[vote] OpenOffice Release Candidate 4.1.6 RC1

classic Classic list List threaded Threaded
36 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Andrea Pescetti-2
On 31/10/2018 Marcus wrote:
> To make it an official vote I miss the following information:
> - What exactly do we vote for (link to the source and binaries)?

Yes please, let's try to be reasonably serious about releases: due to
legal implications (among other things), there are some formalities that
are required; nothing more than what we did for any other Release
Candidate in history.

I assume we are voting on (this is the only 4.1.6-RC1 available, but it
needs to be recorded in the vote discussion!)
https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/

> - What is the time for the vote? Please more than just the normal 72
> hours so that we all can use a weekend for more testing.

Elsewhere Peter mentioned until Wednesday 7 November but again this
should be in the vote thread (so, here).

And most important: the Release Manager (Peter) must sign the source
files. I've just spent a lot of time trying to make sense of various
ways to have multiple signature in one file, concluding that it is easy
to do that for a binary signature, but it is a hack to do so for the
ASCII-armored signatures we use.

So, in short, Peter as the Release Manager should rectify things by:

1) Confirming that the URL and deadline above are correct

2) Replace, before the vote ends, current signatures with only his
signature as follows:

$ svn checkout
https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/source
$ rm *.asc
$ gpg -a -b --digest-algo=SHA512 *.bz2
$ gpg -a -b --digest-algo=SHA512 *.gz
$ gpg -a -b --digest-algo=SHA512 *.zip
$ svn commit

About this second item, I see that Matthias concatenated his signature
to Jim's one: this is possible for the binary format but GPG will
complain if this is done for the ASCII format, and as you can see by
searching the net there is no clean way to do it. I checked back in
version 4.1.2 (that was signed by Juergen and me) and I found out that I
had simply replaced Juergen's signature with mine in that case (I was
the Release Manager for 4.1.2). We can do the same this time.

Regards,
   Andrea.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Matthias Seidel
Hi Andrea,

Am 05.11.18 um 00:07 schrieb Andrea Pescetti:

> On 31/10/2018 Marcus wrote:
>> To make it an official vote I miss the following information:
>> - What exactly do we vote for (link to the source and binaries)?
>
> Yes please, let's try to be reasonably serious about releases: due to
> legal implications (among other things), there are some formalities
> that are required; nothing more than what we did for any other Release
> Candidate in history.
>
> I assume we are voting on (this is the only 4.1.6-RC1 available, but
> it needs to be recorded in the vote discussion!)
> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/
>
>> - What is the time for the vote? Please more than just the normal 72
>> hours so that we all can use a weekend for more testing.
>
> Elsewhere Peter mentioned until Wednesday 7 November but again this
> should be in the vote thread (so, here).
>
> And most important: the Release Manager (Peter) must sign the source
> files. I've just spent a lot of time trying to make sense of various
> ways to have multiple signature in one file, concluding that it is
> easy to do that for a binary signature, but it is a hack to do so for
> the ASCII-armored signatures we use.
>
> So, in short, Peter as the Release Manager should rectify things by:
>
> 1) Confirming that the URL and deadline above are correct
>
> 2) Replace, before the vote ends, current signatures with only his
> signature as follows:
>
> $ svn checkout
> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/source
> $ rm *.asc
> $ gpg -a -b --digest-algo=SHA512 *.bz2
> $ gpg -a -b --digest-algo=SHA512 *.gz
> $ gpg -a -b --digest-algo=SHA512 *.zip
> $ svn commit
>
> About this second item, I see that Matthias concatenated his signature
> to Jim's one: this is possible for the binary format but GPG will
> complain if this is done for the ASCII format, and as you can see by
> searching the net there is no clean way to do it. I checked back in
> version 4.1.2 (that was signed by Juergen and me) and I found out that
> I had simply replaced Juergen's signature with mine in that case (I
> was the Release Manager for 4.1.2). We can do the same this time.
I found double signatures in 4.1.3:
https://archive.apache.org/dist/openoffice/4.1.3/source/apache-openoffice-4.1.3-r1761381-src.zip.asc

But yes, GPG complains about it and will only verify the first. So
Peter's signature should be the only one...

