appropriately.

gpg --armor --output myfile.zip.asc --detach-sig myfile.zip

And later separately I should generate somehow SHA-512 hash ?

[1] https://www.apache.org/dev/openpgp.html#sha-defaults

Thanks,
Piotr

2018-04-16 3:12 GMT+02:00 Alex Harui :

> Hi Piotr,
>
> I don't see any way to recover your passphrase.  The advice I see is to
> keep trying to remember what it was.
>
> Otherwise, the advice says to create a new key and revoke the old one.  I
> could sign this release, but you might as well take the time to either
> remember the passphrase or create a new key.
>
> HTH,
> -Alex
>
> On 4/15/18, 1:34 AM, "Piotr Zarzycki"  wrote:
>
> >Unfortunately I did not remeber may passphrase for signing files. I have
> >private key, revoking keys, but don't know how to actually use it to
> >recover it. I did search some way, but cannot find straight instruction.
> >
> >Can someone sign for me that release or pass some help on that ?
> >
> >Thanks,
> >Piotr
> >
> >2018-04-12 17:52 GMT+02:00 Piotr Zarzycki :
> >
> >> Hi Alex,
> >>
> >> I think it is a good idea to have 3.3.1 instead 3.4.
> >>
> >> Thanks,
> >> Piotr
> >>
> >> 2018-04-12 17:16 GMT+02:00 Alex Harui :
> >>
> >>> Hi Piotr,
> >>>
> >>> I think I didn't use the right certificate for 3.2 so folks moving to
> >>>3.3
> >>> had a problem.  As long as you use the right certificates for 3.4 there
> >>> shouldn't be a problem.
> >>>
> >>> It occurs to me that we might want to call this release 3.3.1 instead
> >>>of
> >>> 3.4 since it is a single bug fix release, but up to you.  Is the only
> >>> change the one fix you made?
> >>>
> >>> Thanks,
> >>> -Alex
> >>>
> >>> On 4/12/18, 1:27 AM, "Piotr Zarzycki" 
> >>>wrote:
> >>>
> >>> >Hi Alex,
> >>> >
> >>> >IMO something rings into my head that we have had some problems with
> >>>sign
> >>> >certificates last time. Do you recall something ?
> >>> >
> >>> >Thanks,
> >>> >Piotr
> >>> >
> >>> >2018-04-12 10:25 GMT+02:00 Alex Harui :
> >>> >
> >>> >> I would skip last call and cut the RC.  But yes, use SHA512 with a
> >>> >>.sha512
> >>> >> suffix.
> >>> >>
> >>> >> My 2 cents,
> >>> >> -Alex
> >>> >>
> >>> >> On 4/12/18, 12:48 AM, "Piotr Zarzycki" 
> >>> >>wrote:
> >>> >>
> >>> >> >Hi Guys,
> >>> >> >
> >>> >> >Since I was able to fix issue with OSMF I would like to prepare
> >>> release
> >>> >> >candidate. Should I go through the LAST CALL ? Can I omit it and
> >>>just
> >>> >> >prepare RC1 ?
> >>> >> >
> >>> >> >I should also sign sources by SH1 yes ?
> >>> >> >
> >>> >> >Thanks,
> >>> >> >--
> >>> >> >
> >>> >> >Piotr Zarzycki
> >>> >> >
> >>> >> >Patreon:
> >>> >> >*https://na01.safelinks.protection.outlook.com/?url=
> >>> >> https%3A%2F%2Fwww.patr
> >>> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
> >>> >> 7C9f32952e7b6d49
> >>> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
> >>> >> cee1%7C0%7C0%7C6365911614
> >>> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
> >>> >> c0%2FkX6RW2doJo%3D=0
> >>> >> > >>> >> https%3A%2F%2Fwww.patr
> >>> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
> >>> >> 7C9f32952e7b6d49
> >>> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
> >>> >> cee1%7C0%7C0%7C6365911614
> >>> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
> >>> >> c0%2FkX6RW2doJo%3D=0
> >>> >> >>*
> >>> >>
> >>> >>
> >>> >
> >>> >
> >>> >--
> >>> >
> >>> >Piotr Zarzycki
> >>> >
> >>> >Patreon:
> >>> >*https://na01.safelinks.protection.outlook.com/?url=https%
> >>> 3A%2F%2Fwww.patr
> >>> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7
> >>> Cc66b636ca44d41
> >>> >a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%
> >>> 7C0%7C6365911850
> >>> >76278362=ui83E66leJRPwW%2BWG6oseX3Y9EYL%2BNyQjwRFm6SQ
> >>> OJA%3D
> >>> >=0
> >>> > >>> 3A%2F%2Fwww.patr
> >>> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7
> >>> Cc66b636ca44d41
> >>> >a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%
> >>> 7C0%7C6365911850
> >>> >76278362=ui83E66leJRPwW%2BWG6oseX3Y9EYL%2BNyQjwRFm6SQ
> >>> OJA%3D
> >>> >=0>*
> >>>
> >>>
> >>
> >>
> >> --
> >>
> >> Piotr Zarzycki
> >>
> >> Patreon:
> >>*https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fwww.pat
> >>reon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com
> %7Cd7af70c9f1f1
> >>44ec8dce08d5a2abb667%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C0%7C0%7C6365937
> >>80794811935=X7Koolzj3qpIJJi3OlMnM1FuuPOrBh
> atrV%2B5o1zHTBw%3D
> >>ed=0
> >>
>

