-1 (binding) I performed the following checks and I think I need to vote -1 because of the language at https://apache.org/legal/release-policy.html#licensing-documentation and issue #46
- verified checksums - diffed source zip to release branch, no differences - built the source using 'mvn clean verify -Perrorprone' - ran the AccessExpressionBenchmark - verified the copyright dates in the NOTICE file - The LICENSE file was copied from Accumulo, so it contains information for files that don't exist. - Created https://github.com/apache/accumulo-access/issues/46 - Built the antlr4 contrib against the 1.0.0 release artifact and ran its benchmark - Looked at files that dont contain the Apache License (grep -Rc "Apache License" | grep 0 | grep -v target) - Found two that are not in the rat-plugin exclusion list, not sure if it's an issue: NOTICE contrib/getting-started/.gitignore On Mon, Feb 12, 2024 at 10:24 PM Keith Turner <ke...@deenlo.com> wrote: > +1 > > Verified checksums > Compared source zip to branch > Looked over recent changes in branch > Built and ran the getting started example against the staging repo : > https://github.com/apache/accumulo-access/pull/45 > > > On Mon, Feb 12, 2024 at 9:57 AM Dave Marion <dmario...@gmail.com> wrote: > > > Accumulo Developers, > > > > Please consider the following candidate for Apache Accumulo-Access 1.0.0. > > > > Git Commit: > > 276dfe1bfb3868812da5414d79f4d995bade9a36 > > Branch: > > 1.0.0-rc3 > > > > If this vote passes, a gpg-signed tag will be created using: > > git tag -f -s -m 'Apache Accumulo-Access 1.0.0' rel/1.0.0 \ > > 276dfe1bfb3868812da5414d79f4d995bade9a36 > > > > Staging repo: > > > https://repository.apache.org/content/repositories/orgapacheaccumulo-1110 > > Source (official release artifact): > > > > > https://repository.apache.org/content/repositories/orgapacheaccumulo-1110/org/apache/accumulo/accumulo-access/1.0.0/accumulo-access-1.0.0-source-release.zip > > > > Append ".asc" to download the cryptographic signature for a given > artifact. > > (You can also append ".sha1" or ".md5" instead in order to verify the > > checksums > > generated by Maven to verify the integrity of the Nexus repository > staging > > area.) > > > > Signing keys are available at https://www.apache.org/dist/accumulo/KEYS > > (Expected fingerprint: CF4A5B6E1321844EB658728306CC9CA1F9BF248E) > > > > In addition to the zipfiles and their signatures, the following checksum > > files will be added to the dist/release SVN area after release: > > accumulo-access-1.0.0-source-release.zip.sha512 will contain: > > SHA512 (accumulo-access-1.0.0-source-release.zip) = > > > > > 3175ca43f67660f88026e98d107b87efcbf3d40610177fea0e2d79ef5ea00d97b9082a12ec35033a4b6179e991aa5baad62e3909cc768e34e1c9a16017017d35 > > > > Issues and pull requests related to this release can be found at: > > https://github.com/apache/accumulo-access/issues?q=milestone%3A1.0.0 > > > > Please vote one of: > > [ ] +1 - I have verified and accept... > > [ ] +0 - I have reservations, but not strong enough to vote against... > > [ ] -1 - Because..., I do not accept... > > ... these artifacts as the 1.0.0 release of Apache Accumulo-Access. > > > > This vote will remain open until at least Thu Feb 15 15:00:00 UTC 2024. > > (Thu Feb 15 10:00:00 EST 2024 / Thu Feb 15 07:00:00 PST 2024) > > Voting can continue after this deadline until the release manager > > sends an email ending the vote. > > > > Thanks! > > > > P.S. Hint: download the whole staging repo with > > wget -erobots=off -r -l inf -np -nH \ > > > > > https://repository.apache.org/content/repositories/orgapacheaccumulo-1110/ > > # note the trailing slash is needed > > >
