Lin Lin, -1 (binding) I have verified the packages, all good: - unit tests are passing (many flaky tests) - RAT passes - build passes (JDK11 on Ubuntu) - Pulsar standalone works (basic smoke tests)
But I am not able to verify the signatures. Please check the commands you used to stage the release, probably you used the wrong key I have imported the key from https://dist.apache.org/repos/dist/dev/pulsar/KEYS This is the output... Enrico gpg --verify apache-pulsar-2.8.2-bin.tar.gz.asc gpg: assuming signed data in 'apache-pulsar-2.8.2-bin.tar.gz' gpg: Signature made Wed 1 Dec 04:55:01 2021 CET gpg: using RSA key 460CEE75D2A7049C94B93FA2249DF015663A88B9 gpg: BAD signature from "linlin <lin...@apache.org>" [unknown] gpg: assuming signed data in 'apache-pulsar-2.8.2-src.tar.gz' gpg: Signature made Wed 1 Dec 04:55:06 2021 CET gpg: using RSA key 460CEE75D2A7049C94B93FA2249DF015663A88B9 gpg: BAD signature from "linlin <lin...@apache.org>" [unknown] gpg: assuming signed data in 'apache-pulsar-offloaders-2.8.2-bin.tar.gz' gpg: Signature made Wed 1 Dec 04:55:03 2021 CET gpg: using RSA key 460CEE75D2A7049C94B93FA2249DF015663A88B9 gpg: BAD signature from "linlin <lin...@apache.org>" [unknown] Il giorno mar 14 dic 2021 alle ore 11:25 Massimiliano Mirelli < massimilianomirelli...@gmail.com> ha scritto: > Thank you for the rc! > > I also found the same problem mentioned by Nicolo, when running: > > sha512sum -c apache-pulsar-2.8.2-bin.tar.gz > > I get the error: > > sha512sum: WARNING: 1 computed checksum did NOT match > > Also, when verifying the GPG keys, as well, running: > > gpg --verify apache-pulsar-2.8.2-bin.tar.gz > > throws: > > gpg: BAD signature from "linlin <lin...@apache.org>" [unknown] > > On Tue, 14 Dec 2021 at 10:47, Nicolò Boschi <boschi1...@gmail.com> wrote: > > > Thank you for driving the release! > > > > I found out a problem with the checksum of apache-pulsar-2.8.2-bin.tar.gz > > > > You wrote in the email the sha512 is f51e93d5[..]683 and actually it is > > correct (shasum -a 512 apache-pulsar-2.8.2-bin.tar.gz > > But this file ( > > > > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-2.8.2-candidate-1/apache-pulsar-2.8.2-bin.tar.gz.sha512 > > ) > > reports another checksum > > > > Can you please check and confirm? > > > > > > Il giorno mar 14 dic 2021 alle ore 04:26 linlin <lin...@apache.org> ha > > scritto: > > > > > This is the first release candidate for Apache Pulsar, version 2.8.2. > > > > > > It fixes the following issues: > > > > > > > > > https://github.com/apache/pulsar/issues?q=label%3Acherry-picked%2Fbranch-2.8+is%3Aclosed+label%3Arelease%2F2.8.2 > > > > > > *** Please download, test and vote on this release. This vote will stay > > > open > > > for at least 72 hours *** > > > > > > Note that we are voting upon the source (tag), binaries are provided > for > > > convenience. > > > > > > Source and binary files: > > > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-2.8.2-candidate-1/ > > > > > > SHA-512 checksums: > > > > > > > > > f51e93d5caa7ea4ec2616e096ca75dd71bccb475632ee5ff35d713b8f5112689d17315a1cd9350dd8f8f0bdc2e059be5fb179b2b8b3b39aae77e466103294683 > > > apache-pulsar-2.8.2-bin.tar.gz > > > > > > > > > 8540641e76fb541f9dbfaff263946ed19a585266e5de011e78188d78ec4e1c828e8893eb2e783a1ebad866f5513efffd93396b7abd77c347f34ab689badf4fad > > > apache-pulsar-2.8.2-src.tar.gz > > > > > > > > > Maven staging repo: > > > > https://repository.apache.org/content/repositories/orgapachepulsar-1108/ > > > > > > The tag to be voted upon: > > > v2.8.2-candidate-1 > > > https://github.com/apache/pulsar/releases/tag/v2.8.2-candidate-1 > > > > > > Pulsar's KEYS file containing PGP keys we use to sign the release: > > > https://dist.apache.org/repos/dist/dev/pulsar/KEYS > > > > > > Please download the source package, and follow the README to build > > > and run the Pulsar standalone service. > > > > > > Lin Lin > > > > > > > > > -- > > Nicolò Boschi > > >