Re: Release Apache Flex Installer 3.4

2018-04-15 Thread Alex Harui 
Hi Piotr,

I don't see any way to recover your passphrase.  The advice I see is to
keep trying to remember what it was.

Otherwise, the advice says to create a new key and revoke the old one.  I
could sign this release, but you might as well take the time to either
remember the passphrase or create a new key.

HTH,
-Alex

On 4/15/18, 1:34 AM, "Piotr Zarzycki"  wrote:

>Unfortunately I did not remeber may passphrase for signing files. I have
>private key, revoking keys, but don't know how to actually use it to
>recover it. I did search some way, but cannot find straight instruction.
>
>Can someone sign for me that release or pass some help on that ?
>
>Thanks,
>Piotr
>
>2018-04-12 17:52 GMT+02:00 Piotr Zarzycki :
>
>> Hi Alex,
>>
>> I think it is a good idea to have 3.3.1 instead 3.4.
>>
>> Thanks,
>> Piotr
>>
>> 2018-04-12 17:16 GMT+02:00 Alex Harui :
>>
>>> Hi Piotr,
>>>
>>> I think I didn't use the right certificate for 3.2 so folks moving to
>>>3.3
>>> had a problem.  As long as you use the right certificates for 3.4 there
>>> shouldn't be a problem.
>>>
>>> It occurs to me that we might want to call this release 3.3.1 instead
>>>of
>>> 3.4 since it is a single bug fix release, but up to you.  Is the only
>>> change the one fix you made?
>>>
>>> Thanks,
>>> -Alex
>>>
>>> On 4/12/18, 1:27 AM, "Piotr Zarzycki" 
>>>wrote:
>>>
>>> >Hi Alex,
>>> >
>>> >IMO something rings into my head that we have had some problems with
>>>sign
>>> >certificates last time. Do you recall something ?
>>> >
>>> >Thanks,
>>> >Piotr
>>> >
>>> >2018-04-12 10:25 GMT+02:00 Alex Harui :
>>> >
>>> >> I would skip last call and cut the RC.  But yes, use SHA512 with a
>>> >>.sha512
>>> >> suffix.
>>> >>
>>> >> My 2 cents,
>>> >> -Alex
>>> >>
>>> >> On 4/12/18, 12:48 AM, "Piotr Zarzycki" 
>>> >>wrote:
>>> >>
>>> >> >Hi Guys,
>>> >> >
>>> >> >Since I was able to fix issue with OSMF I would like to prepare
>>> release
>>> >> >candidate. Should I go through the LAST CALL ? Can I omit it and
>>>just
>>> >> >prepare RC1 ?
>>> >> >
>>> >> >I should also sign sources by SH1 yes ?
>>> >> >
>>> >> >Thanks,
>>> >> >--
>>> >> >
>>> >> >Piotr Zarzycki
>>> >> >
>>> >> >Patreon:
>>> >> >*https://na01.safelinks.protection.outlook.com/?url=
>>> >> https%3A%2F%2Fwww.patr
>>> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
>>> >> 7C9f32952e7b6d49
>>> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
>>> >> cee1%7C0%7C0%7C6365911614
