Thanks for finding that list, David. There are a lot of things to check.
Therefore, before voting +1 you need to do some due diligence, and with your
vote you should describe how you validated the release.
For example, in a recent Calcite release thread[1] a typical vote looked like
this:
> +1 (non-binding)
> - downloaded, checked gpg and sha256
> - compiled and ran tests ("mvn clean install") using JDK 8_162, 10.0.1 on
> Fedora and Windows
> - ran simple queries via sqlline
Everyone should download the artifacts, check sha256 and gpg (asc) signatures,
and compile the code.
Julian
[1]
https://lists.apache.org/thread.html/c85d5f3cf1bbd9e28d76acd6905dee83cb54334c8b5d8979e1894648@%3Cdev.calcite.apache.org%3E
> On Oct 22, 2018, at 10:47 AM, David Lim <david.clarence....@gmail.com> wrote:
>
> I believe what Julian wanted to highlight was this line in the announcement:
>
>> As this is our first release under the Apache Incubator program, note
> that Apache has specific requirements that must be met before +1 binding
> votes can be cast by PMC members. Please refer to the policy at
> http://www.apache.org/legal/release-policy.html#policy for more details.
>
> Some of the statements in that document:
>
> - Before casting +1 binding votes, individuals are REQUIRED to:
> - download all signed source code packages onto their own hardware
> - verify that they meet all requirements of ASF policy on releases, for
> example:
> - Every ASF release MUST contain one or more source packages, which
> MUST be sufficient for a user to build and test the release provided they
> have access to the appropriate platform and tools
> - All supplied packages MUST be cryptographically signed by the
> Release Manager with a detached signature
> - Binary/bytecode package MUST have the same version number as the
> source release and MUST only add binary/bytecode files that are the result
> of compiling that version of the source code release and its dependencies
> - Each package MUST provide a LICENSE file and a NOTICE file which
> account for the package's exact content. LICENSE and NOTICE MUST NOT
> provide unnecessary information about materials which are not bundled in
> the package, such as separately downloaded dependencies. For source
> packages, LICENSE and NOTICE MUST be located at the root of the
> distribution. For additional packages, they MUST be located in the
> distribution format's customary location for licensing materials, such as
> the META-INF directory of Java "jar" files.
> - validate all cryptographic signatures
> - compile as provided
> - test the result on their own platform
>
> Additionally, as an incubator project, we are required to have a DISCLAIMER
> file indicating that we are undergoing incubation.
>
> One question I have: for the binary tarball package, we have a LICENSE and
> NOTICE file in the root of the distribution which is what we have always
> done, but I have not also included these files in the individual JAR files
> under META-INF. I thought that having them in the root would be sufficient,
> but now I'm thinking they might actually also need to be in each JAR file
> since those files will be made available through Maven independent of our
> tarball packaging. I checked the Maven artifacts for previous versions of
> Druid and they don't include the LICENSE and NOTICE file in the JAR, but it
> feels to me like this will be required. Thoughts welcome.
>
> David
>
>
>
> On Mon, Oct 22, 2018 at 9:04 AM Slim Bouguerra <slim.bougue...@gmail.com>
> wrote:
>
>> Hey Julian
>> Thanks for pointing that out.
>>
>> For the Apache related major changes please carefully review
>> https://github.com/apache/incubator-druid/labels/Apache
>> For bugs/features the release note is what you want to check
>> https://github.com/apache/incubator-druid/issues/6442/
>>
>>
>> On Sun, Oct 21, 2018 at 6:38 PM Fangjin Yang <fang...@imply.io> wrote:
>>
>>> +1
>>>
>>> On Sun, Oct 21, 2018 at 3:34 PM Julian Hyde <jh...@apache.org> wrote:
>>>
>>>> Hey Slim,
>>>>
>>>> Since this is an Apache release, and you've voted on Apache releases
>>>> before in Calcite and Hive, can you explain what you checked before
>>>> you voted "+1". There are many folks here who have not been through
>>>> the release process, and we veterans should show them the ropes.
>>>>
>>>> Julian
>>>>
>>>> On Sun, Oct 21, 2018 at 1:16 PM Slim Bouguerra <
>> slim.bougue...@gmail.com
>>>>
>>>> wrote:
>>>>>
>>>>> +1
>>>>>
>>>>>> On Oct 21, 2018, at 8:41 AM, David Lim <david...@apache.org>
>> wrote:
>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I have created a build for Apache Druid (incubating) 0.13.0,
>> release
>>>>>> candidate 1.
>>>>>>
>>>>>> Thanks to everyone who has contributed to this release! You can
>> read
>>>> the
>>>>>> proposed release notes here:
>>>>>> https://github.com/apache/incubator-druid/issues/6442
>>>>>>
>>>>>> The release candidate has been tagged in GitHub as
>>>>>> druid-0.13.0-incubating-rc1 (acf15b4), available here:
>>>>>>
>>>>
>>>
>> https://github.com/apache/incubator-druid/releases/tag/druid-0.13.0-incubating-rc1
>>>>>>
>>>>>> The artifacts to be voted on are located here:
>>>>>>
>>>>
>>>
>> https://dist.apache.org/repos/dist/dev/incubator/druid/apache-druid-0.13.0-incubating-rc1/
>>>>>>
>>>>>> Release artifacts are signed with the following key:
>>>>>> https://people.apache.org/keys/committer/davidlim.asc. This key
>> and
>>>> the key
>>>>>> of other committers can also be found in the project's KEYS file
>>> here:
>>>>>>
>>>>>> https://dist.apache.org/repos/dist/dev/incubator/druid/KEYS
>>>>>>
>>>>>> (If you are a committer, please feel free to add your own key to
>> that
>>>> file
>>>>>> by following the instructions in the file's header.)
>>>>>>
>>>>>> Please review the proposed artifacts and vote. As this is our first
>>>> release
>>>>>> under the Apache Incubator program, note that Apache has specific
>>>>>> requirements that must be met before +1 binding votes can be cast
>> by
>>>> PMC
>>>>>> members. Please refer to the policy at
>>>>>> http://www.apache.org/legal/release-policy.html#policy for more
>>>> details.
>>>>>>
>>>>>> As part of the validation process, the release artifacts can be
>>>> generated
>>>>>> from source by running: mvn clean install -Papache-release -Dtar
>>>>>>
>>>>>> This vote will be open for at least 72 hours but likely more, in
>>>> following
>>>>>> the Druid community's practice of deploying the RC to larger
>> clusters
>>>> and
>>>>>> allowing it to soak for a period of time to flush out any remaining
>>>> issues.
>>>>>> The vote will pass if a majority of at least three +1 PMC votes are
>>>> cast.
>>>>>>
>>>>>> Once the vote has passed, the second stage vote will be called on
>> the
>>>>>> Apache Incubator mailing list to get approval from the Incubator
>> PMC.
>>>>>>
>>>>>> [ ] +1 Release this package as Apache Druid (incubating) 0.13.0
>>>>>> [ ] 0 I don't feel strongly about it, but I'm okay with the
>> release
>>>>>> [ ] -1 Do not release this package because...
>>>>>>
>>>>>> Thanks!
>>>>>> David
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org
>>>>> For additional commands, e-mail: dev-h...@druid.apache.org
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org
>>>> For additional commands, e-mail: dev-h...@druid.apache.org
>>>>
>>>>
>>>
>>
>>
>> --
>>
>> B-Slim
>> _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org
For additional commands, e-mail: dev-h...@druid.apache.org
