+1 from me
Great work everyone! Acceptable release.
we only need 1 more binding VOTE for a release!
[Y] Build and Unit Tests Pass
[Y] Integration Tests Pass
[Y] Signatures and Hashes Match Keys
[Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
[Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
[Y] CHANGELOG included with release distribution
[Y] All Source Files Have Correct ASF Headers
[Y] No Binary Files in Source Release Packages
> On Mar 24, 2024, at 9:47 PM, Amir Ghaemi <agha...@umd.edu> wrote:
>
> Thank you both!
>
> +1 from me!
>
> [✓] Build and Unit Tests Pass
> [ ] Integration Tests Pass
> [ ] Signatures and Hashes Match Keys
> [✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
> Packages
> [✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and Incubator
> Policy
> [✓] CHANGELOG included with release distribution
> [✓] All Source Files Have Correct ASF Headers
> [ ] No Binary Files in Source Release Packages
>
>
> Best,
> *Amir M. Ghaemi*
>
>
> On Sun, Mar 24, 2024 at 1:14 PM Jason Young <j...@apache.org> wrote:
>
>> +1 from me now, and thanks for updating the release script.
>>
>>> [Y] Build and Unit Tests Pass
>>> [Y] Integration Tests Pass
>>> [Y] Signatures and Hashes Match Keys
>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>> [Y] CHANGELOG included with release distribution
>>> [Y] All Source Files Have Correct ASF Headers
>>> [Y] No Binary Files in Source Release Packages
>>
>> -Jason
>>
>> On 2024/03/23 19:30:10 Evan Jones wrote:
>>> All,
>>>
>>> I've fixed up the release candidate. Given the commit head and source
>> code
>>> haven't changed, I've decided to update the RC in place on the apache
>>> dist/dev repo and will keep the voting open on this thread to avoid
>>> spamming your inboxes.
>>>
>>> Fixes:
>>> 1. The release script in the flagon repo claimed to run git clean -dxf,
>> but
>>> this was actually commented out. I've fixed this in the script.
>>> 2. I indeed was signing with a different default key. This has been
>> fixed.
>>> However, please note, your verification call was incorrect. You must do a
>>> one-one mapping between the signatures and their constituent files. For
>>> unix systems, the one-liner below does this:
>>> for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
>>> 3. I updated the script to use sha512sum. This should ameliorate your
>>> issues, Jason.
>>>
>>> Please re-assess the candidate and get your votes in. We'll extend voting
>>> by another 72 hours.
>>>
>>> Best
>>>
>>> Evan Jones
>>> Website: www.ea-jones.com
>>>
>>>
>>> On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <evan.a.jon...@gmail.com>
>> wrote:
>>>
>>>> Thanks, Jason.
>>>>
>>>> 1. This is odd. I used the script. And explicitly recall it asking
>> about
>>>> git clean.
>>>>
>>>> 2. I was worried about this. I have multiple keys.
>>>>
>>>> 3. I'll update the script to use sha512sum.
>>>>
>>>> Will re-roll later.
>>>>
>>>> Best
>>>>
>>>> Evan Jones
>>>> Website: www.ea-jones.com
>>>>
>>>>
>>>> On Sat, Mar 23, 2024 at 9:55 AM Jason Young <j...@apache.org> wrote:
>>>>
>>>>> -1 from me
>>>>>
>>>>> 1. (blocking) Source artifacts should contain only files tracked by
>> git
>>>>> but there are build files, log files, and .vscode. The
>>>>> make-release-artifacts.sh script should do this, so maybe this is an
>> issue
>>>>> with the script. Otherwise you can remove these files with `git clean
>> -dxf`
>>>>>
>>>>> 2. (blocking) I cannot verify the signatures, I am running:
>>>>> gpg --import KEYS
>>>>> gpg --verify *.asc
>>>>>
>>>>> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
>> verify,
>>>>> which I'm guessing is a different GPG key on your machine
>>>>>
>>>>> 3. (non-blocking) When I check the hashes with shasum it throws "no
>>>>> properly formatted SHA checksum lines found". I recalculated and
>> compared
>>>>> the hashes and they are correct but formatted differently.
>>>>>
>>>>> Your hashes were generated with gpg --print-md, and I couldn't figure
>> out
>>>>> how to programmatically check this format. Also, Apache recommends
>> shasum
>>>>> for SHA-512 release hashs.
>>>>> https://infra.apache.org/release-signing.html#sha-checksum
>>>>>
>>>>> [Y] Build and Unit Tests Pass
>>>>> [Y] Integration Tests Pass
>>>>> [N] Signatures and Hashes Match Keys
>>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>>> [Y] CHANGELOG included with release distribution
>>>>> [Y] All Source Files Have Correct ASF Headers
>>>>> [N] No Binary Files in Source Release Packages
>>>>>
>>>>> -Jason
>>>>>
>>>>> On 2024/03/22 00:58:41 Evan Jones wrote:
>>>>>> Hi Folks,
>>>>>>
>>>>>> Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate
>> # 02.
>>>>>>
>>>>>> About Flagon: http://flagon.apache.org/
>>>>>>
>>>>>> This Minor release includes :
>>>>>> * Refactors Map and Filter APIs as generalized callbacks for
>>>>>> functionality
>>>>>> * Updates packages and dependencies
>>>>>> * Adds additional examples (callback functions)
>>>>>> * Updates to update deprecated downstream dev dependencies
>>>>>> * Changes to documentation, updated examples
>>>>>> * New browser extension setting, password, for basic auth.
>>>>>> * New log fields httpSessionId and browserSessionId
>>>>>> * Callbacks for auth headers and custom headers.
>>>>>> * Example json schema added.
>>>>>>
>>>>>> Git source tag (2.4.0-rc02):
>>>>>> https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
>>>>>>
>>>>>> Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
>>>>>>
>>>>>> Source Release Artifacts:
>>>>>>
>>>>>
>> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
>>>>>>
>>>>>> PGP release keys (signed using {8/16 char sigID}):
>>>>>> https://github.com/apache/flagon-useralejs/blob/master/KEYS
>>>>>>
>>>>>> Link to Successful Github Actions tests:
>>>>>> https://github.com/apache/flagon-useralejs/actions/runs/8383064872
>>>>>>
>>>>>> Vote will be open for 72 hours. Please VOTE as follows:
>>>>>>
>>>>>> [ ] +1, let's get it released!!!
>>>>>> [ ] +/-0, fine, but consider to fix few issues before...
>>>>>> [ ] -1, nope, because... (and please explain why)
>>>>>>
>>>>>> Along with your VOTE, please indicate testing and checks you've made
>>>>>> against build artifacts, src, and documentation:
>>>>>>
>>>>>> [ ] Build and Unit Tests Pass
>>>>>> [ ] Integration Tests Pass
>>>>>> [ ] Signatures and Hashes Match Keys
>>>>>> [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>>>> [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>>>> [ ] CHANGELOG included with release distribution
>>>>>> [ ] All Source Files Have Correct ASF Headers
>>>>>> [ ] No Binary Files in Source Release Packages
>>>>>>
>>>>>> Thank you to everyone that is able to VOTE as well as everyone that
>>>>>> contributed to Apache Flagon 2.4.0.
>>>>>>
>>>>>> Best,
>>>>>> Evan Jones
>>>>>>
>>>>>
>>>>
>>>
>>
