After carefully reviewing the Spotbugs report, I am going to change my vote to
+1 Most of the complaints are about returning references vs copies of things in getters. The SA_LOCAL_SELF_COMPARISON complaint looks legit, but probably harmless because it appears to have been there for a long time. It is basically dead code - comparing references vs buffer contents, which it looks like it is intended to do. The errors in the report should be fixed or filtered, but I don't think any of them are show-stoppers for release. Phil On Tue, Sep 26, 2023 at 9:38 AM Gary Gregory <garydgreg...@gmail.com> wrote: > We have fixed a few bugs and added some enhancements since Apache > Commons IO 2.13.0 was released, so I would like to release Apache > Commons IO 2.14.0. > > Apache Commons IO 2.14.0 RC1 is available for review here: > https://dist.apache.org/repos/dist/dev/commons/io/2.14.0-RC1 (svn > revision 64208) > > The Git tag commons-io-2.14.0-RC1 commit for this RC is > 82250a879112e9b58c58d289e166d66942d77341 which you can browse here: > > https://gitbox.apache.org/repos/asf?p=commons-io.git;a=commit;h=82250a879112e9b58c58d289e166d66942d77341 > You may checkout this tag using: > git clone https://gitbox.apache.org/repos/asf/commons-io.git > --branch commons-io-2.14.0-RC1 commons-io-2.14.0-RC1 > > Maven artifacts are here: > > https://repository.apache.org/content/repositories/orgapachecommons-1657/commons-io/commons-io/2.14.0/ > > These are the artifacts and their hashes: > > #Release SHA-512s > #Mon Sep 25 06:51:48 EDT 2023 > > commons-io-2.14.0-sources.jar=cb32b6c6b6c875633103e248c7998c8a0082c0c4d476688897a16549573b4d53e63fec4255f100521f265bf58b16cb4f4b7e09f4ce4b2f086eb13a15b9cce539 > > commons-io-2.14.0-bin.zip=f80efb25e30d89fe9ea26fc85baa3666c1c69c3bcdda6d566e9e95d1c627c52a16582ed48f13a06bf4d89e49e14dc1f19608f32e6dbaecd66725acc2d58d720d > > commons-io-2.14.0-src.tar.gz=f96568e55dec789661c02a1f9455bf30eece5b621f99258385112d39aded37b1ec3dea93275d3ccaed9590e9cf95ae4958ef9d028db4275900180e269c9db970 > > commons-io-2.14.0-src.zip=d6a469218279bb9be92caa43eaf49478ecc5d90056677c504c2d16f2f44677baf0929c01c2c096d18b99158d641ef5a6dcba44b88076db0f062746afa684ca5d > > commons-io-2.14.0-bom.json=9eb19600b17cfaa68d0e52f1986f09802f8bfea7a031eff536249fcca18e47bc25144b60187158ef0e8f80adeae4ae8c9b10925b6995b1e0191aa76ecf550e7a > > commons-io-2.14.0-tests.jar=4692a6fc8b11b8c0f60b0896cdc1a3a8bb5f0710e8a47c4589aa0bffe683b31fb512743af03ac699f639c2bb55342bd6c833c5dac52dcf6b0f68a8e3e9ff1d21 > > commons-io-2.14.0-test-sources.jar=ccefebb9113638343d15e05f1e25442e4cbc201ae8c6b07bc52c1ba3cdb069fda98418aa6f2731895012b76cc0fa21eb4599220dd6c9d4f9386c8b1fc27e99d3 > > commons-io_commons-io-2.14.0.spdx.json=1e509681b8e883ed500ba2c349fed3d3527e6a69101fa0f7b305e5b2f4b12bcbe67869dbefc5e26d66875b6161fab8a2747a87c553e40da1902e9ed1b6e306e8 > > commons-io-2.14.0-bin.tar.gz=a15eb43dede3c82895fe0411963ce2ba7b75716378dd93aa02f68f909f8777fdba8d738d7f895e7c4d6931bf0bba18fd409b5f6c7e0f02452047ac71f8dba313 > > commons-io-2.14.0-javadoc.jar=24ed778593714a8eb200d2daa235ca755f9c8cf06d8b1c0b164df72049b1706d3827bf9ba772297334aa3ff1833f6257249c1bcdb66e4e9e3f6874cd58a1e212 > > commons-io-2.14.0-bom.xml=256580d4b1ef0d6fce4d9379e87d62a05ca1f954abd6864406023800b5679067f50c33d8139dd830a55b016abffa6d8cba97d4f7bb06bae1f4a0307c0fec046a > > I have tested this with: > > mvn -V -Prelease -Ptest-deploy -P jacoco -P japicmp clean package site > deploy > > Using: > > Apache Maven 3.9.4 (dfbb324ad4a7c8fb0bf182e6d91b0ae20e3d2dd9) > Maven home: /usr/local/Cellar/maven/3.9.4/libexec > Java version: 17.0.8.1, vendor: Homebrew, runtime: > /usr/local/Cellar/openjdk@17/17.0.8.1/libexec/openjdk.jdk/Contents/Home > Default locale: en_US, platform encoding: UTF-8 > OS name: "mac os x", version: "13.5.2", arch: "x86_64", family: "mac" > Darwin gdg-mac-mini.local 22.6.0 Darwin Kernel Version 22.6.0: Wed Jul > 5 22:21:56 PDT 2023; root:xnu-8796.141.3~6/RELEASE_X86_64 x86_64 > > Details of changes since 2.13.0 are in the release notes: > > https://dist.apache.org/repos/dist/dev/commons/io/2.14.0-RC1/RELEASE-NOTES.txt > > https://dist.apache.org/repos/dist/dev/commons/io/2.14.0-RC1/site/changes-report.html > > Site: > > https://dist.apache.org/repos/dist/dev/commons/io/2.14.0-RC1/site/index.html > (note some *relative* links are broken and the 2.14.0 directories > are not yet created - these will be OK once the site is deployed.) > > RAT Report: > > https://dist.apache.org/repos/dist/dev/commons/io/2.14.0-RC1/site/rat-report.html > > KEYS: > https://downloads.apache.org/commons/KEYS > > Please review the release candidate and vote. > This vote will close no sooner than 72 hours from now. > > [ ] +1 Release these artifacts > [ ] +0 OK, but... > [ ] -0 OK, but really should fix... > [ ] -1 I oppose this release because... > > Thank you, > > Gary Gregory, > Release Manager (using key 86fdc7e2a11262cb) > > For following is intended as a helper and refresher for reviewers. > > Validating a release candidate > ============================== > > These guidelines are NOT complete. > > Requirements: Git, Java, Maven. > > You can validate a release from a release candidate (RC) tag as follows. > > 1a) Clone and checkout the RC tag > > git clone https://gitbox.apache.org/repos/asf/commons-io.git --branch > commons-io-2.14.0-RC1 commons-io-2.14.0-RC1 > cd commons-io-2.14.0-RC1 > > 1b) Download and unpack the source archive from: > > https://dist.apache.org/repos/dist/dev/commons/io/2.14.0-RC1/source > > 2) Check Apache licenses > > This step is not required if the site includes a RAT report page which > you then must check. > > mvn apache-rat:check > > 3) Check binary compatibility > > Older components still use Apache Clirr: > > This step is not required if the site includes a Clirr report page > which you then must check. > > mvn clirr:check > > Newer components use JApiCmp with the japicmp Maven Profile: > > This step is not required if the site includes a JApiCmp report page > which you then must check. > > mvn install -DskipTests -P japicmp japicmp:cmp > > 4) Build the package > > mvn -V clean package > > You can record the Maven and Java version produced by -V in your VOTE > reply. > To gather OS information from a command line: > Windows: ver > Linux: uname -a > > 5) Build the site for a single module project > > Note: Some plugins require the components to be installed instead of > packaged. > > mvn site > Check the site reports in: > - Windows: target\site\index.html > - Linux: target/site/index.html > > -the end- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
