On Sat, 9 Mar 2024 at 09:01, Matthew de Detrich <matthew.dedetr...@aiven.io.invalid> wrote: > > Hello Incubator Community, > > This is a call for a vote to release Apache Pekko(incubating) Sbt Paradox > version 1.0.1-RC2. > > The discussion thread: > > https://lists.apache.org/thread/8wp7h76dktr99hz6lrclmz7z5or19kdn > > The Pekko vote thread: > > https://lists.apache.org/thread/vmxqly8ttsrq82czpcpto34zgk2ndl7x > > The Pekko vote result: > > https://lists.apache.org/thread/405ph9bl73zm5rf96p6yp7dcf2tthqc6 > > The release candidate: > > https://dist.apache.org/repos/dist/dev/incubator/pekko/SBT-PARADOX-1.0.1-RC2/ > > This release has been signed with a PGP key, available here: > > https://dist.apache.org/repos/dist/release/incubator/pekko/KEYS
Please use the official URL for KEYS: https://downloads.apache.org/incubator/pekko/KEYS > Purpose: > > This is a build tool used in Apache Pekko projects to build the web pages. > > Git branch for the release: > > https://github.com/apache/incubator-pekko-sbt-paradox/releases/tag/v1.0.1-RC2 > Git commit ID: 810043faf10780020a6742b0c2af5dde83dfd628 > > Please download, verify, and test. > > We have also staged jars in the Apache Nexus Repository. These were > built with the same code as appears in this Source Release Candidate. We > would appreciate if users could test with these too. > If anyone finds any serious problems with these jars, please also notify us > on this thread. > > https://repository.apache.org/content/groups/staging/org/apache/pekko/ > > In sbt, you can add this resolver. > > resolvers += "Apache Pekko Staging" at " > https://repository.apache.org/content/groups/staging"; > > The vote will be left open for at least 72 hours. > > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove with the reason > > To learn more about Apache Pekko, please see https://pekko.apache.org/ > > Checklist for reference: > > [ ] Download links are valid. > [ ] Checksums and signatures. > [ ] LICENSE/NOTICE files exist > [ ] No unexpected binary files > [ ] Source files have ASF headers > [ ] Can compile from source > > To compile from the source, please refer to: > > https://github.com/apache/incubator-pekko-http/blob/main/README.md#building-from-source > > Some notes about verifying downloads can be found at: > > https://pekko.apache.org/download.html#verifying-downloads This says that the KEYS file can be obtained from the source archive. This is totally insecure. Anyone could create their own key and add it to the KEYS file in their own version of the source. The KEYS file should not be included in the source, and documentation should only refer to fetching the KEYS file directly from the official location. > Here is my +1 (binding). > > Thanks, > Matthew de Detrich > > -- > > Matthew de Detrich > > *Aiven Deutschland GmbH* > > Immanuelkirchstraße 26, 10405 Berlin > > Alexanderufer 3-7, 10117 Berlin > > Amtsgericht Charlottenburg, HRB 209739 B > > Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen > > *m:* +491603708037 > > *w:* aiven.io *e:* matthew.dedetr...@aiven.io --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
