Updating VOTE subject to RC02 to keep consistency on lists.
> On Mar 25, 2024, at 10:17 PM, Joshua Poore <poor...@apache.org> wrote:
>
> +1 from me
>
> Great work everyone! Acceptable release.
>
> we only need 1 more binding VOTE for a release!
>
>
> [Y] Build and Unit Tests Pass
> [Y] Integration Tests Pass
> [Y] Signatures and Hashes Match Keys
> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> [Y] CHANGELOG included with release distribution
> [Y] All Source Files Have Correct ASF Headers
> [Y] No Binary Files in Source Release Packages
>
>> On Mar 24, 2024, at 9:47 PM, Amir Ghaemi <agha...@umd.edu> wrote:
>>
>> Thank you both!
>>
>> +1 from me!
>>
>> [✓] Build and Unit Tests Pass
>> [ ] Integration Tests Pass
>> [ ] Signatures and Hashes Match Keys
>> [✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
>> Packages
>> [✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and Incubator
>> Policy
>> [✓] CHANGELOG included with release distribution
>> [✓] All Source Files Have Correct ASF Headers
>> [ ] No Binary Files in Source Release Packages
>>
>>
>> Best,
>> *Amir M. Ghaemi*
>>
>>
>> On Sun, Mar 24, 2024 at 1:14 PM Jason Young <j...@apache.org> wrote:
>>
>>> +1 from me now, and thanks for updating the release script.
>>>
>>>> [Y] Build and Unit Tests Pass
>>>> [Y] Integration Tests Pass
>>>> [Y] Signatures and Hashes Match Keys
>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>> [Y] CHANGELOG included with release distribution
>>>> [Y] All Source Files Have Correct ASF Headers
>>>> [Y] No Binary Files in Source Release Packages
>>>
>>> -Jason
>>>
>>> On 2024/03/23 19:30:10 Evan Jones wrote:
>>>> All,
>>>>
>>>> I've fixed up the release candidate. Given the commit head and source
>>> code
>>>> haven't changed, I've decided to update the RC in place on the apache
>>>> dist/dev repo and will keep the voting open on this thread to avoid
>>>> spamming your inboxes.
>>>>
>>>> Fixes:
>>>> 1. The release script in the flagon repo claimed to run git clean -dxf,
>>> but
>>>> this was actually commented out. I've fixed this in the script.
>>>> 2. I indeed was signing with a different default key. This has been
>>> fixed.
>>>> However, please note, your verification call was incorrect. You must do a
>>>> one-one mapping between the signatures and their constituent files. For
>>>> unix systems, the one-liner below does this:
>>>> for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
>>>> 3. I updated the script to use sha512sum. This should ameliorate your
>>>> issues, Jason.
>>>>
>>>> Please re-assess the candidate and get your votes in. We'll extend voting
>>>> by another 72 hours.
>>>>
>>>> Best
>>>>
>>>> Evan Jones
>>>> Website: www.ea-jones.com
>>>>
>>>>
>>>> On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <evan.a.jon...@gmail.com>
>>> wrote:
>>>>
>>>>> Thanks, Jason.
>>>>>
>>>>> 1. This is odd. I used the script. And explicitly recall it asking
>>> about
>>>>> git clean.
>>>>>
>>>>> 2. I was worried about this. I have multiple keys.
>>>>>
>>>>> 3. I'll update the script to use sha512sum.
>>>>>
>>>>> Will re-roll later.
>>>>>
>>>>> Best
>>>>>
>>>>> Evan Jones
>>>>> Website: www.ea-jones.com
>>>>>
>>>>>
>>>>> On Sat, Mar 23, 2024 at 9:55 AM Jason Young <j...@apache.org> wrote:
>>>>>
>>>>>> -1 from me
>>>>>>
>>>>>> 1. (blocking) Source artifacts should contain only files tracked by
>>> git
>>>>>> but there are build files, log files, and .vscode. The
>>>>>> make-release-artifacts.sh script should do this, so maybe this is an
>>> issue
>>>>>> with the script. Otherwise you can remove these files with `git clean
>>> -dxf`
>>>>>>
>>>>>> 2. (blocking) I cannot verify the signatures, I am running:
>>>>>> gpg --import KEYS
>>>>>> gpg --verify *.asc
>>>>>>
>>>>>> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
>>> verify,
>>>>>> which I'm guessing is a different GPG key on your machine
>>>>>>
>>>>>> 3. (non-blocking) When I check the hashes with shasum it throws "no
>>>>>> properly formatted SHA checksum lines found". I recalculated and
>>> compared
>>>>>> the hashes and they are correct but formatted differently.
