[VOTE] Apache Apex Core Release 3.7.0 (RC1)

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[VOTE] Apache Apex Core Release 3.7.0 (RC1)

Pramod Immaneni
Dear Community,

Please vote on the following Apache Apex Core 3.7.0 release candidate.

This is a source release with binary artifacts published to Maven.

List of all issues fixed:  https://s.apache.org/fWT8
User documentation: https://apex.apache.org/docs/apex-3.7/

Staging directory:
https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/
Source zip:
https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/apache-apex-core-3.7.0-source-release.zip
Source tar.gz:
https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/apache-apex-core-3.7.0-source-release.tar.gz
Maven staging repository:
https://repository.apache.org/content/repositories/orgapacheapex-1033

Git source:
https://github.com/apache/apex-core/tree/v3.7.0-RC1
(commit:cd0b0d9f31b3a198425440b66c52802d1e592b4e)

PGP key:
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=pramod@...
(Key: 239E728D)
KEYS file:
https://dist.apache.org/repos/dist/release/apex/KEYS

More information at:
http://apex.apache.org

Please try the release and vote; vote will be open for 72 hours.

[ ] +1 approve (and what verification was done)
[ ] -1 disapprove (and reason why)

http://www.apache.org/foundation/voting.html

How to verify release candidate:

http://apex.apache.org/verification.html

Thanks,
Pramod
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache Apex Core Release 3.7.0 (RC1)

Vlad Rozov-2
Please fix the KEYS before proceeding with the vote.

Thank you,

Vlad

On 4/14/18 11:48, Pramod Immaneni wrote:

> Dear Community,
>
> Please vote on the following Apache Apex Core 3.7.0 release candidate.
>
> This is a source release with binary artifacts published to Maven.
>
> List of all issues fixed:  https://s.apache.org/fWT8
> User documentation: https://apex.apache.org/docs/apex-3.7/
>
> Staging directory:
> https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/
> Source zip:
> https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/apache-apex-core-3.7.0-source-release.zip
> Source tar.gz:
> https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/apache-apex-core-3.7.0-source-release.tar.gz
> Maven staging repository:
> https://repository.apache.org/content/repositories/orgapacheapex-1033
>
> Git source:
> https://github.com/apache/apex-core/tree/v3.7.0-RC1
> (commit:cd0b0d9f31b3a198425440b66c52802d1e592b4e)
>
> PGP key:
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=pramod@...
> (Key: 239E728D)
> KEYS file:
> https://dist.apache.org/repos/dist/release/apex/KEYS
>
> More information at:
> http://apex.apache.org
>
> Please try the release and vote; vote will be open for 72 hours.
>
> [ ] +1 approve (and what verification was done)
> [ ] -1 disapprove (and reason why)
>
> http://www.apache.org/foundation/voting.html
>
> How to verify release candidate:
>
> http://apex.apache.org/verification.html
>
> Thanks,
> Pramod
>

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache Apex Core Release 3.7.0 (RC1)

Pramod Immaneni
The old key was not used at all.

> On Apr 14, 2018, at 3:32 PM, Vlad Rozov <[hidden email]> wrote:
>
> Please fix the KEYS before proceeding with the vote.
>
> Thank you,
>
> Vlad
>
>> On 4/14/18 11:48, Pramod Immaneni wrote:
>> Dear Community,
>>
>> Please vote on the following Apache Apex Core 3.7.0 release candidate.
>>
>> This is a source release with binary artifacts published to Maven.
>>
>> List of all issues fixed:  https://s.apache.org/fWT8
>> User documentation: https://apex.apache.org/docs/apex-3.7/
>>
>> Staging directory:
>> https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/
>> Source zip:
>> https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/apache-apex-core-3.7.0-source-release.zip
>> Source tar.gz:
>> https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/apache-apex-core-3.7.0-source-release.tar.gz
>> Maven staging repository:
>> https://repository.apache.org/content/repositories/orgapacheapex-1033
>>
>> Git source:
>> https://github.com/apache/apex-core/tree/v3.7.0-RC1
>> (commit:cd0b0d9f31b3a198425440b66c52802d1e592b4e)
>>
>> PGP key:
>> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=pramod@...
>> (Key: 239E728D)
>> KEYS file:
>> https://dist.apache.org/repos/dist/release/apex/KEYS
>>
>> More information at:
>> http://apex.apache.org
>>
>> Please try the release and vote; vote will be open for 72 hours.
>>
>> [ ] +1 approve (and what verification was done)
>> [ ] -1 disapprove (and reason why)
>>
>> http://www.apache.org/foundation/voting.html
>>
>> How to verify release candidate:
>>
>> http://apex.apache.org/verification.html
>>
>> Thanks,
>> Pramod
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache Apex Core Release 3.7.0 (RC1)