(Of course he could also use our hash-sign.sh, which is fixed now for
SHA512).

Regards,

   Matthias

>
> Regards,
>   Andrea.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Keith N. McKenna
In reply to this post by Andrea Pescetti-2
On 11/4/2018 6:07 PM, Andrea Pescetti wrote:

> On 31/10/2018 Marcus wrote:
>> To make it an official vote I miss the following information:
>> - What exactly do we vote for (link to the source and binaries)?
>
> Yes please, let's try to be reasonably serious about releases: due to
> legal implications (among other things), there are some formalities that
> are required; nothing more than what we did for any other Release
> Candidate in history.
>
> I assume we are voting on (this is the only 4.1.6-RC1 available, but it
> needs to be recorded in the vote discussion!)
> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/
>
>> - What is the time for the vote? Please more than just the normal 72
>> hours so that we all can use a weekend for more testing.
>
> Elsewhere Peter mentioned until Wednesday 7 November but again this
> should be in the vote thread (so, here).
>
> And most important: the Release Manager (Peter) must sign the source
> files. I've just spent a lot of time trying to make sense of various
> ways to have multiple signature in one file, concluding that it is easy
> to do that for a binary signature, but it is a hack to do so for the
> ASCII-armored signatures we use.
>
> So, in short, Peter as the Release Manager should rectify things by:
>
> 1) Confirming that the URL and deadline above are correct
>
> 2) Replace, before the vote ends, current signatures with only his
> signature as follows:
>
> $ svn checkout
> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/source
> $ rm *.asc
> $ gpg -a -b --digest-algo=SHA512 *.bz2
> $ gpg -a -b --digest-algo=SHA512 *.gz
> $ gpg -a -b --digest-algo=SHA512 *.zip
> $ svn commit
>
> About this second item, I see that Matthias concatenated his signature
> to Jim's one: this is possible for the binary format but GPG will
> complain if this is done for the ASCII format, and as you can see by
> searching the net there is no clean way to do it. I checked back in
> version 4.1.2 (that was signed by Juergen and me) and I found out that I
> had simply replaced Juergen's signature with mine in that case (I was
> the Release Manager for 4.1.2). We can do the same this time.
>
> Regards,
>   Andrea.
In his second vote announcement Peter also specified that to cast a
non-binding vote one still had to download and compile the source on
ones own machine and then test that binary. This is far over and above
anything that has ever been required for a non-binding vote.

Regards
Keith


signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Peter Kovacs-3
In reply to this post by Matthias Seidel
Source signing will be done tonight.
Thanks Andrea for the detailed line-up.
Also I hope all requirements are met in the second mail.
However there seems a misunderstanding on Keith side. It is not required to vote all test marks.
It is required to fill in general and then what OS  Version you have tested and if you have tested from source or not.
Simone state in order to create a binding vote it has to be tested from source.
We need 3 of those.
Also we should have an overview which Binaries has been reviewed.

That is all.
All the best
Peter

Am 5. November 2018 00:22:33 MEZ schrieb Matthias Seidel <[hidden email]>:

