Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-07 Thread Till Toenshoff 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/#review198794
---


Ship it!





support/vote.sh
Lines 36-38 (patched)


Thanks a bunch for this - much appreciated.


- Till Toenshoff


On March 7, 2018, 12:37 p.m., Benjamin Bannier wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65905/
> ---
> 
> (Updated March 7, 2018, 12:37 p.m.)
> 
> 
> Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Apache now requires SHA checksum files instead of the previously
> required MD5, see the [signing recommendations](1). This patch updates
> the Mesos vote and release tooling to accommodate that change in
> policy. We use SHA512 as recommended in the [Apache SHA checksum
> FAQ](2).
> 
> We also fix the format of the produced digest file to be compatible
> with `sha512sum` to ease automatic release verification.
> 
> [1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
> [2]: http://www.apache.org/dev/release-signing#sha-checksum
> 
> 
> Diffs
> -
> 
>   support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
>   support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 
> 
> 
> Diff: https://reviews.apache.org/r/65905/diff/4/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-07 Thread Mesos Reviewbot Windows 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/#review198789
---



PASS: Mesos patch 65905 was successfully built and tested.

Reviews applied: `['65905']`

All the build artifacts available at: 
http://dcos-win.westus.cloudapp.azure.com/mesos-build/review/65905

- Mesos Reviewbot Windows


On March 7, 2018, 12:37 p.m., Benjamin Bannier wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65905/
> ---
> 
> (Updated March 7, 2018, 12:37 p.m.)
> 
> 
> Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Apache now requires SHA checksum files instead of the previously
> required MD5, see the [signing recommendations](1). This patch updates
> the Mesos vote and release tooling to accommodate that change in
> policy. We use SHA512 as recommended in the [Apache SHA checksum
> FAQ](2).
> 
> We also fix the format of the produced digest file to be compatible
> with `sha512sum` to ease automatic release verification.
> 
> [1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
> [2]: http://www.apache.org/dev/release-signing#sha-checksum
> 
> 
> Diffs
> -
> 
>   support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
>   support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 
> 
> 
> Diff: https://reviews.apache.org/r/65905/diff/4/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-07 Thread Benjamin Bannier 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/
---

(Updated March 7, 2018, 1:37 p.m.)


Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.


Changes
---

Make script with homebrew's coreutils as suggested by Till offline.


Repository: mesos


Description
---

Apache now requires SHA checksum files instead of the previously
required MD5, see the [signing recommendations](1). This patch updates
the Mesos vote and release tooling to accommodate that change in
policy. We use SHA512 as recommended in the [Apache SHA checksum
FAQ](2).

We also fix the format of the produced digest file to be compatible
with `sha512sum` to ease automatic release verification.

[1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
[2]: http://www.apache.org/dev/release-signing#sha-checksum


Diffs (updated)
-

  support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
  support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 


Diff: https://reviews.apache.org/r/65905/diff/4/

Changes: https://reviews.apache.org/r/65905/diff/3-4/


Testing
---


Thanks,

Benjamin Bannier

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-05 Thread Mesos Reviewbot 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/#review198658
---



Patch looks great!

Reviews applied: [65838, 65905]

Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' 
CONFIGURATION='--verbose --disable-libtool-wrappers' ENVIRONMENT='GLOG_v=1 
MESOS_VERBOSE=1'; ./support/docker-build.sh

- Mesos Reviewbot


On March 5, 2018, 9:02 a.m., Benjamin Bannier wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65905/
> ---
> 
> (Updated March 5, 2018, 9:02 a.m.)
> 
> 
> Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Apache now requires SHA checksum files instead of the previously
> required MD5, see the [signing recommendations](1). This patch updates
> the Mesos vote and release tooling to accommodate that change in
> policy. We use SHA512 as recommended in the [Apache SHA checksum
> FAQ](2).
> 
> We also fix the format of the produced digest file to be compatible
> with `sha512sum` to ease automatic release verification.
> 
> [1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
> [2]: http://www.apache.org/dev/release-signing#sha-checksum
> 
> 
> Diffs
> -
> 
>   support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
>   support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 
> 
> 
> Diff: https://reviews.apache.org/r/65905/diff/3/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-05 Thread James Peach 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/#review198639
---


Ship it!