>>>>>>
>>>>>> Your hashes were generated with gpg --print-md, and I couldn't figure
>>> out
>>>>>> how to programmatically check this format. Also, Apache recommends
>>> shasum
>>>>>> for SHA-512 release hashs.
>>>>>> https://infra.apache.org/release-signing.html#sha-checksum
>>>>>>
>>>>>> [Y] Build and Unit Tests Pass
>>>>>> [Y] Integration Tests Pass
>>>>>> [N] Signatures and Hashes Match Keys
>>>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>>>> [Y] CHANGELOG included with release distribution
>>>>>> [Y] All Source Files Have Correct ASF Headers
>>>>>> [N] No Binary Files in Source Release Packages
>>>>>>
>>>>>> -Jason
>>>>>>
>>>>>> On 2024/03/22 00:58:41 Evan Jones wrote:
>>>>>>> Hi Folks,
>>>>>>>
>>>>>>> Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate
>>> # 02.
>>>>>>>
>>>>>>> About Flagon: http://flagon.apache.org/
>>>>>>>
>>>>>>> This Minor release includes :
>>>>>>> * Refactors Map and Filter APIs as generalized callbacks for
>>>>>>> functionality
>>>>>>> * Updates packages and dependencies
>>>>>>> * Adds additional examples (callback functions)
>>>>>>> * Updates to update deprecated downstream dev dependencies
>>>>>>> * Changes to documentation, updated examples
>>>>>>> * New browser extension setting, password, for basic auth.
>>>>>>> * New log fields httpSessionId and browserSessionId
>>>>>>> * Callbacks for auth headers and custom headers.
>>>>>>> * Example json schema added.
>>>>>>>
>>>>>>> Git source tag (2.4.0-rc02):
>>>>>>> https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
>>>>>>>
>>>>>>> Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
>>>>>>>
>>>>>>> Source Release Artifacts:
>>>>>>>
>>>>>>
>>> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
>>>>>>>
>>>>>>> PGP release keys (signed using {8/16 char sigID}):
>>>>>>> https://github.com/apache/flagon-useralejs/blob/master/KEYS
>>>>>>>
>>>>>>> Link to Successful Github Actions tests:
>>>>>>> https://github.com/apache/flagon-useralejs/actions/runs/8383064872
>>>>>>>
>>>>>>> Vote will be open for 72 hours. Please VOTE as follows:
>>>>>>>
>>>>>>> [ ] +1, let's get it released!!!
>>>>>>> [ ] +/-0, fine, but consider to fix few issues before...
>>>>>>> [ ] -1, nope, because... (and please explain why)
>>>>>>>
>>>>>>> Along with your VOTE, please indicate testing and checks you've made
>>>>>>> against build artifacts, src, and documentation:
>>>>>>>
>>>>>>> [ ] Build and Unit Tests Pass
>>>>>>> [ ] Integration Tests Pass
>>>>>>> [ ] Signatures and Hashes Match Keys
>>>>>>> [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>>>>> [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>>>>> [ ] CHANGELOG included with release distribution
>>>>>>> [ ] All Source Files Have Correct ASF Headers
>>>>>>> [ ] No Binary Files in Source Release Packages
>>>>>>>
>>>>>>> Thank you to everyone that is able to VOTE as well as everyone that
>>>>>>> contributed to Apache Flagon 2.4.0.
>>>>>>>
>>>>>>> Best,
>>>>>>> Evan Jones
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>
