Re: [VOTE] Release Apache Daffodil VS Code 1.1.0-rc2

Fri, 19 Aug 2022 11:18:01 -0700 

+1 (binding)

I marked four checks as MINOR and I'm fine with them being fixed prior
to the release (website link update & issues without milestone) or in
the next release (license issue, yarn audit CVE)

I checked:

[OK] hashes and signatures of source and helper binaries are correct
[OK] signature of git tag is correct
[OK] source release matches git tag
[OK] source compiles using yarn package
[OK] compiled source matches convenience binary exactly (except for timestamps in zip file) 
[OK] RAT check passes
[OK] no unexpected binaries in source
[OK] vsix installs without error
[MINOR] No open CVE's found using sbt-dependency-check plugin and yarn audit (except for false positives) 
- yarn audit found one open CVE with Terser regeular expressions, but
  it is via a dependency with webpack which is only a dev dependency,
  so less of an issue. We should try to upgrade webpack for future
  releases, maybe it'll go away
[MINOR] Page for release published on website
- Page still links to rc1 release, but I was able to download files
  from the VOTE email. Make sure to update this page as part of the
  final release process, and in the future anytime we do a new rc
[MINOR] src and binaries include correct LICENSE/NOTICE
- The build/extension.webpack.config.js file is marked as MIT from
  Microsoft, but is not listed in the LICENSE file. This MS license
  and other files are listed so we're just missing this one
[MINOR] no closed issues without a milestone
- There's a handful of issues that have been closed but have not been
  assigned a milestone. Were they all closed as part of 1.1.0? Can
  they be added to this milestone?


https://github.com/apache/daffodil-vscode/issues?q=is%3Aissue+is%3Aclosed+no%3Amilestone


On 8/15/22 5:25 PM, Shane Dell wrote:

Hello all,I'd like to call a vote to release Apache Daffodil VS Code 1.1.0-rc2.

All distribution packages, including signatures, digests, etc. can be
found at:
https://dist.apache.org/repos/dist/dev/daffodil/daffodil-vscode/1.1.0-rc2/

This release has been signed with PGP key
86DDE7B41291E380237934F007570D3ADC76D51B, corresponding
to shaned...@apache.org, which is included in the KEYS file here:
https://downloads.apache.org/daffodil/KEYS

The release candidate has been tagged in git with 1.1.0-rc2.

For reference, here is a list of all closed GitHub issues tagged with 1.1.0:
https://github.com/apache/daffodil-vscode/milestone/2?closed=1

Please review and vote. The vote will be open for at least 72 hours
(Thursday, 18 August 2022, 5:30pm EST).

[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)

Thank you,

- Shane Dell

Reply via email to