>Hi Andrea,
>
>Am 05.11.18 um 00:07 schrieb Andrea Pescetti:
>> On 31/10/2018 Marcus wrote:
>>> To make it an official vote I miss the following information:
>>> - What exactly do we vote for (link to the source and binaries)?
>>
>> Yes please, let's try to be reasonably serious about releases: due to
>> legal implications (among other things), there are some formalities
>> that are required; nothing more than what we did for any other
>Release
>> Candidate in history.
>>
>> I assume we are voting on (this is the only 4.1.6-RC1 available, but
>> it needs to be recorded in the vote discussion!)
>> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/
>>
>>> - What is the time for the vote? Please more than just the normal 72
>>> hours so that we all can use a weekend for more testing.
>>
>> Elsewhere Peter mentioned until Wednesday 7 November but again this
>> should be in the vote thread (so, here).
>>
>> And most important: the Release Manager (Peter) must sign the source
>> files. I've just spent a lot of time trying to make sense of various
>> ways to have multiple signature in one file, concluding that it is
>> easy to do that for a binary signature, but it is a hack to do so for
>> the ASCII-armored signatures we use.
>>
>> So, in short, Peter as the Release Manager should rectify things by:
>>
>> 1) Confirming that the URL and deadline above are correct
>>
>> 2) Replace, before the vote ends, current signatures with only his
>> signature as follows:
>>
>> $ svn checkout
>> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/source
>> $ rm *.asc
>> $ gpg -a -b --digest-algo=SHA512 *.bz2
>> $ gpg -a -b --digest-algo=SHA512 *.gz
>> $ gpg -a -b --digest-algo=SHA512 *.zip
>> $ svn commit
>>
>> About this second item, I see that Matthias concatenated his
>signature
>> to Jim's one: this is possible for the binary format but GPG will
>> complain if this is done for the ASCII format, and as you can see by
>> searching the net there is no clean way to do it. I checked back in
>> version 4.1.2 (that was signed by Juergen and me) and I found out
>that
>> I had simply replaced Juergen's signature with mine in that case (I
>> was the Release Manager for 4.1.2). We can do the same this time.
>
>I found double signatures in 4.1.3:
>https://archive.apache.org/dist/openoffice/4.1.3/source/apache-openoffice-4.1.3-r1761381-src.zip.asc
>
>But yes, GPG complains about it and will only verify the first. So
>Peter's signature should be the only one...
>
>(Of course he could also use our hash-sign.sh, which is fixed now for
>SHA512).
>
>Regards,
>
>   Matthias
>
>>
>> Regards,
>>   Andrea.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Keith N. McKenna
On 11/5/2018 1:41 AM, Peter kovacs wrote:
> Source signing will be done tonight.
> Thanks Andrea for the detailed line-up.
> Also I hope all requirements are met in the second mail.
> However there seems a misunderstanding on Keith side. It is not required to vote all test marks.
> It is required to fill in general and then what OS  Version you have tested and if you have tested from source or not.
> Simone state in order to create a binding vote it has to be tested from source.
> We need 3 of those.
> Also we should have an overview which Binaries has been reviewed.
Peter;
Below are the statements from your second vote thread that had me confused:

> In order to create a binding vote individuals are REQUIRED to
>
>     * download all signed _source code_ packages onto their own hardware,
>
>     * verify that they meet all requirements of ASF policy on releases
>     as described below,
>
>     * validate all cryptographic signatures,
>
>     * compile as provided, and test the result on their own platform.
>
> In order to create a normal vote individuals are REQUIRED to
>
>     * download all signed _binary_ packages onto their own hardware,
>
>     * verify that they meet all requirements of ASF policy on releases
>     as described below,
>
>     * validate all cryptographic signatures,
>
>     * compile as provided, and test the result on their own platform.
>
>
Looking at the above through the lens of a newcomer to the project
wanting to participate in there first vote the description of the
requirements of a normal vote, as opposed to the binding vote described
above it vote above it, requires that I download and compile the source.
If that was not the intention you meant to convey I truly apologize. The
description of the 2 types of possible votes does created confusion in
the mind of at least this one individual.

Regards
Keith


> That is all.
> All the best
> Peter
>
> Am 5. November 2018 00:22:33 MEZ schrieb Matthias Seidel <[hidden email]>:
>> Hi Andrea,
>>
>> Am 05.11.18 um 00:07 schrieb Andrea Pescetti:
>>> On 31/10/2018 Marcus wrote:
>>>> To make it an official vote I miss the following information:
>>>> - What exactly do we vote for (link to the source and binaries)?
>>>
>>> Yes please, let's try to be reasonably serious about releases: due to
>>> legal implications (among other things), there are some formalities
>>> that are required; nothing more than what we did for any other
>> Release
>>> Candidate in history.
>>>
>>> I assume we are voting on (this is the only 4.1.6-RC1 available, but
>>> it needs to be recorded in the vote discussion!)
>>> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/
>>>
>>>> - What is the time for the vote? Please more than just the normal 72
>>>> hours so that we all can use a weekend for more testing.
>>>
>>> Elsewhere Peter mentioned until Wednesday 7 November but again this
>>> should be in the vote thread (so, here).
>>>
>>> And most important: the Release Manager (Peter) must sign the source
>>> files. I've just spent a lot of time trying to make sense of various
>>> ways to have multiple signature in one file, concluding that it is
>>> easy to do that for a binary signature, but it is a hack to do so for
>>> the ASCII-armored signatures we use.
>>>
>>> So, in short, Peter as the Release Manager should rectify things by:
>>>
>>> 1) Confirming that the URL and deadline above are correct
>>>
>>> 2) Replace, before the vote ends, current signatures with only his
>>> signature as follows:
>>>
>>> $ svn checkout
>>> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/source
>>> $ rm *.asc
>>> $ gpg -a -b --digest-algo=SHA512 *.bz2
>>> $ gpg -a -b --digest-algo=SHA512 *.gz
>>> $ gpg -a -b --digest-algo=SHA512 *.zip
>>> $ svn commit
>>>
>>> About this second item, I see that Matthias concatenated his
>> signature
>>> to Jim's one: this is possible for the binary format but GPG will
>>> complain if this is done for the ASCII format, and as you can see by
>>> searching the net there is no clean way to do it. I checked back in
>>> version 4.1.2 (that was signed by Juergen and me) and I found out
>> that
>>> I had simply replaced Juergen's signature with mine in that case (I
>>> was the Release Manager for 4.1.2). We can do the same this time.
>>
>> I found double signatures in 4.1.3:
>> https://archive.apache.org/dist/openoffice/4.1.3/source/apache-openoffice-4.1.3-r1761381-src.zip.asc
>>
>> But yes, GPG complains about it and will only verify the first. So
>> Peter's signature should be the only one...
>>
>> (Of course he could also use our hash-sign.sh, which is fixed now for
>> SHA512).
>>
>> Regards,
>>
>>    Matthias
>>
>>>
>>> Regards,
>>>   Andrea.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>>>


signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Dave Fisher


Sent from my iPhone

> On Nov 5, 2018, at 7:09 AM, Keith N. McKenna <[hidden email]> wrote:
>
>> On 11/5/2018 1:41 AM, Peter kovacs wrote:
>> Source signing will be done tonight.
>> Thanks Andrea for the detailed line-up.
>> Also I hope all requirements are met in the second mail.
>> However there seems a misunderstanding on Keith side. It is not required to vote all test marks.
>> It is required to fill in general and then what OS  Version you have tested and if you have tested from source or not.
>> Simone state in order to create a binding vote it has to be tested from source.
>> We need 3 of those.
>> Also we should have an overview which Binaries has been reviewed.
> Peter;
> Below are the statements from your second vote thread that had me confused:
>> In order to create a binding vote individuals are REQUIRED to
>>
>>    * download all signed _source code_ packages onto their own hardware,
>>
>>    * verify that they meet all requirements of ASF policy on releases
>>    as described below,
>>
>>    * validate all cryptographic signatures,
>>
>>    * compile as provided, and test the result on their own platform.
>>
>> In order to create a normal vote individuals are REQUIRED to
>>
>>    * download all signed _binary_ packages onto their own hardware,
>>
>>    * verify that they meet all requirements of ASF policy on releases
>>    as described below,
>>
>>    * validate all cryptographic signatures,
>>
>>    * compile as provided, and test the result on their own platform.
>>
>>
> Looking at the above through the lens of a newcomer to the project
> wanting to participate in there first vote the description of the
> requirements of a normal vote, as opposed to the binding vote described
> above it vote above it, requires that I download and compile the source.
> If that was not the intention you meant to convey I truly apologize. The
> description of the 2 types of possible votes does created confusion in
> the mind of at least this one individual.

I am confused too. Since I’ve never been able to build 4.1.x on my MacOS (I could build 3.4) I guess I can’t make a binding vote and won’t do so.

