Thank you both!
+1 from me!
[✓] Build and Unit Tests Pass
[ ] Integration Tests Pass
[ ] Signatures and Hashes Match Keys
[✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
Packages
[✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and Incubator
Policy
[✓] CHANGELOG included with release distribution
[✓] All Source Files Have Correct ASF Headers
[ ] No Binary Files in Source Release Packages
Best,
*Amir M. Ghaemi*
On Sun, Mar 24, 2024 at 1:14 PM Jason Young <j...@apache.org> wrote:
> +1 from me now, and thanks for updating the release script.
>
> > [Y] Build and Unit Tests Pass
> > [Y] Integration Tests Pass
> > [Y] Signatures and Hashes Match Keys
> > [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > [Y] CHANGELOG included with release distribution
> > [Y] All Source Files Have Correct ASF Headers
> > [Y] No Binary Files in Source Release Packages
>
> -Jason
>
> On 2024/03/23 19:30:10 Evan Jones wrote:
> > All,
> >
> > I've fixed up the release candidate. Given the commit head and source
> code
> > haven't changed, I've decided to update the RC in place on the apache
> > dist/dev repo and will keep the voting open on this thread to avoid
> > spamming your inboxes.
> >
> > Fixes:
> > 1. The release script in the flagon repo claimed to run git clean -dxf,
> but
> > this was actually commented out. I've fixed this in the script.
> > 2. I indeed was signing with a different default key. This has been
> fixed.
> > However, please note, your verification call was incorrect. You must do a
> > one-one mapping between the signatures and their constituent files. For
> > unix systems, the one-liner below does this:
> > for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
> > 3. I updated the script to use sha512sum. This should ameliorate your
> > issues, Jason.
> >
> > Please re-assess the candidate and get your votes in. We'll extend voting
> > by another 72 hours.
> >
> > Best
> >
> > Evan Jones
> > Website: www.ea-jones.com
> >
> >
> > On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <evan.a.jon...@gmail.com>
> wrote:
> >
> > > Thanks, Jason.
> > >
> > > 1. This is odd. I used the script. And explicitly recall it asking
> about
> > > git clean.
> > >
> > > 2. I was worried about this. I have multiple keys.
> > >
> > > 3. I'll update the script to use sha512sum.
> > >
> > > Will re-roll later.
> > >
> > > Best
> > >
> > > Evan Jones
> > > Website: www.ea-jones.com
> > >
> > >
> > > On Sat, Mar 23, 2024 at 9:55 AM Jason Young <j...@apache.org> wrote:
> > >
> > >> -1 from me
> > >>
> > >> 1. (blocking) Source artifacts should contain only files tracked by
> git
> > >> but there are build files, log files, and .vscode. The
> > >> make-release-artifacts.sh script should do this, so maybe this is an
> issue
> > >> with the script. Otherwise you can remove these files with `git clean
> -dxf`
> > >>
> > >> 2. (blocking) I cannot verify the signatures, I am running:
> > >> gpg --import KEYS
> > >> gpg --verify *.asc
> > >>
> > >> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
> verify,
> > >> which I'm guessing is a different GPG key on your machine
> > >>
> > >> 3. (non-blocking) When I check the hashes with shasum it throws "no
> > >> properly formatted SHA checksum lines found". I recalculated and
> compared
> > >> the hashes and they are correct but formatted differently.
> > >>
> > >> Your hashes were generated with gpg --print-md, and I couldn't figure
> out
> > >> how to programmatically check this format. Also, Apache recommends
> shasum
> > >> for SHA-512 release hashs.
> > >> https://infra.apache.org/release-signing.html#sha-checksum
> > >>
> > >> [Y] Build and Unit Tests Pass
> > >> [Y] Integration Tests Pass
> > >> [N] Signatures and Hashes Match Keys
> > >> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > >> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > >> [Y] CHANGELOG included with release distribution
> > >> [Y] All Source Files Have Correct ASF Headers
> > >> [N] No Binary Files in Source Release Packages
> > >>
> > >> -Jason
> > >>
> > >> On 2024/03/22 00:58:41 Evan Jones wrote:
> > >> > Hi Folks,
> > >> >
> > >> > Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate
> # 02.
> > >> >
> > >> > About Flagon: http://flagon.apache.org/
> > >> >
> > >> > This Minor release includes :
> > >> > * Refactors Map and Filter APIs as generalized callbacks for
> > >> > functionality
> > >> > * Updates packages and dependencies
> > >> > * Adds additional examples (callback functions)
> > >> > * Updates to update deprecated downstream dev dependencies
> > >> > * Changes to documentation, updated examples
> > >> > * New browser extension setting, password, for basic auth.
> > >> > * New log fields httpSessionId and browserSessionId
> > >> > * Callbacks for auth headers and custom headers.
> > >> > * Example json schema added.
> > >> >
> > >> > Git source tag (2.4.0-rc02):
> > >> > https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
> > >> >
> > >> > Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
> > >> >
> > >> > Source Release Artifacts:
> > >> >
> > >>
> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
> > >> >
> > >> > PGP release keys (signed using {8/16 char sigID}):
> > >> > https://github.com/apache/flagon-useralejs/blob/master/KEYS
> > >> >
> > >> > Link to Successful Github Actions tests:
> > >> > https://github.com/apache/flagon-useralejs/actions/runs/8383064872
> > >> >
> > >> > Vote will be open for 72 hours. Please VOTE as follows:
> > >> >
> > >> > [ ] +1, let's get it released!!!
> > >> > [ ] +/-0, fine, but consider to fix few issues before...
> > >> > [ ] -1, nope, because... (and please explain why)
> > >> >
> > >> > Along with your VOTE, please indicate testing and checks you've made
> > >> > against build artifacts, src, and documentation:
> > >> >
> > >> > [ ] Build and Unit Tests Pass
> > >> > [ ] Integration Tests Pass
> > >> > [ ] Signatures and Hashes Match Keys
> > >> > [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > >> > [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > >> > [ ] CHANGELOG included with release distribution
> > >> > [ ] All Source Files Have Correct ASF Headers
> > >> > [ ] No Binary Files in Source Release Packages
> > >> >
> > >> > Thank you to everyone that is able to VOTE as well as everyone that
> > >> > contributed to Apache Flagon 2.4.0.
> > >> >
> > >> > Best,
> > >> > Evan Jones
> > >> >
> > >>
> > >
> >
>
