Retracting this, found the KEYS (douh...). Still -1 (binding). The release isn't signed by the release manager. Someone else key is used.
- Checked the sha1 - Successfully ran the build - Checked the signature - The archive is signed by the key 593A743B belonging to sboi...@apache.org. However, none of the 2.1.0 RC [VOTE] attempts were started by this person. Which tells me that the private key is simply shared by a number of the committers. And there's no guarantee that it hasn't been leaked outside of the group. And that's pretty serious security flaw, actually. Why the release managers aren't using their own keys? It is easy to generate and sign the keys following guidelines [1]. Committers' keys are easy to validate against the Apache repository [2] Things that need to be improved in the next release: - neither sha1 nor md5 are trustful checksum'ing methods and aren't guaranteeing the authenticity of the source archive. We should be switching to at least sha265 or higher. This has been brought up since the incubation. And warrants for -1 in the next release. - why every other RC Vote is started by a different person? With regards, Cos [1] https://people.apache.org/keys/committer/ [2] https://www.apache.org/dev/new-committers-guide.html#set-up-security-and-pgp-keys On Sat, Jul 22, 2017 at 01:00PM, Konstantin Boudnik wrote: > Am I missing the location of the signing keys? I cannot verivy the signature > of the archive. > > -1 (binding) until then. > > Thanks > Cos > > On Thu, Jul 20, 2017 at 03:34PM, Denis Magda wrote: > > Igniters, > > > > Setting off the vote one more time. Hope I’ll be successful this time, > > keeping fingers crossed :) > > > > We have uploaded a 2.1.0 release candidate to > > https://dist.apache.org/repos/dist/dev/ignite/2.1.0-rc3/ > > > > Git tag name is > > 2.1.0-rc3 > > > > This release includes the following changes: > > > > Ignite: > > * Persistent cache store > > * Added IgniteFuture.listenAsync() and IgniteFuture.chainAsync() mehtods > > * Deprecated IgniteConfiguration.marshaller > > * Updated Lucene dependency to version 5.5.2 > > * Machine learning: implemented K-means clusterization algorithm optimized > > for distributed storages > > * SQL: CREATE TABLE and DROP TABLE commands support > > * SQL: New thin JDBC driver > > * SQL: Improved performance of certain queries, when affinity node can be > > calculated in advance > > * SQL: Fixed return type of AVG() function > > * SQL: BLOB type support added to thick JDBC driver > > * SQL: Improved LocalDate, LocalTime and LocalDateTime support for Java 8 > > * SQL: Added FieldsQueryCursor interface to get fields metadata for > > SqlFieldsQuery > > * ODBC: Implemented DML statement batching > > * Massive performance and stability improvements > > > > Ignite.NET: > > * Automatic remote assembly loading > > * NuGet-based standalone node deployment > > * Added conditional data removeal via LINQ DeleteAll > > * Added TimestampAttribute to control DateTime serialization mode > > * Added local collections joins support to LINQ. > > > > Ignite CPP: > > * Added Compute::Call and Compute::Broadcast methods > > > > Web Console: > > * Implemented support for UNIQUE indexes for key fields on import model > > from RDBMS > > * Added option to show full stack trace on Queries screen > > * Added PK alias generation on Models screen. > > > > Complete list of closed issues: > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20IGNITE%20AND% > > 20fixVersion%20%3D%202.1%20AND%20(status%20%3D%20closed%20or%20status%20%3D% > > 20resolved) > > > > DEVNOTES > > https://git-wip-us.apache.org/repos/asf?p=ignite.git;a=blob_plain;f=DEVNOTES.txt;hb=refs/tags/2.1.0-rc3 > > > > RELEASE NOTES > > https://git-wip-us.apache.org/repos/asf?p=ignite.git;a=blob_plain;f=RELEASE_NOTES.txt;hb=refs/tags/2.1.0-rc3 > > > > Please start voting. > > > > +1 - to accept Apache Ignite 2.1.0-rc3 > > 0 - don't care either way > > -1 - DO NOT accept Apache Ignite 2.1.0-rc3 (explain why) > > > > This vote will go for 72 hours. > > > > — > > Denis > >
signature.asc
Description: Digital signature
