+1 ... LGTM.
@j...@apache.org <j...@apache.org> good catches.
@ALL -- Which of the release steps do we think could be more automated and
less manual? Yes, we still will have manual steps, but it might be worth
investing in some repeatable scripts. For those that have done
more thorough releases and/or validation, have you thought about what is
missing? What could make your life easier? If yes, let's at least writeup
some tickets for future work.
nit: i'd like to see which RC we are voting on in the subject line.
On Sat, Mar 30, 2024 at 2:29 PM Joshua Poore <poor...@apache.org> wrote:
> BUMP
>
> Hi All,
>
> Don’t forget to VOTE for this release!
>
> > On Mar 25, 2024, at 10:17 PM, Joshua Poore <poor...@apache.org> wrote:
> >
> > +1 from me
> >
> > Great work everyone! Acceptable release.
> >
> > we only need 1 more binding VOTE for a release!
> >
> >
> > [Y] Build and Unit Tests Pass
> > [Y] Integration Tests Pass
> > [Y] Signatures and Hashes Match Keys
> > [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > [Y] CHANGELOG included with release distribution
> > [Y] All Source Files Have Correct ASF Headers
> > [Y] No Binary Files in Source Release Packages
> >
> >> On Mar 24, 2024, at 9:47 PM, Amir Ghaemi <agha...@umd.edu> wrote:
> >>
> >> Thank you both!
> >>
> >> +1 from me!
> >>
> >> [✓] Build and Unit Tests Pass
> >> [ ] Integration Tests Pass
> >> [ ] Signatures and Hashes Match Keys
> >> [✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
> >> Packages
> >> [✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and
> Incubator
> >> Policy
> >> [✓] CHANGELOG included with release distribution
> >> [✓] All Source Files Have Correct ASF Headers
> >> [ ] No Binary Files in Source Release Packages
> >>
> >>
> >> Best,
> >> *Amir M. Ghaemi*
> >>
> >>
> >> On Sun, Mar 24, 2024 at 1:14 PM Jason Young <j...@apache.org> wrote:
> >>
> >>> +1 from me now, and thanks for updating the release script.
> >>>
> >>>> [Y] Build and Unit Tests Pass
> >>>> [Y] Integration Tests Pass
> >>>> [Y] Signatures and Hashes Match Keys
> >>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> >>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> >>>> [Y] CHANGELOG included with release distribution
> >>>> [Y] All Source Files Have Correct ASF Headers
> >>>> [Y] No Binary Files in Source Release Packages
> >>>
> >>> -Jason
> >>>
> >>> On 2024/03/23 19:30:10 Evan Jones wrote:
> >>>> All,
> >>>>
> >>>> I've fixed up the release candidate. Given the commit head and source
> >>> code
> >>>> haven't changed, I've decided to update the RC in place on the apache
> >>>> dist/dev repo and will keep the voting open on this thread to avoid
> >>>> spamming your inboxes.
> >>>>
> >>>> Fixes:
> >>>> 1. The release script in the flagon repo claimed to run git clean
> -dxf,
> >>> but
> >>>> this was actually commented out. I've fixed this in the script.
> >>>> 2. I indeed was signing with a different default key. This has been
> >>> fixed.
> >>>> However, please note, your verification call was incorrect. You must
> do a
> >>>> one-one mapping between the signatures and their constituent files.
> For
> >>>> unix systems, the one-liner below does this:
> >>>> for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
> >>>> 3. I updated the script to use sha512sum. This should ameliorate your
> >>>> issues, Jason.
> >>>>
> >>>> Please re-assess the candidate and get your votes in. We'll extend
> voting
> >>>> by another 72 hours.
> >>>>
> >>>> Best
> >>>>
> >>>> Evan Jones
> >>>> Website: www.ea-jones.com
> >>>>
> >>>>
> >>>> On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <evan.a.jon...@gmail.com>
> >>> wrote:
> >>>>
> >>>>> Thanks, Jason.
> >>>>>
> >>>>> 1. This is odd. I used the script. And explicitly recall it asking
> >>> about
> >>>>> git clean.
> >>>>>
> >>>>> 2. I was worried about this. I have multiple keys.
> >>>>>
> >>>>> 3. I'll update the script to use sha512sum.
> >>>>>
> >>>>> Will re-roll later.