>>> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
>>> >> c0%2FkX6RW2doJo%3D=0
>>> >> >>> >> https%3A%2F%2Fwww.patr
>>> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
>>> >> 7C9f32952e7b6d49
>>> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
>>> >> cee1%7C0%7C0%7C6365911614
>>> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
>>> >> c0%2FkX6RW2doJo%3D=0
>>> >> >>*
>>> >>
>>> >>
>>> >
>>> >
>>> >--
>>> >
>>> >Piotr Zarzycki
>>> >
>>> >Patreon:
>>> >*https://na01.safelinks.protection.outlook.com/?url=https%
>>> 3A%2F%2Fwww.patr
>>> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7
>>> Cc66b636ca44d41
>>> >a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%
>>> 7C0%7C6365911850
>>> >76278362=ui83E66leJRPwW%2BWG6oseX3Y9EYL%2BNyQjwRFm6SQ
>>> OJA%3D
>>> >=0
>>> >>> 3A%2F%2Fwww.patr
>>> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7
>>> Cc66b636ca44d41
>>> >a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%
>>> 7C0%7C6365911850
>>> >76278362=ui83E66leJRPwW%2BWG6oseX3Y9EYL%2BNyQjwRFm6SQ
>>> OJA%3D
>>> >=0>*
>>>
>>>
>>
>>
>> --
>>
>> Piotr Zarzycki
>>
>> Patreon: 
>>*https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.pat
>>reon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7Cd7af70c9f1f1
>>44ec8dce08d5a2abb667%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C6365937
>>80794811935=X7Koolzj3qpIJJi3OlMnM1FuuPOrBhatrV%2B5o1zHTBw%3D
>>ed=0
>> 
>>>reon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7Cd7af70c9f1f1
>>44ec8dce08d5a2abb667%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C6365937
>>80794811935=X7Koolzj3qpIJJi3OlMnM1FuuPOrBhatrV%2B5o1zHTBw%3D
>>ed=0>*
>>
>
>
>
>-- 
>
>Piotr Zarzycki
>
>Patreon: 
>*https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.patr
>eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7Cd7af70c9f1f144
>ec8dce08d5a2abb667%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C6365937807
>94811935=X7Koolzj3qpIJJi3OlMnM1FuuPOrBhatrV%2B5o1zHTBw%3D=0
>eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7Cd7af70c9f1f144
>ec8dce08d5a2abb667%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C6365937807

Re: Release Apache Flex Installer 3.4

2018-04-15 Thread Piotr Zarzycki 
Unfortunately I did not remeber may passphrase for signing files. I have
private key, revoking keys, but don't know how to actually use it to
recover it. I did search some way, but cannot find straight instruction.

Can someone sign for me that release or pass some help on that ?

