+1 * Built from the commit, and verified the tarball contents were bit-for-bit identical (except for the timestamp in the accumulo_user_manual.html, which is expected). * Built from source tarball to verify build works as expected when not in a git repository * Verified the SHA512 sums below match the staged artifacts * Verified all the GPG signatures match their corresponding artifacts in the staging repo and that the fingerprint of the key used matches Mike's * Verified all MD5s and SHA1s in the Maven staging repo match their corresponding artifact * Verified all jars have a corresponding javadoc jar and source jar in the staging repo * Verified the source tarball matches the contents of the git commit and branch specified below * Inspected LICENSE and NOTICE files * Verified all tests and ITs pass with both Hadoop 2 (2.6.5) and Hadoop 3 (3.0.3) profiles * Verified basic installation and operation with fluo-uno (using Hadoop 2.9.2 and 3.0.3; ZooKeeper 3.6.1) * Verified the git commit specified in the jar manifests matches the one below * Verified all the expected jars from the accumulo build exist in the binary tarball's lib directory (maven-plugin and iterator test framework don't, but that's expected, since they are consumed by users via maven)
On Thu, Aug 27, 2020 at 12:37 PM Mike Miller <mmil...@apache.org> wrote: > > Accumulo Developers, > > Please consider the following candidate for Apache Accumulo 1.10.0. > > Git Commit: > 4d261254c3ac43a3bd13ce974e91ce4303a83998 > Branch: > 1.10.0-rc2 > > If this vote passes, a gpg-signed tag will be created using: > git tag -f -m 'Apache Accumulo 1.10.0' -s rel/1.10.0 \ > 4d261254c3ac43a3bd13ce974e91ce4303a83998 > > Staging repo: > https://repository.apache.org/content/repositories/orgapacheaccumulo-1086 > Source (official release artifact): > https://repository.apache.org/content/repositories/orgapacheaccumulo-1086/org/apache/accumulo/accumulo/1.10.0/accumulo-1.10.0-src.tar.gz > Binary: > https://repository.apache.org/content/repositories/orgapacheaccumulo-1086/org/apache/accumulo/accumulo/1.10.0/accumulo-1.10.0-bin.tar.gz > > Append ".asc" to download the cryptographic signature for a given artifact. > (You can also append ".sha1" or ".md5" instead in order to verify the > checksums > generated by Maven to verify the integrity of the Nexus repository staging > area.) > > Signing keys are available at https://www.apache.org/dist/accumulo/KEYS > (Expected fingerprint: 1914AF6FE2C53672C87CE1DADC8FFDC342894E89) > > In addition to the tarballs and their signatures, the following checksum > files will be added to the dist/release SVN area after release: > accumulo-1.10.0-src.tar.gz.sha512 will contain: > SHA512 (accumulo-1.10.0-src.tar.gz) = > 81f2a8f8273e2bdfe46d6a807dc38276ee2937ced648829648b7750bfc22816c13d43461d1b08c50a6957d78a999ae3109c93d2f31c7d8be116e91e0ea25f5c2 > accumulo-1.10.0-bin.tar.gz.sha512 will contain: > SHA512 (accumulo-1.10.0-bin.tar.gz) = > 9d3023c8724069282035ed6dcb047f737c1c53dc05f7b15da2cfd941f51d1d7720892496475430eb639f3a36c83f4eecc1942c0317c67d38dcf2061d06beb648 > > Release notes (in progress) can be found at: > https://accumulo.apache.org/release/accumulo-1.10.0/ > > Release testing instructions: > https://accumulo.apache.org/contributor/verifying-release > > Please vote one of: > [ ] +1 - I have verified and accept... > [ ] +0 - I have reservations, but not strong enough to vote against... > [ ] -1 - Because..., I do not accept... > ... these artifacts as the 1.10.0 release of Apache Accumulo. > > This vote will remain open until at least Sun Aug 30 16:30:00 UTC 2020. > (Sun Aug 30 12:30:00 EDT 2020 / Sun Aug 30 09:30:00 PDT 2020) > Voting can continue after this deadline until the release manager > sends an email ending the vote. > > Thanks! > > P.S. Hint: download the whole staging repo with > wget -erobots=off -r -l inf -np -nH \ > > https://repository.apache.org/content/repositories/orgapacheaccumulo-1086/ > # note the trailing slash is needed
