Re: [VOTE] Release Apache Milagro (incubating) Crypto Libraries v1.0.0

[Julian Feinauer]

Hi all,

+1 (binding)

I checked
- Download links are valid
- Checksums and PGP signatures are valid for C 
- Checksums and PGP signatures are valid for JS
-  DISCLAIMER, LICENCE & NOTICE files are included
- Artefacts have incubating in name
- No compiled binaries are included
- C Libraries build correctly and all tests pass (make)on macOS Mojave 10.14.4
- JS Libraries build correctly and all tests pass (npm install and npm test) on 
macOS Mojave 10.14.4

Minor issues found:
- Your KEY File is in an unusual location and has an unusual name. Its more 
convenient (IMHO) to have in in the root folder of the project and named KEYS
- DISCLAIMER is formatted not optimally and hard to read (for C and JS)
- I found no RELEASE NOTES for C and JS

The release overall looks pretty good for me and the documentation is done 
really well!

Julian

Am 21.08.19, 16:10 schrieb "John McCane-Whitney" <j...@qredo.com>:

    Hi,
    
    This is a call to vote to release the Apache Milagro (incubating) Crypto 
Libraries v1.0.0.
    
    The Apache Milagro (incubating) community has voted to approve this release 
with 5 x +1 votes.  The vote thread can be found here:
    
    
https://lists.apache.org/thread.html/7d788b5f3b293bb5545612d9f8af59a005f6407d57d826a1d2a2a563@%3Cdev.milagro.apache.org%3E
    
    (Note that my original [VOTE] email doesn't render for some reason, but its 
contents can be seen further down in the thread)
    
    And a summary of the result:
    
    
https://lists.apache.org/thread.html/6b320894a91d5ac298f71b1fab168127de6e75ba4763ab0b1b896a0f@%3Cdev.milagro.apache.org%3E
    
    This release includes both C and JavaScript libraries tagged as v1.0.0 in 
the following repositories:
    
    Crypto C Library:
    https://github.com/apache/incubator-milagro-crypto-c/tags
    
    milagro-crypto-c is a modern cryptographic C library that focuses on 
Elliptic Curve Cryptography but has support for legacy systems that require 
RSA. There is support for three different security levels; 128, 192 and 256 
bit. It has been written only in C and has no external dependencies other than 
an entropy source. Measures have been taken in the code base to prevent side 
channel attacks.  Pairing based cryptography (PBC) is a maturing field that has 
recently gained widespread acceptance. The library supports schemes that make 
use of PBC such as BLS for short signatures and MPIN for multi-factor 
authentication (MFA).
    
    Crypto JavaScript Library:
    https://github.com/apache/incubator-milagro-crypto-js/tags
    
    milagro-crypto-js is the JavaScript equivalent of milagro-crypto-c. It has 
all the same functionality, API and even the intermediate calculated values in 
the functions are the same. This library allows you to run MFA using MPIN in 
the browser which, to the best of our knowledge, is the only such 
implementation of MFA in this context.
    
    Both libraries have been under active development for many years and the 
APIs haven't changed in several months. There are extensive tests using third 
party test vectors and the tooling required to deploy this software into a 
modern software project. We believe that the code base has reached the point 
that we can perform general availability (GA) releases.
    
    The compressed archives from these release along with a SHA512 checksum, 
PGP signature and PGP key file are being staged here:
    
    https://dist.apache.org/repos/dist/dev/incubator/milagro
    
    Specifically, for the C library:
    
    Source code archive: 
https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-1.0.0-incubating/apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz
    SHA512 checksum: 
https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-1.0.0-incubating/apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz.sha512
    PGP Signature: 
https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-1.0.0-incubating/apache-milagro-crypto-c-1.0.0-incubating-src.tar.gz.asc
    Keys: 
https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-c-1.0.0-incubating/team.keys
    
    And for the JavaScript library:
    
    Source code archive: 
https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-js-1.0.0-incubating/apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz
    SHA512 checksum: 
https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-js-1.0.0-incubating/apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz.sha512
    PGP Signature: 
https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-js-1.0.0-incubating/apache-milagro-crypto-js-1.0.0-incubating-src.tar.gz.asc
    Keys: 
https://dist.apache.org/repos/dist/dev/incubator/milagro/apache-milagro-crypto-js-1.0.0-incubating/team.keys
    
    Please note that the project's website (https://milagro.apache.org) has 
been updated to include the standard Apache incubator disclaimer and 
documentation for the above two libraries.  Please note that download links for 
the above two release have not been included, but will be as soon as the 
release's approval has been completed and the archives are available for public 
download.
    
    We now kindly request that the Incubator PMC members review and vote on 
this incubator release as follows:
    
    [ ] +1 approve
    [ ] +0 no opinion
    [ ] -1 disapprove with the reason
    
    Checklist for reference:
    
    [ ] Download links are valid
    [ ] Checksums and PGP signatures are valid
    [ ] DISCLAIMER, LICENCE & NOTICE files are included
    [ ] Source code archives have correct names matching the current release.
    [ ] All source code files have licence headers
    [ ] No compiled binaries are included
    [ ] Libraries build correctly and all tests pass (as per the instructions 
in their respective readme files) on either Windows, Mac or Linux.
    
    The vote will be open for a minimum of 72 hours.  3 x +1 votes are required 
to approve this release.
    
    Many thanks,
    
    John
    
    John McCane-Whitney
    Director of Product at Qredo Ltd
    T: +44 7966 490687
    1 Primrose Street
    London, UK EC2A 2EX
    https://qredo.com
    Qredo Ltd is a limited company registered in England and Wales (registered 
number 7834052). This e-mail and any attachments are confidential, and are 
intended only for the named addressee(s). If you are not the intended recipient 
you may not copy, disclose to anyone else or otherwise use the content of this 
e-mail or any attachment thereto and should notify the sender immediately and 
delete them from your system.
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
    For additional commands, e-mail: general-h...@incubator.apache.org
    
    


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org