Thanks,
Piotr

2018-04-12 17:52 GMT+02:00 Piotr Zarzycki :

> Hi Alex,
>
> I think it is a good idea to have 3.3.1 instead 3.4.
>
> Thanks,
> Piotr
>
> 2018-04-12 17:16 GMT+02:00 Alex Harui :
>
>> Hi Piotr,
>>
>> I think I didn't use the right certificate for 3.2 so folks moving to 3.3
>> had a problem.  As long as you use the right certificates for 3.4 there
>> shouldn't be a problem.
>>
>> It occurs to me that we might want to call this release 3.3.1 instead of
>> 3.4 since it is a single bug fix release, but up to you.  Is the only
>> change the one fix you made?
>>
>> Thanks,
>> -Alex
>>
>> On 4/12/18, 1:27 AM, "Piotr Zarzycki"  wrote:
>>
>> >Hi Alex,
>> >
>> >IMO something rings into my head that we have had some problems with sign
>> >certificates last time. Do you recall something ?
>> >
>> >Thanks,
>> >Piotr
>> >
>> >2018-04-12 10:25 GMT+02:00 Alex Harui :
>> >
>> >> I would skip last call and cut the RC.  But yes, use SHA512 with a
>> >>.sha512
>> >> suffix.
>> >>
>> >> My 2 cents,
>> >> -Alex
>> >>
>> >> On 4/12/18, 12:48 AM, "Piotr Zarzycki" 
>> >>wrote:
>> >>
>> >> >Hi Guys,
>> >> >
>> >> >Since I was able to fix issue with OSMF I would like to prepare
>> release
>> >> >candidate. Should I go through the LAST CALL ? Can I omit it and just
>> >> >prepare RC1 ?
>> >> >
>> >> >I should also sign sources by SH1 yes ?
>> >> >
>> >> >Thanks,
>> >> >--
>> >> >
>> >> >Piotr Zarzycki
>> >> >
>> >> >Patreon:
>> >> >*https://na01.safelinks.protection.outlook.com/?url=
>> >> https%3A%2F%2Fwww.patr
>> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
>> >> 7C9f32952e7b6d49
>> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
>> >> cee1%7C0%7C0%7C6365911614
>> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
>> >> c0%2FkX6RW2doJo%3D=0
>> >> >> >> https%3A%2F%2Fwww.patr
>> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
>> >> 7C9f32952e7b6d49
>> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
>> >> cee1%7C0%7C0%7C6365911614
>> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
>> >> c0%2FkX6RW2doJo%3D=0
>> >> >>*
>> >>
>> >>
>> >
>> >
>> >--
>> >
>> >Piotr Zarzycki
>> >
>> >Patreon:
>> >*https://na01.safelinks.protection.outlook.com/?url=https%
>> 3A%2F%2Fwww.patr
>> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7
>> Cc66b636ca44d41
>> >a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%
>> 7C0%7C6365911850
>> >76278362=ui83E66leJRPwW%2BWG6oseX3Y9EYL%2BNyQjwRFm6SQ
>> OJA%3D
>> >=0
>> >> 3A%2F%2Fwww.patr
>> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7
>> Cc66b636ca44d41
>> >a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%
>> 7C0%7C6365911850
>> >76278362=ui83E66leJRPwW%2BWG6oseX3Y9EYL%2BNyQjwRFm6SQ
>> OJA%3D
>> >=0>*
>>
>>
>
>
> --
>
> Piotr Zarzycki
>
> Patreon: *https://www.patreon.com/piotrzarzycki
> *
>



-- 

Piotr Zarzycki

Patreon: *https://www.patreon.com/piotrzarzycki
*

Re: Release Apache Flex Installer 3.4

2018-04-12 Thread Piotr Zarzycki 
Hi Alex,

I think it is a good idea to have 3.3.1 instead 3.4.

Thanks,
Piotr

2018-04-12 17:16 GMT+02:00 Alex Harui :