> >>>>>
> >>>>> Best
> >>>>>
> >>>>> Evan Jones
> >>>>> Website: www.ea-jones.com
> >>>>>
> >>>>>
> >>>>> On Sat, Mar 23, 2024 at 9:55 AM Jason Young <j...@apache.org> wrote:
> >>>>>
> >>>>>> -1 from me
> >>>>>>
> >>>>>> 1. (blocking) Source artifacts should contain only files tracked by
> >>> git
> >>>>>> but there are build files, log files, and .vscode. The
> >>>>>> make-release-artifacts.sh script should do this, so maybe this is an
> >>> issue
> >>>>>> with the script. Otherwise you can remove these files with `git
> clean
> >>> -dxf`
> >>>>>>
> >>>>>> 2. (blocking) I cannot verify the signatures, I am running:
> >>>>>> gpg --import KEYS
> >>>>>> gpg --verify *.asc
> >>>>>>
> >>>>>> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
> >>> verify,
> >>>>>> which I'm guessing is a different GPG key on your machine
> >>>>>>
> >>>>>> 3. (non-blocking) When I check the hashes with shasum it throws "no
> >>>>>> properly formatted SHA checksum lines found". I recalculated and
> >>> compared
> >>>>>> the hashes and they are correct but formatted differently.
> >>>>>>
> >>>>>> Your hashes were generated with gpg --print-md, and I couldn't
> figure
> >>> out
> >>>>>> how to programmatically check this format. Also, Apache recommends
> >>> shasum
> >>>>>> for SHA-512 release hashs.
> >>>>>> https://infra.apache.org/release-signing.html#sha-checksum
> >>>>>>
> >>>>>> [Y] Build and Unit Tests Pass
> >>>>>> [Y] Integration Tests Pass
> >>>>>> [N] Signatures and Hashes Match Keys
> >>>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> >>>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> >>>>>> [Y] CHANGELOG included with release distribution
> >>>>>> [Y] All Source Files Have Correct ASF Headers
> >>>>>> [N] No Binary Files in Source Release Packages
> >>>>>>
> >>>>>> -Jason
> >>>>>>
> >>>>>> On 2024/03/22 00:58:41 Evan Jones wrote:
> >>>>>>> Hi Folks,
> >>>>>>>
> >>>>>>> Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate
> >>> # 02.
> >>>>>>>
> >>>>>>> About Flagon: http://flagon.apache.org/
> >>>>>>>
> >>>>>>> This Minor release includes :
> >>>>>>> * Refactors Map and Filter APIs as generalized callbacks for
> >>>>>>> functionality
> >>>>>>> * Updates packages and dependencies
> >>>>>>> * Adds additional examples (callback functions)
> >>>>>>> * Updates to update deprecated downstream dev dependencies
> >>>>>>> * Changes to documentation, updated examples
> >>>>>>> * New browser extension setting, password, for basic auth.
> >>>>>>> * New log fields httpSessionId and browserSessionId
> >>>>>>> * Callbacks for auth headers and custom headers.
> >>>>>>> * Example json schema added.
> >>>>>>>
> >>>>>>> Git source tag (2.4.0-rc02):
> >>>>>>> https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
> >>>>>>>
> >>>>>>> Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
> >>>>>>>
> >>>>>>> Source Release Artifacts:
> >>>>>>>
> >>>>>>
> >>>
> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
> >>>>>>>
> >>>>>>> PGP release keys (signed using {8/16 char sigID}):
> >>>>>>> https://github.com/apache/flagon-useralejs/blob/master/KEYS
> >>>>>>>
> >>>>>>> Link to Successful Github Actions tests:
> >>>>>>> https://github.com/apache/flagon-useralejs/actions/runs/8383064872
> >>>>>>>
> >>>>>>> Vote will be open for 72 hours. Please VOTE as follows:
> >>>>>>>
> >>>>>>> [ ] +1, let's get it released!!!
> >>>>>>> [ ] +/-0, fine, but consider to fix few issues before...
> >>>>>>> [ ] -1, nope, because... (and please explain why)
> >>>>>>>
> >>>>>>> Along with your VOTE, please indicate testing and checks you've
> made
> >>>>>>> against build artifacts, src, and documentation:
> >>>>>>>
> >>>>>>> [ ] Build and Unit Tests Pass
> >>>>>>> [ ] Integration Tests Pass
> >>>>>>> [ ] Signatures and Hashes Match Keys
> >>>>>>> [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
> >>>>>>> [ ] LICENSE, and NOTICE are consistent with ASF and Incubator
> Policy
> >>>>>>> [ ] CHANGELOG included with release distribution
> >>>>>>> [ ] All Source Files Have Correct ASF Headers
> >>>>>>> [ ] No Binary Files in Source Release Packages
> >>>>>>>
> >>>>>>> Thank you to everyone that is able to VOTE as well as everyone that
> >>>>>>> contributed to Apache Flagon 2.4.0.
> >>>>>>>
> >>>>>>> Best,
> >>>>>>> Evan Jones
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>
> >
>
>
