Thanks for your careful review work. This SECURITY.md file not follow the ASF vulnerability handling process. We have created an issue[1] for this, We plan to resolve this minor issue in the next release. Will this be a blocker for current releases?
[1] https://github.com/apache/incubator-streampark/issues/3610 Best, Huajie Wang Kent Yao <y...@apache.org> 于2024年3月13日周三 18:42写道: > It appears that the SECURITY.md[1] file has been copied from another > source? > > It does not follow the ASF vulnerability handling process. > The versions described in this file don't belong streampark. > > > > https://github.com/apache/incubator-streampark/blob/release-2.1.3-rc1/SECURITY.md > > Xuanwo <xua...@apache.org> 于2024年3月13日周三 18:26写道: > > > > +1 binding > > > > Seems a nice release! Thanks Qingrong Wang to carry this release. > > > > I have checked: > > > > [x] Download links are valid. > > [x] Checksums and PGP signatures are valid. > > > > gpg: Signature made Thu 07 Mar 2024 01:59:14 PM CST > > gpg: using RSA key > 1BF36E02634D40F9FDF49C715C08953040EE71A2 > > gpg: Good signature from "wangqingrong (for apache StreamPark release > 2.1.3 create at 20240103) <monr...@apache.org>" [ultimate] > > apache-streampark_2.11-2.1.3-incubating-bin.tar.gz: OK > > gpg: Signature made Thu 07 Mar 2024 01:59:15 PM CST > > gpg: using RSA key > 1BF36E02634D40F9FDF49C715C08953040EE71A2 > > gpg: Good signature from "wangqingrong (for apache StreamPark release > 2.1.3 create at 20240103) <monr...@apache.org>" [ultimate] > > apache-streampark_2.12-2.1.3-incubating-bin.tar.gz: OK > > gpg: Signature made Thu 07 Mar 2024 01:58:32 PM CST > > gpg: using RSA key > 1BF36E02634D40F9FDF49C715C08953040EE71A2 > > gpg: Good signature from "wangqingrong (for apache StreamPark release > 2.1.3 create at 20240103) <monr...@apache.org>" [ultimate] > > apache-streampark-2.1.3-incubating-src.tar.gz: OK > > > > [x] Source code distributions have correct names matching the current > > release. > > [x] LICENSE and NOTICE files are correct. > > [x] All files have license headers if necessary. > > > > INFO Loading configuration from file: .licenserc.yaml > > INFO Totally checked 1685 files, valid: 994, invalid: 0, ignored: 691, > fixed: 0 > > > > [x] Can compile from source > > > > [INFO] > ------------------------------------------------------------------------ > > [INFO] BUILD SUCCESS > > [INFO] > ------------------------------------------------------------------------ > > [INFO] Total time: 06:42 min > > [INFO] Finished at: 2024-03-13T18:23:46+08:00 > > [INFO] > ------------------------------------------------------------------------ > > mvn clean compile -DskipTests=true 509.92s user 8.41s system 128% cpu > 6:43.06 total > > > > On Tue, Mar 12, 2024, at 21:45, Qingrong wang wrote: > > > Hello Incubator Community: > > > > > > This is a call for a vote to release Apache StreamPark(Incubating) > > > version 2.1.3-RC1. > > > The Apache StreamPark community has voted on and approved a proposal > > > to release Apache StreamPark(Incubating) version 2.1.3-RC1. > > > We now kindly request the Incubator PMC members review and vote on > > > this incubator release. > > > Apache StreamPark, Make stream processing easier! Easy-to-use > > > streaming application development framework and operation platform. > > > > > > StreamPark community vote thread: > > > https://lists.apache.org/thread/l4dd4j70wp7rz40fm2nf2o3fwt5x0zr6 > > > > > > Vote result thread: > > > https://lists.apache.org/thread/8vd90kxwdvqtkqbtng7jg0mdzscc46xl > > > > > > The release candidate: > > > https://dist.apache.org/repos/dist/dev/incubator/streampark/2.1.3-RC1/ > > > > > > Git tag for the release: > > > https://github.com/apache/incubator-streampark/releases/tag/v2.1.3-rc1 > > > > > > The artifacts signed with PGP key [40EE71A2], corresponding > > > to[monr...@apache.org], that can be found in keys file: > > > https://downloads.apache.org/incubator/streampark/KEYS > > > > > > The vote will be open for at least 72 hours or until the necessary > > > number of votes are reached. > > > > > > Please vote accordingly: > > > [ ] +1 approve > > > [ ] +0 no opinion > > > [ ] -1 disapprove with the reason > > > > > > More detailed checklist please refer: > > > • > > > > https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist > > > > > > Steps to validate the release, Please refer to: > > > • https://www.apache.org/info/verification.html > > > • > https://streampark.apache.org/community/release/how_to_verify_release > > > > > > > > > How to Build: > > > > > > 1) clone source code: > > >> git clone -b v2.1.3-rc1 g...@github.com: > apache/incubator-streampark.git > > > > > > 2) build project: > > >> cd incubator-streampark && sh ./build.sh > > > > > > > > > Thanks, > > > > > > On behalf of Apache StreamPark(Incubating) community > > > > > > > > > Best, > > > Qingrong Wang > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > -- > > Xuanwo > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > >
