Here's my gpg version:
$ gpg --version
gpg (GnuPG) 2.2.20
libgcrypt 1.8.5
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /u/users/ave/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Le lun. 30 oct. 2023 à 15:03, Jonathan S. Fisher <[email protected]> a écrit :
>
> Interesting. What version of gpg are you using? My signing key
> B17A-F6B1 is a subkey of 336B-4F0D.
>
> :~/servers$ gpg --verify apache-tomee-8.0.16-plume.tar.gz.asc
> gpg: assuming signed data in 'apache-tomee-8.0.16-plume.tar.gz'
> gpg: Signature made Sun Oct 29 12:28:05 2023 CDT
> gpg: using ECDSA key B5D73AFD12C47FA094C7D484F975C27BB17AF6B1
> gpg: Good signature from "Jonathan S. Fisher <[email protected]>" [ultimate]
> gpg: aka "Jonathan S. Fisher
> <[email protected]>" [ultimate]
> gpg: aka "Jonathan S. Fisher <[email protected]>" [ultimate]
>
>
> On Mon, Oct 30, 2023 at 8:55 AM Alex The Rocker <[email protected]> wrote:
> >
> > Thanks Richard,
> >
> > Next issue:
> >
> > $ cat > /tmp/tomee8016.asc
> > -----BEGIN PGP SIGNATURE-----
> >
> > iJUEABMKAB0WIQS11zr9EsR/oJTH1IT5dcJ7sXr2sQUCZT6WJQAKCRD5dcJ7sXr2
> > sVPwAX9O8dqTdCcdMlUN1ExEagKIzduv1snt+VSRvKKizDWkMzNRHaGhZ58LqVGu
> > g7FkkkABgIdZ0OXXa6WLjWoMaoMe61/Drg56fYUzqqwof2jBWeYAjdHZ7O/U4Y8V
> > hzxrd0GaFQ==
> > =sRYy
> > -----END PGP SIGNATURE-----
> > $ gpg --verify /tmp/tomee8016.asc apache-tomee-8.0.16-plus.tar.gz
> > gpg: Signature made Sun 29 Oct 2023 06:28:05 PM CET
> > gpg: using ECDSA key B5D73AFD12C47FA094C7D484F975C27BB17AF6B1
> > gpg: Can't check signature: No public key
> >
> > I checked on https://home.apache.org/keys/committer/, and I can't find
> > this B5D73AFD12C47FA094C7D484F975C27BB17AF6B1 key there.
> > Am I missing something ?
> >
> > Alex
> >
> > Le lun. 30 oct. 2023 à 14:52, Richard Zowalla <[email protected]> a écrit :
> > >
> > > Hi Alex,
> > >
> > > https://dist.apache.org/repos/dist/dev/tomee/staging-1223/tomee-8.0.16/
> > >
> > > is the correct one (siumilar to the staging repo id)
> > >
> > > Gruß
> > > Richard
> > >
> > > Am Montag, dem 30.10.2023 um 14:50 +0100 schrieb Alex The Rocker:
> > > > Hello,
> > > >
> > > > There is a issue with the link to binaries & source:
> > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1222/tomee-8.0.16/
> > > > leads to nowhere, maybe did you mean
> > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1223/tomee-8.0.16/
> > > > ?
> > > >
> > > > Thanks,
> > > > Alex
> > > >
> > > > Le dim. 29 oct. 2023 à 19:35, Richard Zowalla <[email protected]> a
> > > > écrit :
> > > > >
> > > > > Hi all,
> > > > >
> > > > > This is the second attempt for a vote for a release of Apache TomEE
> > > > > 8.0.16. The first vote was cancelled due to some issues with the
> > > > > BOM
> > > > > modules.
> > > > >
> > > > > I'd like to start with a big thank you and a big applause to
> > > > > Jonathan
> > > > > Fisher. He is rolling out his first release today.
> > > > >
> > > > > Per ASF rules, the actual VOTE needs to be run by a TomEE PMC
> > > > > member,
> > > > > that's why I'm starting it.
> > > > >
> > > > > However, the work has been done by Jonathan, so thank you. Well
> > > > > done.
> > > > >
> > > > > TomEE 8.0.16 is a maintenance release with dependencies
> > > > > upgrades and bug fixes. It also fixes the latest Tomcat
> > > > > vulnerabilities
> > > > > as well as other CVEs.
> > > > >
> > > > > ###############
> > > > >
> > > > > Maven Repo:
> > > > > https://repository.apache.org/content/repositories/orgapachetomee-1223/
> > > > >
> > > > > <repositories>
> > > > > <repository>
> > > > > <id>tomee-8.0.16-rc2</id>
> > > > > <name>Testing TomEE 8.0.16 RC2</name>
> > > > > <url>
> > > > > https://repository.apache.org/content/repositories/orgapachetomee-1223/
> > > > > </url>
> > > > > </repository>
> > > > > </repositories>
> > > > >
> > > > > ###############
> > > > >
> > > > > Binaries & Source:
> > > > >
> > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1222/tomee-8.0.16/
> > > > >
> > > > > ###############
> > > > >
> > > > > Tag:
> > > > >
> > > > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16
> > > > >
> > > > >
> > > > > ###############
> > > > >
> > > > > Release notes:
> > > > >
> > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353257
> > > > >
> > > > > ###############
> > > > >
> > > > > Here is an adoc generated version of the changelog as well:
> > > > >
> > > > > == Dependency upgrade
> > > > >
> > > > > [.compact]
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4266[TOMEE-4266]
> > > > > ActiveMQ 5.16.7 / 5.18.3
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> > > > > Bouncy Castle 1.75
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> > > > > CVE-2023-34981 in TomEE 8.0.15
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218]
> > > > > HSQLDB 2.7.2
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221]
> > > > > JUnit 5.9.3
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216]
> > > > > Jackson 2.15.1
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> > > > > Jackson 2.15.2
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]
> > > > > Johnzon 1.2.21
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4263[TOMEE-4263]
> > > > > Santuario Java (xmlsec) mitigate CVE-2023-44483
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4224[TOMEE-4224]
> > > > > Tomcat 9.0.76
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4237[TOMEE-4237]
> > > > > Tomcat 9.0.79
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4252[TOMEE-4252]
> > > > > Tomcat 9.0.80
> > > > > - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> > > > > Tomcat 9.0.82
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4262[TOMEE-4262]
> > > > > eclipselink 2.7.13
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220]
> > > > > log4j 2.20.0 (integration)
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219]
> > > > > xbeans 4.23
> > > > >
> > > > > == Bug
> > > > >
> > > > > [.compact]
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]
> > > > > @LoginToContinue JSR-375 (JavaEE Security API) causes
> > > > > IllegalArgumentException
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]
> > > > > DataSource definition fails when @DataSourceDefinition doesn't
> > > > > define
> > > > > url property
> > > > >
> > > > > == Improvement
> > > > >
> > > > > [.compact]
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]
> > > > > Improve TomEE Jmx Mbean Support for Parameter Names
> > > > >
> > > > > == Fixed Common Vulnerabilities and Exposures (CVEs)
> > > > >
> > > > > [.compact]
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> > > > > Bouncy Castle 1.75
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> > > > > Tomcat 9.0.80
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> > > > > Jackson 2.15.2
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> > > > > CVE-2023-34981 in Apache TomEE 8.0.15
> > > > >
> > > > > ########################
> > > > >
> > > > > Please VOTE
> > > > >
> > > > > [+1] go ship it
> > > > > [+0] meh, don't care
> > > > > [-1] stop, there is a ${showstopper}
> > > > >
> > > > > The VOTE is open for 72h or as long as needed.
> > > > >
> > > > > Gruß
> > > > > Richard
> > > > >
> > >
>
>
>
> --
> Jonathan | [email protected]
> Pessimists, see a jar as half empty. Optimists, in contrast, see it as
> half full.
> Engineers, of course, understand the glass is twice as big as it needs to be.
