Some early observations, at least the broken signature needs fixing:
- previously sources where in a download folder named "source", now they
are in "sources" (plural form).
- sha1 and sha512 checksums not there, only md5. 1.2.16 had all three
- file sources/tomcat-native-1.2.17-win32-src.zip.asc has a bad pgp
signature:
gpg: assuming signed data in `tomcat-native-1.2.17-win32-src.zip'
gpg: Signature made June 7, 2018 1:36:05 PM CEST
gpg: using RSA key ED3873F5D3262722
gpg: BAD signature from "Jean-Frederic Clere (Apache signing key)
<jfcl...@apache.org>"
Other signatures are OK, so please check integrity of the file
tomcat-native-1.2.17-win32-src.zip and fix either this file or the asc file.
- when I extract the zip sources on Unix, I get all dirs and files with
group write permission. That sounds unsafe. It wasn't like that for 1.2.16.
- OpenSSL used according to VERSIONS file is 1.0.2m, shouldn't it be 1.0.2o?
Regards,
Rainer
Am 07.06.2018 um 17:50 schrieb jean-frederic clere:
Version 1.2.17 includes the following changes compared to 1.2.16:
- Windows binaries built with OpenSSL 1.0.2o and APR 1.6.3
Various other fixes and improvements. See the changelog for details.
The proposed release artefacts can be found at [1],
and the build was done using tag [2].
The Apache Tomcat Native 1.2.17 is
[ ] Stable, go ahead and release
[ ] Broken because of ...
Thanks,
Jean-Frederic
[1]
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/1.2.17/
[2] https://svn.apache.org/repos/asf/tomcat/native/tags/TOMCAT_NATIVE_1_2_17
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
