LinkinStar <linkins...@apache.org> 于2023年12月20日周三 14:57写道: > > Hi Xuanwo, > > Firstly, these files in the vaunt folder are reward badges for user > contributions. For now, we are using it. > Regarding the signature issue you mentioned, only release manager and joyqi > know the secret GPG keys. This is to ensure that no matter what the problem > is, there is someone available to help resolve issues that arise in the > release.
This doesn't make sense. If the private key is shared, then that key should not be used anymore. If the key isn't shared, why joyqi could sign, but doesn't call out for a vote? If you are a member of PPMC, you could add your own key(signed by your Apache ID), and sign the tar. Generally, unless there are some special cases, you should not start a vote on others' signed tars. > > Best regards, > LinkinStar > > On Wed, Dec 20, 2023 at 2:41 PM Xuanwo <xua...@apache.org> wrote: > > > Hi, > > > > I found those images are included in source tarball: > > > > - .vaunt/bug.png > > - .vaunt/enhancement.png > > > > Are they needed by users? Is it possible to remove them from the src > > release? > > > > Regarding PGP signatures, I'm confident that all are valid. But I found > > that those tarball > > are signed by jo...@apache.org which is not the release manager. > > > > Are you internally sharing jo...@apache.org's secret GPG keys? Or have > > you signed those > > tarballs through CI with the key stored as GitHub secrets? > > > > On Wed, Dec 20, 2023, at 14:25, LinkinStar wrote: > > > Hello, > > > > > > This is a call for vote to release Apache Answer(Incubating) version > > > v1.2.1-RC1. > > > > > > The vote thread: > > > https://lists.apache.org/thread/w9ybd1rygd4x9o9ryx3k2ho3n49664p6 > > > > > > Vote Result: > > > https://lists.apache.org/thread/7h9rmwn7fbrn7dhk1620lzj43063r7vj > > > > > > The release candidates: > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/answer/1.2.1-incubating-RC1/ > > > > > > Release notes: > > > > > https://github.com/apache/incubator-answer/releases/tag/v1.2.1-RC1 > > > > > > Git tag for the release: > > > > > https://github.com/apache/incubator-answer/releases/tag/v1.2.1-RC1 > > > > > > Git commit id for the release: > > > > > > > > https://github.com/apache/incubator-answer/commit/82fdfc77636d8d1ce28710d929a8c22bb52834ef > > > > > > Keys to verify the Release Candidate: > > > https://dist.apache.org/repos/dist/release/incubator/answer/KEYS > > > > > > The vote will be open for at least 72 hours or until the necessary > > > number of votes are reached. > > > > > > Please vote accordingly: > > > > > > [ ] +1 approve > > > [ ] +0 no opinion > > > [ ] -1 disapprove with the reason > > > > > > Checklist for reference: > > > > > > [ ] Download links are valid. > > > [ ] Checksums and PGP signatures are valid. > > > [ ] Source code distributions have correct names matching the current > > > release. > > > [ ] LICENSE and NOTICE files are correct for each Answer repo. > > > [ ] All files have license headers if necessary. > > > [ ] No unlicensed compiled archives bundled in source archive. > > > > > > To compile from the source, please refer to: > > > > > > https://github.com/apache/incubator-answer#building-from-source > > > > > > Thanks, > > > LinkinStar > > > > -- > > Xuanwo > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
