-1 (binding)
Main areas for this:
*
The LICENSE and NOTICE files contain a lot of things that don’t belong there.
*
Usually, things listed in the LICENSE file, explicitly refer to files in the
local repository which were included from other sources.
*
Usually, things listed in the NOTICE file, refer to things listed in the
LICENSE file, if that license requires to, but on a much higher level.
*
https://github.com/apache/plc4x/blob/develop/LICENSE#L207
*
https://github.com/apache/plc4x/blob/develop/NOTICE#L9
*
The staging repo in Nexus doesn’t contain most of the project artifacts.
Chris
[OK] Verify the release artifacts have „incubating“ in their names
[OK] Download all staged artifacts under the url specified in the release vote
email.
[MINOR] Verify the signature is correct.
- I can’t establish a „connection of trust“ RMs should possibly think of
attending Apache key signing „parties“ at Community over Code events.
[OK] Check if the signature references an Apache email address.
[OK] Verify the SHA512 hashes.
[OK] Unzip the archive.
[OK] Verify the existence of DISCLAIMER, LICENSE, NOTICE, README files in the
extracted source bundle.
[MAJOR] Verify the content of DISCLAIMER, LICENSE, NOTICE, README files in the
extracted source bundle.
- LICENSE:
- Dependencies should not be listed here.
- Didn’t find anything needing listing in LICENSE here.
- NOTICE:
- Only notices for code included in the repo should be added here.
- I couldn't spot any code included, that needed being listed here.
[MINOR] Run RAT externally to ensure there are no surprises.
- Many files in src/main/resources/META-INF/services don’t have Apache
headers (Would be good to add them)
*
(Double check if it’s just a reference) EPL is only allowed to be used in
binary form
*
(Double check) Bouncy Castle License not listed on
https://www.apache.org/legal/resolved.html
*
Most of the license files in „/licenses“ actually should not be needed from my
point of view.
[OK] Search for SNAPSHOT references
[OK] Search for Copyright references, and if they are in headers, make sure
these files containing them are mentioned in the LICENSE file.
[MINOR] Build the project according to the information in the README.md file.
*
Needed to manually run „./mvnw install“ on „testsuites“ in order to build
„./mvnw test“ on the root (as described in the README)
*
As it was running including tests for more than 30 minutes and I already had
enough to vote -1 I’m sending this email before the build is complete.
General Issues:
https://repository.apache.org/content/repositories/orgapachebifromq-1004/org/apache/bifromq/
Doesn’t contain any of the release artifacts, just some plugins.
The version is currently 4.0.0-incubating, that’s not ideal. You should use the
assembly plugin to add the „incubating“ to the archive, adding text to the end
of the version-number might cause issues. The version number should be „4.0.0“.
Even if I just learned, that variables in parent declarations works for a very
limited number of variable names, still I would strongly recommend to not use
this feature. Especially when using a maven dependency, it’s impossible to see
which version you have, without looking at the file name loaded.
I prefer to have the full version in pom files and to rely on the release
plugin to update these for me when cutting an RC.
Von: 鸳鸯蝴蝶 <[email protected]>
Datum: Donnerstag, 11. Dezember 2025 um 10:47
An: dev <[email protected]>
Betreff: 回复:[VOTE] Release Apache BifroMQ 4.0.0-incubating RC1
Hi all,
+1 (non-binding)
I have reviewed the release artifacts and verified the build process.
Everything looks good.
Best regards,
liaodn
------------------ 原始邮件 ------------------
发件人:
"dev"
<[email protected]>;
发送时间: 2025年12月9日(星期二) 下午3:42
收件人: "dev"<[email protected]>;
主题: [VOTE] Release Apache BifroMQ 4.0.0-incubating RC1
Hi all,
Following the earlier discussion on the release (
https://github.com/apache/bifromq/discussions/192), I would like to start a
vote on the first incubator release candidate of Apache BifroMQ:
4.0.0-incubating RC1.
This is the first release of BifroMQ under the Apache Incubator and an
important milestone for the project. A large amount of refactoring and
compliance work was completed to make this release possible. I would like
to thank the PPMC members and mentors in advance for taking the time to
review it.
*Release Artifacts*
Source and binary:
https://dist.apache.org/repos/dist/dev/incubator/bifromq/4.0.0-incubating-RC1/
Git tag & commit:
Tag: v4.0.0-incubating-RC1
Commit:
https://github.com/apache/bifromq/commit/67eb2ff06aeb9be39e3fa2d4ddeb17098040eef6
Release notes:
https://github.com/apache/bifromq/releases/tag/v4.0.0-incubating-RC1
Maven staging repo:
https://repository.apache.org/content/repositories/orgapachebifromq-1004/
PGP KEYS:
https://dist.apache.org/repos/dist/release/incubator/bifromq/KEYS
Signer: popduke
Docker images will be published via Github Workflow
<https://github.com/apache/bifromq/blob/main/.github/workflows/docker-publish.yml>
under the Apache org after the source release is approved.
*Build Verification Guide*
1. Download the source archive from the dist/dev location.
2. Build using Maven:
> ./mvnw -v
> ./mvnw -U clean verify -DskipTests -Pbuild-release
3. Check that the build completes successfully and the expected artifacts
are produced.
Notes:
• RAT exclusions are applied in the *build-release* profile. Please use the
full build command above; invoking *apache-rat:check* directly will not
pick up these exclusions.
• Running the complete test suites may take a significant amount of time,
and some integration tests may fail depending on the resource constraints
of the running environment.
*Vote*
The vote stays open for 72 hours and until three binding +1s are received.
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 do not approve (please provide the reason)
Quick references for Checklist
[ ] Download links are valid
[ ] Checksums and signatures
[ ] LICENSE/NOTICE files exist
[ ] No unexpected binary files
[ ] All source files have ASF headers
[ ] Can compile from source
Reference:
https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
Additional information about Apache BifroMQ is available at
https://bifromq.apache.org/.
Thanks
--
Yonny(Yu) Hao