My practice had been to validate the source release and test the Mac releases. To me that was enough.

Good luck.

Regards,
Dave


>
> Regards
> Keith
>
>
>> That is all.
>> All the best
>> Peter
>>
>> Am 5. November 2018 00:22:33 MEZ schrieb Matthias Seidel <[hidden email]>:
>>> Hi Andrea,
>>>
>>>> Am 05.11.18 um 00:07 schrieb Andrea Pescetti:
>>>>> On 31/10/2018 Marcus wrote:
>>>>> To make it an official vote I miss the following information:
>>>>> - What exactly do we vote for (link to the source and binaries)?
>>>>
>>>> Yes please, let's try to be reasonably serious about releases: due to
>>>> legal implications (among other things), there are some formalities
>>>> that are required; nothing more than what we did for any other
>>> Release
>>>> Candidate in history.
>>>>
>>>> I assume we are voting on (this is the only 4.1.6-RC1 available, but
>>>> it needs to be recorded in the vote discussion!)
>>>> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/
>>>>
>>>>> - What is the time for the vote? Please more than just the normal 72
>>>>> hours so that we all can use a weekend for more testing.
>>>>
>>>> Elsewhere Peter mentioned until Wednesday 7 November but again this
>>>> should be in the vote thread (so, here).
>>>>
>>>> And most important: the Release Manager (Peter) must sign the source
>>>> files. I've just spent a lot of time trying to make sense of various
>>>> ways to have multiple signature in one file, concluding that it is
>>>> easy to do that for a binary signature, but it is a hack to do so for
>>>> the ASCII-armored signatures we use.
>>>>
>>>> So, in short, Peter as the Release Manager should rectify things by:
>>>>
>>>> 1) Confirming that the URL and deadline above are correct
>>>>
>>>> 2) Replace, before the vote ends, current signatures with only his
>>>> signature as follows:
>>>>
>>>> $ svn checkout
>>>> https://dist.apache.org/repos/dist/dev/openoffice/4.1.6-RC1/source
>>>> $ rm *.asc
>>>> $ gpg -a -b --digest-algo=SHA512 *.bz2
>>>> $ gpg -a -b --digest-algo=SHA512 *.gz
>>>> $ gpg -a -b --digest-algo=SHA512 *.zip
>>>> $ svn commit
>>>>
>>>> About this second item, I see that Matthias concatenated his
>>> signature
>>>> to Jim's one: this is possible for the binary format but GPG will
>>>> complain if this is done for the ASCII format, and as you can see by
>>>> searching the net there is no clean way to do it. I checked back in
>>>> version 4.1.2 (that was signed by Juergen and me) and I found out
>>> that
>>>> I had simply replaced Juergen's signature with mine in that case (I
>>>> was the Release Manager for 4.1.2). We can do the same this time.
>>>
>>> I found double signatures in 4.1.3:
>>> https://archive.apache.org/dist/openoffice/4.1.3/source/apache-openoffice-4.1.3-r1761381-src.zip.asc
>>>
>>> But yes, GPG complains about it and will only verify the first. So
>>> Peter's signature should be the only one...
>>>
>>> (Of course he could also use our hash-sign.sh, which is fixed now for
>>> SHA512).
>>>
>>> Regards,
>>>
>>>    Matthias
>>>
>>>>
>>>> Regards,
>>>>   Andrea.
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [hidden email]
>>>> For additional commands, e-mail: [hidden email]
>>>>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Jim Jagielski


> On Nov 5, 2018, at 10:19 AM, Dave Fisher <[hidden email]> wrote:
>
> My practice had been to validate the source release and test the Mac releases. To me that was enough.

+1

Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Andrea Pescetti-2
In reply to this post by Keith N. McKenna
Keith N. McKenna wrote:
> In his second vote announcement Peter also specified that to cast a
> non-binding vote one still had to download and compile the source on
> ones own machine and then test that binary. This is far over and above
> anything that has ever been required for a non-binding vote.

