Thanks Elek for detailed verification. Please find inline replies.
-Vinay On Fri, Feb 28, 2020 at 7:49 PM Elek, Marton <e...@apache.org> wrote: > > Thank you very much to work on this release Vinay, 1.0.0 is always a > hard work... > > > 1. I downloaded it and I can build it from the source > > 2. Checked the signature and the sha512 of the src package and they are > fine > > 3. Yetus seems to be included in the source package. I am not sure if > it's intentional but I would remove the patchprocess directory from the > tar file. > > Since dev-support/create-release script and assembly file is copied from hadoop-repo, I can find this issue exits in hadoop source release packages as well. ex: I checked 3.1.2 and 2.10 src packages. I will raise a Jira and fix this for both hadoop and thirdparty. 4. NOTICE.txt seems to be outdated (I am not sure, but I think the > Export Notice is unnecessary, especially for the source release, also > the note about the bouncycastle and Yarn server is unnecessary). > > Again, NOTICE.txt was copied from Hadoop and kept as is. I will create a jira to decide about NOTICE and LICENSEs 5. NOTICE-binary and LICENSE-binary seems to be unused (and they contain > unrelated entries, especially the NOTICE). IMHO > > We can decide in the Jira whether NOTICE-binary and LICENSE-binary to be used or not. 6. As far as I understand the binary release in this case is the maven > artifact. IANAL but the original protobuf license seems to be missing > from "unzip -p hadoop-shaded-protobuf_3_7-1.0.0.jar META-INF/LICENSE.txt" > I observed that there is one more file "META-INF/DEPENDENCIES" generated by shade plugin, which have reference to shaded artifacts and poniting to link of the original artifact LICENSE. I think this should be sufficient about protobuf's original license. IMO, "META-INF/LICENSE.txt" should point to current project's LICENSE, which in-turn can have contents/pointers of dependents' licenses. Siimilar approach followed in hadoop-shaded-client jars. hadoop's artifacts also will be uploaded to maven repo during release, which doesnot carry all LICENSE files in artifacts. It just says "See licenses/ for text of these licenses" which doesnot exist in artifact. May be we need to fix this too. 7. Minor nit: I would suggest to use only the filename in the sha512 > files (instead of having the /build/source/target prefix). It would help > to use `sha512 -c` command to validate the checksum. > > Again, this is from create-release script. will update the script. Thanks again to work on this, > Marton > > ps: I am not experienced with licensing enough to judge which one of > these are blocking and I might be wrong. > > IMO, none of these should be blocking and can be handled before next release. Still if someone feels this should be fixed and RC should be cut again, I am open to it. Thanks. > > > On 2/25/20 8:17 PM, Vinayakumar B wrote: > > Hi folks, > > > > Thanks to everyone's help on this release. > > > > I have created a release candidate (RC0) for Apache Hadoop Thirdparty > 1.0.0. > > > > RC Release artifacts are available at : > > > http://home.apache.org/~vinayakumarb/release/hadoop-thirdparty-1.0.0-RC0/ > > > > Maven artifacts are available in staging repo: > > > https://repository.apache.org/content/repositories/orgapachehadoop-1258/ > > > > The RC tag in git is here: > > https://github.com/apache/hadoop-thirdparty/tree/release-1.0.0-RC0 > > > > And my public key is at: > > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS > > > > *This vote will run for 5 days, ending on March 1st 2020 at 11:59 pm > IST.* > > > > For the testing, I have verified Hadoop trunk compilation with > > "-DdistMgmtSnapshotsUrl= > > https://repository.apache.org/content/repositories/orgapachehadoop-1258/ > > -Dhadoop-thirdparty-protobuf.version=1.0.0" > > > > My +1 to start. > > > > -Vinay > > >