Ship It!

- James Peach


On March 5, 2018, 5:02 p.m., Benjamin Bannier wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65905/
> ---
> 
> (Updated March 5, 2018, 5:02 p.m.)
> 
> 
> Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Apache now requires SHA checksum files instead of the previously
> required MD5, see the [signing recommendations](1). This patch updates
> the Mesos vote and release tooling to accommodate that change in
> policy. We use SHA512 as recommended in the [Apache SHA checksum
> FAQ](2).
> 
> We also fix the format of the produced digest file to be compatible
> with `sha512sum` to ease automatic release verification.
> 
> [1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
> [2]: http://www.apache.org/dev/release-signing#sha-checksum
> 
> 
> Diffs
> -
> 
>   support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
>   support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 
> 
> 
> Diff: https://reviews.apache.org/r/65905/diff/3/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-05 Thread Mesos Reviewbot Windows 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/#review198636
---



PASS: Mesos patch 65905 was successfully built and tested.

Reviews applied: `['65838', '65905']`

All the build artifacts available at: 
http://dcos-win.westus.cloudapp.azure.com/mesos-build/review/65905

- Mesos Reviewbot Windows


On March 5, 2018, 5:02 p.m., Benjamin Bannier wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65905/
> ---
> 
> (Updated March 5, 2018, 5:02 p.m.)
> 
> 
> Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Apache now requires SHA checksum files instead of the previously
> required MD5, see the [signing recommendations](1). This patch updates
> the Mesos vote and release tooling to accommodate that change in
> policy. We use SHA512 as recommended in the [Apache SHA checksum
> FAQ](2).
> 
> We also fix the format of the produced digest file to be compatible
> with `sha512sum` to ease automatic release verification.
> 
> [1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
> [2]: http://www.apache.org/dev/release-signing#sha-checksum
> 
> 
> Diffs
> -
> 
>   support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
>   support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 
> 
> 
> Diff: https://reviews.apache.org/r/65905/diff/3/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-05 Thread Benjamin Bannier 


> On March 5, 2018, 5 p.m., James Peach wrote:
> > Dis you consider switching to `sharsum(1)` so that users can also use 
> > `shasum` to verify the signature? I couldn't find a way to get `gpg` to 
> > verify the signature ...

Great point, updated the patch.


- Benjamin


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/#review198629
---


On March 5, 2018, 6:02 p.m., Benjamin Bannier wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65905/
> ---
> 
> (Updated March 5, 2018, 6:02 p.m.)
> 
> 
> Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Apache now requires SHA checksum files instead of the previously
> required MD5, see the [signing recommendations](1). This patch updates
> the Mesos vote and release tooling to accommodate that change in
> policy. We use SHA512 as recommended in the [Apache SHA checksum
> FAQ](2).
> 
> We also fix the format of the produced digest file to be compatible
> with `sha512sum` to ease automatic release verification.
> 
> [1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
> [2]: http://www.apache.org/dev/release-signing#sha-checksum
> 
> 
> Diffs
> -
> 
>   support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
>   support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 
> 
> 
> Diff: https://reviews.apache.org/r/65905/diff/3/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-05 Thread Benjamin Bannier 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/
---

(Updated March 5, 2018, 6:02 p.m.)


Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.


Changes
---

Used output format compatible with `sha512sum` as suggested by James.


Repository: mesos


Description (updated)
---

Apache now requires SHA checksum files instead of the previously
required MD5, see the [signing recommendations](1). This patch updates
the Mesos vote and release tooling to accommodate that change in
policy. We use SHA512 as recommended in the [Apache SHA checksum
FAQ](2).

We also fix the format of the produced digest file to be compatible
with `sha512sum` to ease automatic release verification.

[1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
[2]: http://www.apache.org/dev/release-signing#sha-checksum


Diffs (updated)
-

  support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
  support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 


Diff: https://reviews.apache.org/r/65905/diff/3/

Changes: https://reviews.apache.org/r/65905/diff/2-3/


Testing
---


Thanks,

Benjamin Bannier

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-05 Thread James Peach 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/#review198629
---



Dis you consider switching to `sharsum(1)` so that users can also use `shasum` 
to verify the signature? I couldn't find a way to get `gpg` to verify the 
signature ...

- James Peach


On March 5, 2018, 3:27 p.m., Benjamin Bannier wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65905/
> ---
> 
> (Updated March 5, 2018, 3:27 p.m.)
> 
> 
> Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Apache now requires SHA checksum files instead of the previously
> required MD5, see the [signing recommendations](1). This patch updates
> the Mesos vote and release tooling to accommodate that change in
> policy. We use SHA512 as recommended in the [Apache SHA checksum
> FAQ](2).
> 
> [1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
> [2]: http://www.apache.org/dev/release-signing#sha-checksum
> 
> 
> Diffs
> -
> 
>   support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
>   support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 
> 
> 
> Diff: https://reviews.apache.org/r/65905/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-05 Thread Benjamin Bannier 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/
---

(Updated March 5, 2018, 4:27 p.m.)


Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.


Changes
---

Updated commit message as suggested by Till.


Repository: mesos


Description (updated)
---

Apache now requires SHA checksum files instead of the previously
required MD5, see the [signing recommendations](1). This patch updates
the Mesos vote and release tooling to accommodate that change in
policy. We use SHA512 as recommended in the [Apache SHA checksum
FAQ](2).

[1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
[2]: http://www.apache.org/dev/release-signing#sha-checksum


Diffs (updated)
-

  support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
  support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 


Diff: https://reviews.apache.org/r/65905/diff/2/

Changes: https://reviews.apache.org/r/65905/diff/1-2/


Testing
---


Thanks,

Benjamin Bannier

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-05 Thread Till Toenshoff 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/#review198625
---


Ship it!




Let's link Apache's recommendation to go for SHA512 as found under 
http://www.apache.org/dev/release-signing#sha-checksum in the commit 
description please. Also when using links, please avoid linking the word "here" 
and instead use e.g. "Official Apache signing recommandation" as the linked 
term -- e.g. screen readers play much nicer that way.

- Till Toenshoff


On March 5, 2018, 1:43 p.m., Benjamin Bannier wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65905/
> ---
> 
> (Updated March 5, 2018, 1:43 p.m.)
> 
> 
> Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Apache now requires SHA checksum files instead of the previously
> required MD5, see [here](1). This patch updates the Mesos vote and
> release tooling to accommodate that change in policy.
> 
> [1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
> 
> 
> Diffs
> -
> 
>   support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
>   support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 
> 
> 
> Diff: https://reviews.apache.org/r/65905/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>

Re: Review Request 65905: Used SHA512 for release file checksums.

2018-03-05 Thread Mesos Reviewbot Windows 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/#review198624
---



PASS: Mesos patch 65905 was successfully built and tested.

Reviews applied: `['65838', '65905']`

All the build artifacts available at: 
http://dcos-win.westus.cloudapp.azure.com/mesos-build/review/65905

- Mesos Reviewbot Windows


On March 5, 2018, 1:43 p.m., Benjamin Bannier wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65905/
> ---
> 
> (Updated March 5, 2018, 1:43 p.m.)
> 
> 
> Review request for mesos, Kapil Arya, Till Toenshoff, and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Apache now requires SHA checksum files instead of the previously
> required MD5, see [here](1). This patch updates the Mesos vote and
> release tooling to accommodate that change in policy.
> 
> [1]: http://www.apache.org/dev/release-distribution#sigs-and-sums
> 
> 
> Diffs
> -
> 
>   support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
>   support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 
> 
> 
> Diff: https://reviews.apache.org/r/65905/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>

Review Request 65905: Used SHA512 for release file checksums.

2018-03-05 Thread Benjamin Bannier 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65905/
---

Review request for mesos, Till Toenshoff and Vinod Kone.


Repository: mesos


Description
---

Apache now requires SHA checksum files instead of the previously
required MD5, see [here](1). This patch updates the Mesos vote and
release tooling to accommodate that change in policy.

[1]: http://www.apache.org/dev/release-distribution#sigs-and-sums


Diffs
-

  support/release.sh 3aeda92e6bd48683cf609fa527633cd47b9f7dce 
  support/vote.sh 649eebc6b5fe1b3783ae0c2c1706f1349ddc436c 


Diff: https://reviews.apache.org/r/65905/diff/1/


Testing
---


Thanks,

Benjamin Bannier