atom feed17 messages in org.apache.incubator.cloudstack-devRe: [VOTE] CloudStack Release 4.0, fi...
FromSent OnAttachments
Alex HuangOct 5, 2012 7:53 am 
Wido den HollanderOct 5, 2012 7:56 am 
Chip ChildersOct 5, 2012 8:00 am 
Alex HuangOct 5, 2012 8:14 am 
Chip ChildersOct 5, 2012 8:20 am 
Chip ChildersOct 5, 2012 8:23 am 
David NalleyOct 5, 2012 8:32 am 
Brett PorterOct 5, 2012 9:11 am 
Brett PorterOct 5, 2012 9:14 am 
Brett PorterOct 5, 2012 9:16 am 
Chip ChildersOct 5, 2012 9:22 am 
Brett PorterOct 5, 2012 9:28 am 
Chip ChildersOct 5, 2012 9:30 am 
Alex HuangOct 5, 2012 9:37 am 
Brett PorterOct 5, 2012 9:40 am 
Noah SlaterOct 5, 2012 1:48 pm 
Noah SlaterOct 5, 2012 1:51 pm 
Subject:Re: [VOTE] CloudStack Release 4.0, first round
From:Brett Porter (bre@apache.org)
Date:Oct 5, 2012 9:28:32 am
List:org.apache.incubator.cloudstack-dev

On 06/10/2012, at 2:23 AM, Chip Childers <chip@sungard.com> wrote:

On Fri, Oct 5, 2012 at 12:16 PM, Brett Porter <bre@apache.org> wrote:

Hi Alex,

On 06/10/2012, at 12:54 AM, Alex Huang <Alex@citrix.com> wrote:

Please follow the test procedure before voting:

https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+4.0+test+procedure

I noticed the instructions rely on importing keys from a key server, after
downloading the KEYS file. Wouldn't it be better to import the KEYS file
directly instead?

Brett,

I followed the CouchDB test procedure document [1] as the template for that verification step. Is it more common to use the KEYS file?

The doc says...

"You will need to import the keys into your local keychain before you can
continue.

You can do this manually, from the KEYS file.

Or, you can import them from a public key server:"

There is more info here:
http://www.apache.org/dev/release-signing#public-key-not-found

If you download from a key server, you need to trust it and check the
fingerprint matches. Importing the keys file is typically quicker and more
trustworthy.

- Brett