Whether a vote is binding or not depends entirely on the role: due to
legal issues, votes from PMC members are (always) "binding", meaning
that they are counted separately, even though everyone is welcome to vote.

We need to have on record at least three PMC members who built from
source and tested for the vote to be considered valid. The threshold of
three is a hard requirement.

While building would be required of other people too, we've historically
not been very rigid on this, provided that voters in general, so both
PMC members and people from the community at large, simply write (a
subset of) what they did.

Summarizing:

- If you, PMC member or not, feel that the release is good enough,
please do vote and say something "+1; I tested the Italian version on
MacOS, opened ODF and .docx files, everything was OK" and nobody will
ask you whether you built from source or not; this is very valuable
feedback as we would have very limited platform/language coverage otherwise.

- In order to close the vote successfully, at least 3 PMC members must
explicitly write in their statement that they built from source and
tested their own builds. This ensures we meet the minimum requirements.

Regards,
   Andrea.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Matthias Seidel
In reply to this post by Jim Jagielski
Hi Jim,

Am 03.11.18 um 19:48 schrieb Jim Jagielski:
> I'm not exactly sure 100% what needs to be changed... Plus, if we change the names of files, don't we need to ensure that the sourceforge links are correct as well? Has that been looked at?

I assume you are referring to our discussion about the SHA512 files?

Pedro explained it here:

> Actually there is a bigger problem with the SHA512 files for _all_ the binaries in the RC1 folder: they include the folder name
>
> Example
> SHA512(./en-US/Apache_OpenOffice_4.1.6_Linux_x86-64_install-deb_en-US.tar.gz)= c8caa278fd881be393ad2905ef1c89d5e96710ab4d758c254102b2f9f6fbca21ad9bfba8ef375b13b3d982da0627d195ac40dbd9e7aa10c780b6d2ea6891bcfb
>
> Should be
> SHA512(./Apache_OpenOffice_4.1.6_Linux_x86-64_install-deb_en-US.tar.gz)= c8caa278fd881be393ad2905ef1c89d5e96710ab4d758c254102b2f9f6fbca21ad9bfba8ef375b13b3d982da0627d195ac40dbd9e7aa10c780b6d2ea6891bcfb
>
> Or even easier
>
> c8caa278fd881be393ad2905ef1c89d5e96710ab4d758c254102b2f9f6fbca21ad9bfba8ef375b13b3d982da0627d195ac40dbd9e7aa10c780b6d2ea6891bcfb *Apache_OpenOffice_4.1.6_Linux_x86-64_install-deb_en-US.tar.gz
>
> Thanks!
> Pedro
There was a little problem in our script "hash-sign.sh", which is now
solved (hopefully).

I did correct all sha512 files for the Windows builds, so the ones for
macOS and Linux32/64 remain to be updated.

Regards,

   Matthias

> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Jim Jagielski


> On Nov 5, 2018, at 12:17 PM, Matthias Seidel <[hidden email]> wrote:
>
>
> I did correct all sha512 files for the Windows builds, so the ones for
> macOS and Linux32/64 remain to be updated.
>

What needs to be done, exactly?


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Matthias Seidel
Am 05.11.18 um 19:27 schrieb Jim Jagielski:
>
>> On Nov 5, 2018, at 12:17 PM, Matthias Seidel <[hidden email]> wrote:
>>
>>
>> I did correct all sha512 files for the Windows builds, so the ones for
>> macOS and Linux32/64 remain to be updated.
>>
> What needs to be done, exactly?

You are faster than I can explain it... ;-)

Thanks!

>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Peter Kovacs-3
In reply to this post by Andrea Pescetti-2
actually I tried to make a clear form and got confused all the way.

Since there is no change in process, please follow the instructions below.

We should have a fixed email for this, maybe we have and I just lacked
the memory to remeber.


So now the rules state I should sign all artifacts. Others may
concatenate their signature if they want. Do we follow this?

On 05.11.18 17:54, Andrea Pescetti wrote:

> Keith N. McKenna wrote:
>> In his second vote announcement Peter also specified that to cast a
>> non-binding vote one still had to download and compile the source on
>> ones own machine and then test that binary. This is far over and above
>> anything that has ever been required for a non-binding vote.
>
> Whether a vote is binding or not depends entirely on the role: due to
> legal issues, votes from PMC members are (always) "binding", meaning
> that they are counted separately, even though everyone is welcome to
> vote.
>
> We need to have on record at least three PMC members who built from
> source and tested for the vote to be considered valid. The threshold
> of three is a hard requirement.
>
> While building would be required of other people too, we've
> historically not been very rigid on this, provided that voters in
> general, so both PMC members and people from the community at large,
> simply write (a subset of) what they did.
>
> Summarizing:
>
> - If you, PMC member or not, feel that the release is good enough,
> please do vote and say something "+1; I tested the Italian version on
> MacOS, opened ODF and .docx files, everything was OK" and nobody will
> ask you whether you built from source or not; this is very valuable
> feedback as we would have very limited platform/language coverage
> otherwise.
>
> - In order to close the vote successfully, at least 3 PMC members must
> explicitly write in their statement that they built from source and
> tested their own builds. This ensures we meet the minimum requirements.
>
> Regards,
>   Andrea.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Andrea Pescetti-2
Peter Kovacs wrote:
> So now the rules state I should sign all artifacts. Others may
> concatenate their signature if they want. Do we follow this?

No, you need to sign only three files, the three source files. And you
should remove the existing three corresponding .asc files since multiple
signatures in the same .asc file are not officially supported. So others
should not append signatures. All details are in my message.

Regards,
   Andrea.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Peter Kovacs-3
Ok. This is done.

On 05.11.18 23:21, Andrea Pescetti wrote:

> Peter Kovacs wrote:
>> So now the rules state I should sign all artifacts. Others may
>> concatenate their signature if they want. Do we follow this?
>
> No, you need to sign only three files, the three source files. And you
> should remove the existing three corresponding .asc files since
> multiple signatures in the same .asc file are not officially
> supported. So others should not append signatures. All details are in
> my message.
>
> Regards,
>   Andrea.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Matthias Seidel
In reply to this post by Pedro Lino-3
Hi Pedro,

Am 02.11.18 um 11:35 schrieb Pedro Lino:

> Hi Matthias, all
>
>
>> On November 2, 2018 at 12:33 AM Matthias Seidel <[hidden email] mailto:[hidden email] > wrote:
>>
>>     I have just corrected the script to have identical output for SHA256 and
>>     SHA512.
>>
> Thank you! It works correctly with any program!
>
>
>>         > > AFAIK the data is created by a script. I haven't checked, so it's
>>>         possible that the way of creation is different for both. Or that they
>>>         are done by 2 different persons.
>>>
>>>     >
>>         > > It would be indeed better to have all check sums in the same style.
>>>     >
>>         > > Is it possible to do this before we have the release?
>>>     >     I remember that we had the same problem with included paths for 4.1.5
>>     (Not for Windows files, as I generate them separate for every
>>     directory). Jim corrected that before the release of 4.1.5.
>>
>
> If your new script is used for all the binaries it would be perfect.
Everything should be correct now... ;-)

Regards,

   Matthias

>
>
> Best regards,
>
> Pedro
>


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [vote] OpenOffice Release Candidate 4.1.6 RC1

Pedro Lino-3
Hi Matthias


> On November 6, 2018 at 2:35 PM Matthias Seidel <[hidden email] mailto:[hidden email] > wrote:
>
>
>     Hi Pedro,
>
>     Am 02.11.18 um 11:35 schrieb Pedro Lino:
>
>         > > Hi Matthias, all
> >
> >     > >
>     >> On November 2, 2018 at 12:33 AM Matthias Seidel <[hidden email] mailto:[hidden email] mailto:[hidden email] mailto:[hidden email] > wrote:
>     >>
>     >> I have just corrected the script to have identical output for SHA256 and
>     >> SHA512.
>     >>
>
>         > >
> >     >     Everything should be correct now... ;-)
>


It is. It works perfectly. Thank you and Jim for the quick fix!


Best,

Pedro
12