commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: [VOTE] Release Commons Fileupload 1.3.3 based on RC5
Date Thu, 08 Jun 2017 16:04:58 GMT
+1

>From src zip: ASC, MD5, SHA1 OK.

Build passes with 'mvn clean site'.

Tests, CLIRR, RAT and reports OK.

Used:

Apache Maven 3.5.0 (ff8f5e7444045639af65f6095c62210b5713f426;
2017-04-03T12:39:06-07:00)
Maven home: C:\Java\apache-maven-3.5.0\bin\..
Java version: 1.7.0_80, vendor: Oracle Corporation
Java home: C:\Program Files\Java\jdk1.7.0_80\jre
Default locale: en_US, platform encoding: Cp1252
OS name: "windows 8.1", version: "6.3", arch: "amd64", family: "windows"

Gary

On Thu, Jun 8, 2017 at 8:55 AM, Gary Gregory <garydgregory@gmail.com> wrote:

>
>
> On Thu, Jun 8, 2017 at 5:17 AM, Rob Tompkins <chtompki@gmail.com> wrote:
>
>>
>>
>> > On Jun 8, 2017, at 8:09 AM, sebb <sebbaz@gmail.com> wrote:
>> >
>> >> On 8 June 2017 at 01:20, Gary Gregory <garydgregory@gmail.com> wrote:
>> >> The ASC does not seem to have a public key.:
>> >>
>> >> gpg --verify commons-fileupload-1.3.3-source-release.zip.asc
>> >
>> > That is not the recommended way to check a sig; you also need the
>> target file
>> >
>> > $ gpg --verify downloaded_file.asc downloaded_file
>>
>> Indeed, but if you don't specify it looks in the current directory for
>> the file.
>>
>
> Works like a charm now:
>
> $ gpg --verify commons-fileupload-1.3.3-src.zip.asc
> commons-fileupload-1.3.3-src.zip
> gpg: Signature made 06/06/17 17:31:41 ric using RSA key ID 5ECBB314
> gpg: Good signature from "Rob Tompkins <chtompki@apache.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: B6E7 3D84 EA4F CC47 1660  8725 3FAA D2CD 5ECB B314
>
> Gary
>
>
>>
>> >
>> >> gpg: assuming signed data in 'commons-fileupload-1.3.3-sour
>> ce-release.zip'
>> >
>> > Note that gpg is assuming where to find the data.
>> >
>> >> gpg: Signature made 12/04/16 05:15:02 Pacific Standard Time using DSA
>> key
>> >> ID 7188601C
>> >> *gpg: Can't check signature: No public key*
>> >
>> > However if the .asc file was not detached, gpg would not check the
>> target file.
>> >
>> > https://www.apache.org/info/verification.html#specify_both
>> >
>> >>
>> >> Also, the file naming should be consistent,
>> >> https://dist.apache.org/repos/dist/dev/commons/fileupload/source/ has
>> both
>> >> "source-release" and "src". Not sure how you can end up with the
>> >> differences beyond just the file extension.
>> >>
>> >> Gary
>> >>
>> >>
>> >>> On Tue, Jun 6, 2017 at 11:20 AM, Rob Tompkins <chtompki@apache.org>
>> wrote:
>> >>>
>> >>> Hello all,
>> >>>
>> >>> This is a [VOTE] for releasing Apache Commons Fileupload 1.3.3 (from
>> RC5).
>> >>>
>> >>> Tag name:
>> >>>   commons-fileupload-1.3.3-RC5 (signature can be checked from git
>> using
>> >>> 'git tag -v')
>> >>>
>> >>> Tag URL:
>> >>>   https://git-wip-us.apache.org/repos/asf?p=commons-
>> >>> fileupload.git;a=commit;h=dd2238b1671644cfead0e87c24a8ac61b4039084
>> >>>
>> >>> Commit ID the tag points at:
>> >>>   dd2238b1671644cfead0e87c24a8ac61b4039084
>> >>>
>> >>> Site:
>> >>>   http://home.apache.org/~chtompki/commons-fileupload-1.3.3-RC5
>> >>>
>> >>> Distribution files (committed at revision 19901):
>> >>>   https://dist.apache.org/repos/dist/dev/commons/fileupload/
>> >>>
>> >>> Distribution files hashes (SHA1):
>> >>>   commons-fileupload-1.3.3-bin.tar.gz
>> >>>   (SHA1: 2f4a9672168641ff726974a3b7cc68b97d1212fa)
>> >>>   commons-fileupload-1.3.3-bin.zip
>> >>>   (SHA1: b66e2c434ddbda90dfc9e92af4775d9777524bfa)
>> >>>   commons-fileupload-1.3.3-src.tar.gz
>> >>>   (SHA1: 71294a7d737a8ced04934c222ae6dfb16e4d8d73)
>> >>>   commons-fileupload-1.3.3-src.zip
>> >>>   (SHA1: 661172a2f62b460c4b754b7a0f04d412afabde52)
>> >>>
>> >>> These are the Maven artifacts and their hashes:
>> >>>   commons-fileupload-1.3.3-javadoc.jar
>> >>>   (SHA1: 92d2fc371379d64a822150ca3882157564dd3f99)
>> >>>   commons-fileupload-1.3.3-sources.jar
>> >>>   (SHA1: c8c7bcb851fb5af0b19e4ea845cf2fc03de6f673)
>> >>>   commons-fileupload-1.3.3-test-sources.jar
>> >>>   (SHA1: 5e0d8c621d38694e0f2960ab2899ee1d67f2b708)
>> >>>   commons-fileupload-1.3.3-tests.jar
>> >>>   (SHA1: 20510147958fc759582e6ede789ccf31d056b232)
>> >>>   commons-fileupload-1.3.3.jar
>> >>>   (SHA1: fd754c7518772453aea1d5ffc32cb5ce0ebc0e40)
>> >>>   commons-fileupload-1.3.3.pom
>> >>>   (SHA1: 97d781eafc190f4fee3abf11f9ec8076f5f7b58c)
>> >>>
>> >>> KEYS file to check signatures:
>> >>>   http://www.apache.org/dist/commons/KEYS
>> >>>
>> >>> Maven artifacts:
>> >>>   https://repository.apache.org/content/repositories/
>> >>> orgapachecommons-1249
>> >>>
>> >>> Please select one of the following options[1]:
>> >>>  [ ] +1 Release it.
>> >>>  [ ] +0 Go ahead; I don't care.
>> >>>  [ ] -0 There are a few minor glitches: ...
>> >>>  [ ] -1 No, do not release it because ...
>> >>>
>> >>> This vote will be open at least 72 hours, i.e. until
>> >>> 2017-06-09T19:00:00Z
>> >>> (this is UTC time).
>> >>> --------
>> >>>
>> >>> Cheers,
>> >>> -Rob
>> >>>
>> >>> [1] http://apache.org/foundation/voting.html
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> >>> For additional commands, e-mail: dev-help@commons.apache.org
>> >>>
>> >>>
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> > For additional commands, e-mail: dev-help@commons.apache.org
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message