Justin Mclean
Hi,

+1 (binding)

IMO the release is correctly signed and the vote can continue.

I checked:
- signature and hashes correct
- LICENSE and NOTICE correct
- a couple of source files are missing headers [4][5] - yes they have "Put your copyright and license info here.” but how are those files licensed?
- no unexpected binary files
- can compile from source

Signature check:
gpg: assuming signed data in 'apache-apex-core-3.7.0-source-release.tar.gz'
gpg: Signature made Sun 15 Apr 01:21:20 2018 AEST
gpg:                using RSA key EB4B068AE51B20BFA40FDAA779480420239E728D
gpg: requesting key 79480420239E728D from hkps server hkps.pool.sks-keyservers.net
gpg: key 79480420239E728D: public key "Pramod Immaneni <[hidden email]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: Good signature from "Pramod Immaneni <[hidden email]>”

If the KEYS file needs updating then do that but there’s no need to hold up the vote, the KEYS file could also be placed here [1] don’t forget or remove old releases from the release area either [2].

BTW there been a change in policy re md5 hashes and they should no longer be used. [3] Assuming this vote passes just don’t svn move the md5 hash file.

Thanks,
Justin

1. https://dist.apache.org/repos/dist/dev/apex/
2. https://dist.apache.org/repos/dist/release/apex/
3. https://www.apache.org/dev/release-distribution#sigs-and-sums
4.  apache-apex-core-3.7.0/apex-app-archetype/src/main/resources/archetype-resources/src/main/java/__packageInPathFormat__/Application.java
5.  apache-apex-core-3.7.0/apex-app-archetype/src/main/resources/archetype-resources/src/main/java/__packageInPathFormat__/RandomNumberGenerator.java
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache Apex Core Release 3.7.0 (RC1)

Pramod Immaneni
Hi,

Regd [4][5], these are templates used to generate a base application
project for users to modify and use when they run the maven archetype,
which users can eventually license as they choose. I guess these templates
could also have a license like regular resources in the system, but the
license would have to be stripped in the project, during the project
creation and it might take some dev effort in the archetype to do that.

I had updated the KEYS file earlier. Will remove the old releases and will
not move the md5 sum when the release is getting promoted.

Thanks

On Sat, Apr 14, 2018 at 7:53 PM, Justin Mclean <[hidden email]>
wrote:

> Hi,
>
> +1 (binding)
>
> IMO the release is correctly signed and the vote can continue.
>
> I checked:
> - signature and hashes correct
> - LICENSE and NOTICE correct
> - a couple of source files are missing headers [4][5] - yes they have "Put
> your copyright and license info here.” but how are those files licensed?
> - no unexpected binary files
> - can compile from source
>
> Signature check:
> gpg: assuming signed data in 'apache-apex-core-3.7.0-
> source-release.tar.gz'
> gpg: Signature made Sun 15 Apr 01:21:20 2018 AEST
> gpg:                using RSA key EB4B068AE51B20BFA40FDAA779480420239E728D
> gpg: requesting key 79480420239E728D from hkps server
> hkps.pool.sks-keyservers.net
> gpg: key 79480420239E728D: public key "Pramod Immaneni <[hidden email]>"
> imported
> gpg: Total number processed: 1
> gpg:               imported: 1
> gpg: Good signature from "Pramod Immaneni <[hidden email]>”
>
> If the KEYS file needs updating then do that but there’s no need to hold
> up the vote, the KEYS file could also be placed here [1] don’t forget or
> remove old releases from the release area either [2].
>
> BTW there been a change in policy re md5 hashes and they should no longer
> be used. [3] Assuming this vote passes just don’t svn move the md5 hash
> file.
>
> Thanks,
> Justin
>
> 1. https://dist.apache.org/repos/dist/dev/apex/
> 2. https://dist.apache.org/repos/dist/release/apex/
> 3. https://www.apache.org/dev/release-distribution#sigs-and-sums
> 4.  apache-apex-core-3.7.0/apex-app-archetype/src/main/
> resources/archetype-resources/src/main/java/__packageInPathFormat__/
> Application.java
> 5.  apache-apex-core-3.7.0/apex-app-archetype/src/main/
> resources/archetype-resources/src/main/java/__packageInPathFormat__/
> RandomNumberGenerator.java
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache Apex Core Release 3.7.0 (RC1)

Pramod Immaneni
Dear community,

Please verify and vote.

Thanks

On Sun, Apr 15, 2018 at 8:45 AM, Pramod Immaneni <[hidden email]>
wrote:

> Hi,
>
> Regd [4][5], these are templates used to generate a base application
> project for users to modify and use when they run the maven archetype,
> which users can eventually license as they choose. I guess these templates
> could also have a license like regular resources in the system, but the
> license would have to be stripped in the project, during the project
> creation and it might take some dev effort in the archetype to do that.
>
> I had updated the KEYS file earlier. Will remove the old releases and will
> not move the md5 sum when the release is getting promoted.
>
> Thanks
>
> On Sat, Apr 14, 2018 at 7:53 PM, Justin Mclean <[hidden email]>
> wrote:
>
>> Hi,
>>
>> +1 (binding)
>>
>> IMO the release is correctly signed and the vote can continue.
>>
>> I checked:
>> - signature and hashes correct
>> - LICENSE and NOTICE correct
>> - a couple of source files are missing headers [4][5] - yes they have
>> "Put your copyright and license info here.” but how are those files
>> licensed?
>> - no unexpected binary files
>> - can compile from source
>>
>> Signature check:
>> gpg: assuming signed data in 'apache-apex-core-3.7.0-source
>> -release.tar.gz'
>> gpg: Signature made Sun 15 Apr 01:21:20 2018 AEST
>> gpg:                using RSA key EB4B068AE51B20BFA40FDAA7794804
>> 20239E728D
>> gpg: requesting key 79480420239E728D from hkps server
>> hkps.pool.sks-keyservers.net
>> gpg: key 79480420239E728D: public key "Pramod Immaneni <[hidden email]>"
>> imported
>> gpg: Total number processed: 1
>> gpg:               imported: 1
>> gpg: Good signature from "Pramod Immaneni <[hidden email]>”
>>
>> If the KEYS file needs updating then do that but there’s no need to hold
>> up the vote, the KEYS file could also be placed here [1] don’t forget or
>> remove old releases from the release area either [2].
>>
>> BTW there been a change in policy re md5 hashes and they should no longer
>> be used. [3] Assuming this vote passes just don’t svn move the md5 hash
>> file.
>>
>> Thanks,
>> Justin
>>
>> 1. https://dist.apache.org/repos/dist/dev/apex/
>> 2. https://dist.apache.org/repos/dist/release/apex/
>> 3. https://www.apache.org/dev/release-distribution#sigs-and-sums
>> 4.  apache-apex-core-3.7.0/apex-app-archetype/src/main/resources
>> /archetype-resources/src/main/java/__packageInPathFormat__/A
>> pplication.java
>> 5.  apache-apex-core-3.7.0/apex-app-archetype/src/main/resources
>> /archetype-resources/src/main/java/__packageInPathFormat__/R
>> andomNumberGenerator.java
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache Apex Core Release 3.7.0 (RC1)

Vlad Rozov-2
In reply to this post by Pramod Immaneni
+1 (binding).

- verified release signature and hashes
- "mvn clean apache-rat:check verify -Dlicense.skip=false install
-Dmaven.repo.local=<path to temp>" runs clean on my machine
- verified NOTICE, LICENSE, CHANGELOG.md and README.md
- checked DEPENDENCIES
- no unexpected binary/jar files

I deleted .md5 hashes from svn, they should not be present and there is
no need to verify them.

Thank you,

Vlad

On 4/14/18 11:48, Pramod Immaneni wrote:

> Dear Community,
>
> Please vote on the following Apache Apex Core 3.7.0 release candidate.
>
> This is a source release with binary artifacts published to Maven.
>
> List of all issues fixed:  https://s.apache.org/fWT8
> User documentation: https://apex.apache.org/docs/apex-3.7/
>
> Staging directory:
> https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/
> Source zip:
> https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/apache-apex-core-3.7.0-source-release.zip
> Source tar.gz:
> https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/apache-apex-core-3.7.0-source-release.tar.gz
> Maven staging repository:
> https://repository.apache.org/content/repositories/orgapacheapex-1033
>
> Git source:
> https://github.com/apache/apex-core/tree/v3.7.0-RC1
> (commit:cd0b0d9f31b3a198425440b66c52802d1e592b4e)
>
> PGP key:
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=pramod@...
> (Key: 239E728D)
> KEYS file:
> https://dist.apache.org/repos/dist/release/apex/KEYS
>
> More information at:
> http://apex.apache.org
>
> Please try the release and vote; vote will be open for 72 hours.
>
> [ ] +1 approve (and what verification was done)
> [ ] -1 disapprove (and reason why)
>
> http://www.apache.org/foundation/voting.html
>
> How to verify release candidate:
>
> http://apex.apache.org/verification.html
>
> Thanks,
> Pramod
>

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache Apex Core Release 3.7.0 (RC1)

Thomas Weise-2
Administrator
In reply to this post by Pramod Immaneni
+1 (binding)

- verified signatures
- build from source archive
- tests pass
- run pi demo on YARN 2.7.1

When updating the download page after the release, please also remove the
md5 links from it.

Thanks,
Thomas


On Sat, Apr 14, 2018 at 11:48 AM, Pramod Immaneni <[hidden email]>
wrote:

> Dear Community,
>
> Please vote on the following Apache Apex Core 3.7.0 release candidate.
>
> This is a source release with binary artifacts published to Maven.
>
> List of all issues fixed:  https://s.apache.org/fWT8
> User documentation: https://apex.apache.org/docs/apex-3.7/
>
> Staging directory:
> https://dist.apache.org/repos/dist/dev/apex/apache-apex-core-3.7.0-RC1/
> Source zip:
> https://dist.apache.org/repos/dist/dev/apex/apache-apex-
> core-3.7.0-RC1/apache-apex-core-3.7.0-source-release.zip
> Source tar.gz:
> https://dist.apache.org/repos/dist/dev/apex/apache-apex-
> core-3.7.0-RC1/apache-apex-core-3.7.0-source-release.tar.gz
> Maven staging repository:
> https://repository.apache.org/content/repositories/orgapacheapex-1033
>
> Git source:
> https://github.com/apache/apex-core/tree/v3.7.0-RC1
> (commit:cd0b0d9f31b3a198425440b66c52802d1e592b4e)
>
> PGP key:
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=pramod@...
> (Key: 239E728D)
> KEYS file:
> https://dist.apache.org/repos/dist/release/apex/KEYS
>
> More information at:
> http://apex.apache.org
>
> Please try the release and vote; vote will be open for 72 hours.
>
> [ ] +1 approve (and what verification was done)
> [ ] -1 disapprove (and reason why)
>
> http://www.apache.org/foundation/voting.html
>
> How to verify release candidate:
>
> http://apex.apache.org/verification.html
>
> Thanks,
> Pramod
>