Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Drill >> mail # dev >> Call for Release Vote: Apache Drill Milestone 1 Release (a.k.a Alpha)


Copy link to this message
-
Re: Call for Release Vote: Apache Drill Milestone 1 Release (a.k.a Alpha)
That's what I get for manually renaming the artifacts to post them.
On Wed, Sep 4, 2013 at 12:49 PM, Ted Dunning <[EMAIL PROTECTED]> wrote:

> I have verified the signatures.
>
> One small nit is that the file names are slightly odd:
>
> ted:Downloads$ ls apache*src*
> apache-drill-1.0.0-m1-src.tar.gz apache-drill-1.0.0-m1.src.tar.gz.asc
>
>
> Note how the signature has m1.src instead of m1-src
>
> For reference, here is a transcript of how I verified the signatures:
>
> # install gpg
> ted:Downloads$ sudo port install gnupg
> Password: ***
> Warning: port definitions are more than two weeks old, consider using
> selfupdate
> --->  Fetching archive for ncurses
>
>       ... *much noise deleted* ...
>
> --->  Attempting to fetch gnupg-1.4.13_1.darwin_11.x86_64.tbz2 from
> http://mse.uk.packages.macports.org/sites/packages.macports.org/gnupg
> --->  Attempting to fetch gnupg-1.4.13_1.darwin_11.x86_64.tbz2 from
> http://lil.fr.packages.macports.org/gnupg
>
>       ... *even more noise deleted* ...
>
> --->  Activating gnupg @1.4.13_1
> --->  Cleaning gnupg
> --->  Updating database of binaries: 100.0%
> --->  Scanning binaries for linking errors: 100.0%
> --->  No broken files found.
>
> # import the committer KEYS
> ted:Downloads$ gpg --import ~/tmp/drill/KEYS
> gpg: key AB10D143: public key "Jacques Nadeau <[EMAIL PROTECTED]>"
> imported
> gpg: Total number processed: 1
> gpg:               imported: 1  (RSA: 1)
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2016-05-03
>
> # verify the signature on the binary distro
> ted:Downloads$ gpg --verify apache-drill-1.0.0-m1-bin.tar.gz.asc
>  apache-drill-1.0.0-m1-bin.tar.gz
> gpg: Signature made Wed Sep  4 04:23:37 2013 PDT using RSA key ID 6B5FA695
> gpg: Good signature from "Jacques Nadeau <[EMAIL PROTECTED]>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: BA97 595F EA79 095C AC43  C07E DF2B E030 AB10 D143
>      Subkey fingerprint: 2A4A FF9C 7531 2FB4 0116  62A4 C2C6 022A 6B5F A695
>
> # test our procedure by corrupting the file and verifying gpg warns us
> ted:Downloads$ echo -n foo >> apache-drill-1.0.0-m1-bin.tar.gz
> ted:Downloads$ gpg --verify apache-drill-1.0.0-m1-bin.tar.gz.asc
>  apache-drill-1.0.0-m1-bin.tar.gz gpg: Signature made Wed Sep  4 04:23:37
> 2013 PDT using RSA key ID 6B5FA695
> gpg: BAD signature from "Jacques Nadeau <[EMAIL PROTECTED]>"
>
> # verify source release
> ted:Downloads$ gpg --verify apache-drill-1.0.0-m1.src.tar.gz.asc
> apache-drill-1.0.0-m1-src.tar.gz
> gpg: Signature made Wed Sep  4 04:19:36 2013 PDT using RSA key ID 6B5FA695
> gpg: Good signature from "Jacques Nadeau <[EMAIL PROTECTED]>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: BA97 595F EA79 095C AC43  C07E DF2B E030 AB10 D143
>      Subkey fingerprint: 2A4A FF9C 7531 2FB4 0116  62A4 C2C6 022A 6B5F A695
> ted:Downloads$
>
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB