On 8/17/2017 22:55, luke1410_at_apache.org wrote:
> Author: luke1410
> Date: Thu Aug 17 20:55:33 2017
> New Revision: 21215
>
> Log:
> Correct incorrect PGP signature end marker in subversion-1.8.19.tar.bz2.asc.
>
> Tools which rely on strict conformance of the asc file format (like the
> checker tool on http://mirror-vm.apache.org/checker/) would fail to process
> the asc file due to the invalid end marker.
>
> Modified:
> release/subversion/subversion-1.8.19.tar.bz2.asc
>
> Modified: release/subversion/subversion-1.8.19.tar.bz2.asc
> ==============================================================================
> --- release/subversion/subversion-1.8.19.tar.bz2.asc (original)
> +++ release/subversion/subversion-1.8.19.tar.bz2.asc Thu Aug 17 20:55:33 2017
> @@ -41,7 +41,7 @@ mKKiJ9opP/Xc9Fq/e9XufQg5mP/ijyeT1xeV7B2f
> sQwoKSbaMnAqmuL3p+pT28NXu2w0G9bWhRXogjW1fDnRBOXtKZrRzyqLBIfktYH9
> Wwz6abvoHUKqvROq38nA
> =Hpll
> ------END PGP SIGNATURE----
> +-----END PGP SIGNATURE-----
> -----BEGIN PGP SIGNATURE-----
>
> iQEcBAABAgAGBQJZiVoDAAoJEE99uqmaWblzXZgH/2xAYwGb9+9mKkHQgLgMTTD4
>
The issue of the incorrect pgp signature end marker (see RFC-4880 for
the file format specs [4]) was causing the Apache checker tool [1] not
to process the asc file correctly and only listed the first signature
for the 1.8.19 bz2 archive on [2].
brane already updated the release.py-script on trunk [3] to detect that
kind of issue by running release.py check-sigs in the future, so we
should not run into such problem again.
Shortly discussed on IRC with brane whether we'd be ok with making the
correcting commit on dist.apache.org (with the conclusion to just fix it).
Regards,
Stefan
[1] http://mirror-vm.apache.org/checker/
[2] http://mirror-vm.apache.org/checker/projs/subversion.html
[3]
http://mail-archives.apache.org/mod_mbox/subversion-dev/201708.mbox/browser
[4] https://tools.ietf.org/html/rfc4880 - chapter 6.2
Received on 2017-08-17 23:06:25 CEST