Examined the LICENSE, NOTICE, README, and DISCLAIMER files. Checked the signatures and checksum.

The sha256 checksum matches what is in the email, however, the .sha256 file seems like a different binary file. The .md5 hash is the only hash most projects seem to publish, so that might be sufficient in this case as well.

On Tue, Oct 6, 2015 at 10:25 AM, Alan Gates <alanfgates@gmail.com> wrote:

I looked at the signatures, the LICENSE, NOTICE, and DISCLAIMER files, checked for any binary files in the distro, and checked that source files have the appropriate license header.


September 29, 2015 at 19:47
Hi all,

The SINGA community has voted on and approved a proposal to release Apache
SINGA 0.1.0 (incubating).

The vote thread is at:

and the result is at:

We ask the IPMC to vote on this release.

The artifacts to be voted on are located here:

The hashes of the artifacts are as follows:
apache-singa-incubating-0.1.0-RC2.tar.gz.md5: 63 0F DF E0 74 E0 E1 1F 89
F6 0E DF 9E 66 50 73
apache-singa-incubating-0.1.0-RC2.tar.gz.sha256: EE7CF820 70DB46F5 20FC39A1
F85B5B73 865503BD 36280917 5369EB9F 5FA7199E

Release artifacts are signed with the following key:

and the signature file is:

The vote is open for at least 72 hours, or until the necessary number of
votes (3 +1) is reached.

[ ] +1 Release this package as Apache SINGA 0.1.0-incubating
[ ] 0 I don't feel strongly about it, but I'm okay with the release
[ ] -1 Do not release this package because...


Wei Wang