> Hi Piotr,
>
> I think I didn't use the right certificate for 3.2 so folks moving to 3.3
> had a problem.  As long as you use the right certificates for 3.4 there
> shouldn't be a problem.
>
> It occurs to me that we might want to call this release 3.3.1 instead of
> 3.4 since it is a single bug fix release, but up to you.  Is the only
> change the one fix you made?
>
> Thanks,
> -Alex
>
> On 4/12/18, 1:27 AM, "Piotr Zarzycki"  wrote:
>
> >Hi Alex,
> >
> >IMO something rings into my head that we have had some problems with sign
> >certificates last time. Do you recall something ?
> >
> >Thanks,
> >Piotr
> >
> >2018-04-12 10:25 GMT+02:00 Alex Harui :
> >
> >> I would skip last call and cut the RC.  But yes, use SHA512 with a
> >>.sha512
> >> suffix.
> >>
> >> My 2 cents,
> >> -Alex
> >>
> >> On 4/12/18, 12:48 AM, "Piotr Zarzycki" 
> >>wrote:
> >>
> >> >Hi Guys,
> >> >
> >> >Since I was able to fix issue with OSMF I would like to prepare release
> >> >candidate. Should I go through the LAST CALL ? Can I omit it and just
> >> >prepare RC1 ?
> >> >
> >> >I should also sign sources by SH1 yes ?
> >> >
> >> >Thanks,
> >> >--
> >> >
> >> >Piotr Zarzycki
> >> >
> >> >Patreon:
> >> >*https://na01.safelinks.protection.outlook.com/?url=
> >> https%3A%2F%2Fwww.patr
> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
> >> 7C9f32952e7b6d49
> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
> >> cee1%7C0%7C0%7C6365911614
> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
> >> c0%2FkX6RW2doJo%3D=0
> >> > >> https%3A%2F%2Fwww.patr
> >> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
> >> 7C9f32952e7b6d49
> >> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
> >> cee1%7C0%7C0%7C6365911614
> >> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
> >> c0%2FkX6RW2doJo%3D=0
> >> >>*
> >>
> >>
> >
> >
> >--
> >
> >Piotr Zarzycki
> >
> >Patreon:
> >*https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fwww.patr
> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
> 7Cc66b636ca44d41
> >a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C0%7C0%7C6365911850
> >76278362=ui83E66leJRPwW%2BWG6oseX3Y9EYL%
> 2BNyQjwRFm6SQOJA%3D
> >=0
> > https%3A%2F%2Fwww.patr
> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
> 7Cc66b636ca44d41
> >a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C0%7C0%7C6365911850
> >76278362=ui83E66leJRPwW%2BWG6oseX3Y9EYL%
> 2BNyQjwRFm6SQOJA%3D
> >=0>*
>
>


-- 

Piotr Zarzycki

Patreon: *https://www.patreon.com/piotrzarzycki
*

Re: Release Apache Flex Installer 3.4

2018-04-12 Thread Alex Harui 
Hi Piotr,

I think I didn't use the right certificate for 3.2 so folks moving to 3.3
had a problem.  As long as you use the right certificates for 3.4 there
shouldn't be a problem.

It occurs to me that we might want to call this release 3.3.1 instead of
3.4 since it is a single bug fix release, but up to you.  Is the only
change the one fix you made?

Thanks,
-Alex

On 4/12/18, 1:27 AM, "Piotr Zarzycki"  wrote:

>Hi Alex,
>
>IMO something rings into my head that we have had some problems with sign
>certificates last time. Do you recall something ?
>
>Thanks,
>Piotr
>
>2018-04-12 10:25 GMT+02:00 Alex Harui :
>
>> I would skip last call and cut the RC.  But yes, use SHA512 with a
>>.sha512
>> suffix.
>>
>> My 2 cents,
>> -Alex
>>
>> On 4/12/18, 12:48 AM, "Piotr Zarzycki" 
>>wrote:
>>
>> >Hi Guys,
>> >
>> >Since I was able to fix issue with OSMF I would like to prepare release
>> >candidate. Should I go through the LAST CALL ? Can I omit it and just
>> >prepare RC1 ?
>> >
>> >I should also sign sources by SH1 yes ?
>> >
>> >Thanks,
>> >--
>> >
>> >Piotr Zarzycki
>> >
>> >Patreon:
>> >*https://na01.safelinks.protection.outlook.com/?url=
>> https%3A%2F%2Fwww.patr
>> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
>> 7C9f32952e7b6d49
>> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
>> cee1%7C0%7C0%7C6365911614
>> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
>> c0%2FkX6RW2doJo%3D=0
>> >> https%3A%2F%2Fwww.patr
>> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
>> 7C9f32952e7b6d49
>> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
>> cee1%7C0%7C0%7C6365911614
>> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
>> c0%2FkX6RW2doJo%3D=0
>> >>*
>>
>>
>
>
>-- 
>
>Piotr Zarzycki
>
>Patreon: 
>*https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.patr
>eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7Cc66b636ca44d41
>a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C6365911850
>76278362=ui83E66leJRPwW%2BWG6oseX3Y9EYL%2BNyQjwRFm6SQOJA%3D
>=0
>eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7Cc66b636ca44d41
>a90d9608d5a04f4c24%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C6365911850
>76278362=ui83E66leJRPwW%2BWG6oseX3Y9EYL%2BNyQjwRFm6SQOJA%3D
>=0>*

