I met Clint Adams at PyCon US in July at a mini-keysigning party, but he hasn't signed my key yet. I should bug him again and exchange keys with more people on biglumber and Apache committers map.
Nick Burch is 3 signatures away from Clint Adams. https://pgp.cs.uu.nl/paths/D84E41AE/to/B0AE9A02.html David Fischer is 4 signatures away https://pgp.cs.uu.nl/paths/3C7705CF/to/B0AE9A02.html Tim Allison is 3 signatures away https://pgp.cs.uu.nl/paths/79A7DD28/to/B0AE9A02.html Mark Thomas (board) is 3 signatures away https://pgp.cs.uu.nl/paths/2F6059E7/to/B0AE9A02.html There might be paths for the rest of the POI PMC, but this site only links keys in the strong web of trust. That said, if anyone on this mailing list finds themselves in the San Francisco Bay Area, Los Angeles, or Portland, Oregon USA, I will gladly meet up for keysigning. https://people.apache.org/phonebook.html?pmc=poi https://community.zones.apache.org/map.html On Tue, Nov 15, 2016 at 11:27 PM, David North <dno...@apache.org> wrote: > Hi Javen, > > Thanks for taking on this release. Hopefully I'll have time to try it > against our big POI-using projects at work a bit later today. > > Meanwhile, it would be good if we could strengthen your PGP key's ties > to the web of trust - at the moment, you, Dominik and Andreas have > signed each others' keys, but that graph doesn't link back to a larger > web. I'm not going to vote against for a beta release on those grounds, > but it would be a concern for a full release. > > I'll be at the ApacheCon Europe keysigning tomorrow night, so perhaps > there will be someone there who is geographically local one of you > three, so my signing their key will allow them to bridge the gap. > > Thanks, > David > > On 13/11/16 12:06, Javen O'Neal wrote: >> Hallo, >> >> I have prepared artifacts for the release of Apache POI 3.16-beta1 (RC1). >> >> Copied from the new summary section in the changelog [1], the most >> notable changes in this release are: >> >> - Initial work on adding a Gradle build, the Ant based build is >> currently still the official buildsystem, but there are plans to replace >> this with Gradle in the future. >> - Add support for password protected files with "Microsoft Enhanced >> Cryptographic Provider v1.0" >> - Improve support for reading VBA macros >> - Examples to encrypt temp files in SXSSF >> >> https://dist.apache.org/repos/dist/dev/poi/3.16-beta1-RC1/ >> >> What to look for? >> - verify the artifacts' md5 and sha1 hashes and asc signature. This is >> my first POI release and my first release signed with 8BABDD6C, so you >> may need to import it into your keystore. >> This key is included in the following KEYS files [2], [3]. >> It is also be found by searching on [4], [5], or most other PGP key servers. >> Steps to verify this are at the end of this email. >> - add, remove, or modify notable changes. I believe these notes are >> separate from the artifacts, so the changes can be updated without >> necessarily rolling a new release (though no big deal if this needs done). >> - maybe run another common-crawl test >> - check for unintentional API breaks >> - verify enum-related (bug 59836 [6]) unintentional API breaks in 3.15 >> are fixed in this 3.16 beta >> >> Please vote [7] to release the artifacts. Please vote 0 if everything >> looks good but you did not have time to test the artifacts in a POI >> powered application. >> >> The vote stays open for at least 72hrs, 2016-11-17, 23:59 UTC, staying >> open until we have analyzed the results of common-crawl. >> If no issues are discovered, the planned release announcement date is >> Wednesday, 2016-11-23. >> >> Javen O'Neal >> >> Steps to verify the build artifacts: >> wget https://dist.apache.org/repos/dist/dev/poi/KEYS; gpg --import KEYS >> gpg --import KEYS >> (alternatively, gpg --keyserver pgp.mit.edu --recv-key 8BABDD6C) >> svn checkout https://dist.apache.org/repos/dist/dev/poi/3.16-beta1-RC1 >> cd 3.16-beta1-RC1 >> find . -name "*.md5" -type f -execdir md5sum -c {} \; >> find . -name "*.sha1" -type f -execdir sha1sum -c {} \; >> find . -name "*.asc" -exec gpg --no-secmem-warning --verify {} \; >> >> More detailed instructions can be found at >> https://poi.apache.org/download.html#verify >> >> [1] https://poi.apache.org/changes.html >> [2] https://dist.apache.org/repos/dist/dev/poi/KEYS >> [3] https://svn.apache.org/repos/asf/poi/trunk/KEYS >> [4] https://people.apache.org/keys/ >> [5] https://pgp.mit.edu/ >> [6] https://bz.apache.org/bugzilla/show_bug.cgi?id=59836 >> [7] >> https://www.apache.org/foundation/voting.html#expressing-votes-1-0-1-and-fractions >> > > -- > David North | www.dnorth.net > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org >
signature.asc
Description: OpenPGP digital signature
