On 13 March 2018 at 17:34, Henk P. Penning <penn...@uu.nl> wrote: > On Tue, 13 Mar 2018, Alan Gates wrote: > >> Date: Tue, 13 Mar 2018 18:04:08 +0100 >> From: Alan Gates <alanfga...@gmail.com> >> To: general@incubator.apache.org >> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >> >> I can't find a KEYS file anywhere in HAWQ to check the key >> against. There is also no name associated with the key, so I'm not >> clear how to check the signature. > > > Actually, you don't need a KEYS file to verify a .asc : > > % gpg apache-hawq-src-2.3.0.0-incubating.tar.gz.asc > gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET > gpg: using RSA key CE60F90D1333092A > gpg: Can't check signature: No public key > > No public key ; so, fetch it : > > % gpg --keyserver pgp.surfnet.nl --recv-key CE60F90D1333092A > gpg: requesting key CE60F90D1333092A from hkp server pgp.surfnet.nl > gpg: key CE60F90D1333092A: public key "Yi Jin <y...@apache.org>" imported > gpg: Total number processed: 1 > gpg: imported: 1 (RSA: 1) > > ... and --verify : > > % gpg --verify apache-hawq-src-2.3.0.0-incubating.tar.gz.asc > gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET > gpg: using RSA key CE60F90D1333092A > gpg: Good signature from "Yi Jin <y...@apache.org>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 > 092A > > % gpg --verify apache-hawq-rpm-2.3.0.0-incubating-rc2.tar.gz.asc > gpg: Signature made Tue 27 Feb 2018 04:38:53 AM CET > gpg: using RSA key CE60F90D1333092A > gpg: Good signature from "Yi Jin <y...@apache.org>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 > 092A > > Note : > - Always use long (16-hex) key-id's, because short (8-hex) > key-id's often point (also) to fake keys. > In your $HOME/.gnupg/gpg.conf configure : keyid-format long > - To check that CE60F90D1333092A is authorised to sign the artifacts, > is another matter. > > IMHO, KEYS files serve no purpose.
Since that disagrees with the long-establishe policy, changes need to be agreed with the policy holder before they can be promoted. Also, I think the KEYS file does serve a purpose: - anyone can upload a key to a key-server, but changes to the KEYS file can only be done by a committer/PMC member. - the KEYS file is automatically stored with the archived releases and so acts as an archive of historic keys. > Regards, > > Henk Penning > > ------------------------------------------------------------ _ > Henk P. Penning, ICT-beta R Uithof MG-403 _/ \_ > Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \ > Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ > http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ > >> On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik <ro...@shaposhnik.org> >> wrote: >> >>> +1 (binding) >>> >>> * checked sigs and checksums >>> * checked licenses >>> * checked for archive matching git tag >>> >>> Thanks, >>> Roman. >>> >>> >>> On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik <c...@apache.org> >>> wrote: >>>> >>>> +1 [biding] >>>> >>>> - signature check [ok] >>>> - checksum check [ok] >>>> - licenses check (RAT) [ok] >>>> >>>> I haven't tried to build it because of the complexity of the build >>>> process and multiplicity of the environment configurations. To lower >>>> the entry barrier, I would recommend the community to think how to >>>> wrap these steps into the build system. You can go as far as to >>>> provide an "official" toolchain for the project. In Bigtop, we even >>>> provide official Docker containers were people can start working with >>>> the project in under 2 minutes and without any need for additional >>>> error prone configuration steps. >>>> -- >>>> With regards, >>>> Konstantin (Cos) Boudnik >>>> 2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 E622 >>>> >>>> Disclaimer: Opinions expressed in this email are those of the author, >>>> and do not necessarily represent the views of any company the author >>>> might be affiliated with at the moment of writing. >>>> >>>> >>>> On Tue, Mar 6, 2018 at 6:56 PM, Yi JIN <y...@apache.org> wrote: >>>>> >>>>> Hi IPMC members, >>>>> >>>>> The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has >>>>> passed. >>>>> So I request IPMC now to vote on this release candidate. Thank you! >>>>> >>>>> The release page is here: >>>>> https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0- >>> >>> incubating+Release >>>>> >>>>> >>>>> The PPMC vote thread is located here: >>>>> https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54 >>> >>> 156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E >>>>> >>>>> >>>>> The artifacts can be downloaded here: >>>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0. >>> >>> 0-incubating.RC2/ >>>>> >>>>> The artifacts have been signed with Key : CE60F90D1333092A >>>>> >>>>> All JIRAs completed for this release are tagged with 'FixVersion >>>>> =2.3.0.0-incubating' >>>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa? >>> >>> version=12340262&styleName=Html&projectId=12318826 >>>>> >>>>> >>>>> Please vote accordingly: >>>>> [ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release >>>>> [ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating >>> >>> release >>>>> >>>>> because... >>>>> >>>>> The vote will run for at least 72 hours. >>>>> >>>>> Best regards, >>>>> Yi Jin (yjin) >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>>> For additional commands, e-mail: general-h...@incubator.apache.org >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> For additional commands, e-mail: general-h...@incubator.apache.org >>> >>> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