Re: Release Apache Flex Installer 3.4

2018-04-12 Thread Piotr Zarzycki 
Hi Alex,

IMO something rings into my head that we have had some problems with sign
certificates last time. Do you recall something ?

Thanks,
Piotr

2018-04-12 10:25 GMT+02:00 Alex Harui :

> I would skip last call and cut the RC.  But yes, use SHA512 with a .sha512
> suffix.
>
> My 2 cents,
> -Alex
>
> On 4/12/18, 12:48 AM, "Piotr Zarzycki"  wrote:
>
> >Hi Guys,
> >
> >Since I was able to fix issue with OSMF I would like to prepare release
> >candidate. Should I go through the LAST CALL ? Can I omit it and just
> >prepare RC1 ?
> >
> >I should also sign sources by SH1 yes ?
> >
> >Thanks,
> >--
> >
> >Piotr Zarzycki
> >
> >Patreon:
> >*https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fwww.patr
> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
> 7C9f32952e7b6d49
> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C0%7C0%7C6365911614
> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
> c0%2FkX6RW2doJo%3D=0
> > https%3A%2F%2Fwww.patr
> >eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%
> 7C9f32952e7b6d49
> >3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C0%7C0%7C6365911614
> >63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOj
> c0%2FkX6RW2doJo%3D=0
> >>*
>
>


-- 

Piotr Zarzycki

Patreon: *https://www.patreon.com/piotrzarzycki
*

Re: Release Apache Flex Installer 3.4

2018-04-12 Thread Alex Harui 
I would skip last call and cut the RC.  But yes, use SHA512 with a .sha512
suffix.

My 2 cents,
-Alex

On 4/12/18, 12:48 AM, "Piotr Zarzycki"  wrote:

>Hi Guys,
>
>Since I was able to fix issue with OSMF I would like to prepare release
>candidate. Should I go through the LAST CALL ? Can I omit it and just
>prepare RC1 ?
>
>I should also sign sources by SH1 yes ?
>
>Thanks,
>-- 
>
>Piotr Zarzycki
>
>Patreon: 
>*https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.patr
>eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7C9f32952e7b6d49
>3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C6365911614
>63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOjc0%2FkX6RW2doJo%3D=0
>eon.com%2Fpiotrzarzycki=02%7C01%7Caharui%40adobe.com%7C9f32952e7b6d49
>3c7e1708d5a049d920%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C6365911614
>63234704=oyZAeVftnVBPZmKVyASyh4quCnDfOjc0%2FkX6RW2doJo%3D=0
>>*

Release Apache Flex Installer 3.4

2018-04-12 Thread Piotr Zarzycki 
Hi Guys,

Since I was able to fix issue with OSMF I would like to prepare release
candidate. Should I go through the LAST CALL ? Can I omit it and just
prepare RC1 ?

I should also sign sources by SH1 yes ?

Thanks,
-- 

Piotr Zarzycki

Patreon: *https://www.patreon.com/piotrzarzycki
*