All,
Final votes are in. We have +5 (+3 binding). The release is successful and
the vote is now CLOSED.
Thanks everyone. Good work.
@Auston re: automation - I've done some research on this and after having
just done the release, I have a better sense of where we can automate. I'll
create tickets soon.
On Mon, Apr 1, 2024 at 3:48 PM Austin Bennett <aus...@apache.org> wrote:
> +1 ... LGTM.
>
> @j...@apache.org <j...@apache.org> good catches.
>
> @ALL -- Which of the release steps do we think could be more automated and
> less manual? Yes, we still will have manual steps, but it might be worth
> investing in some repeatable scripts. For those that have done
> more thorough releases and/or validation, have you thought about what is
> missing? What could make your life easier? If yes, let's at least writeup
> some tickets for future work.
>
>
> nit: i'd like to see which RC we are voting on in the subject line.
>
> On Sat, Mar 30, 2024 at 2:29 PM Joshua Poore <poor...@apache.org> wrote:
>
> > BUMP
> >
> > Hi All,
> >
> > Don’t forget to VOTE for this release!
> >
> > > On Mar 25, 2024, at 10:17 PM, Joshua Poore <poor...@apache.org> wrote:
> > >
> > > +1 from me
> > >
> > > Great work everyone! Acceptable release.
> > >
> > > we only need 1 more binding VOTE for a release!
> > >
> > >
> > > [Y] Build and Unit Tests Pass
> > > [Y] Integration Tests Pass
> > > [Y] Signatures and Hashes Match Keys
> > > [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > > [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > > [Y] CHANGELOG included with release distribution
> > > [Y] All Source Files Have Correct ASF Headers
> > > [Y] No Binary Files in Source Release Packages
> > >
> > >> On Mar 24, 2024, at 9:47 PM, Amir Ghaemi <agha...@umd.edu> wrote:
> > >>
> > >> Thank you both!
> > >>
> > >> +1 from me!
> > >>
> > >> [✓] Build and Unit Tests Pass
> > >> [ ] Integration Tests Pass
> > >> [ ] Signatures and Hashes Match Keys
> > >> [✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
> > >> Packages
> > >> [✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and
> > Incubator
> > >> Policy
> > >> [✓] CHANGELOG included with release distribution
> > >> [✓] All Source Files Have Correct ASF Headers
> > >> [ ] No Binary Files in Source Release Packages
> > >>
> > >>
> > >> Best,
> > >> *Amir M. Ghaemi*
> > >>
> > >>
> > >> On Sun, Mar 24, 2024 at 1:14 PM Jason Young <j...@apache.org> wrote:
> > >>
> > >>> +1 from me now, and thanks for updating the release script.
> > >>>
> > >>>> [Y] Build and Unit Tests Pass
> > >>>> [Y] Integration Tests Pass
> > >>>> [Y] Signatures and Hashes Match Keys
> > >>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > >>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > >>>> [Y] CHANGELOG included with release distribution
> > >>>> [Y] All Source Files Have Correct ASF Headers
> > >>>> [Y] No Binary Files in Source Release Packages
> > >>>
> > >>> -Jason
> > >>>
> > >>> On 2024/03/23 19:30:10 Evan Jones wrote:
> > >>>> All,
> > >>>>
> > >>>> I've fixed up the release candidate. Given the commit head and
> source
> > >>> code
> > >>>> haven't changed, I've decided to update the RC in place on the
> apache
> > >>>> dist/dev repo and will keep the voting open on this thread to avoid
> > >>>> spamming your inboxes.
> > >>>>
> > >>>> Fixes:
> > >>>> 1. The release script in the flagon repo claimed to run git clean
> > -dxf,
> > >>> but
> > >>>> this was actually commented out. I've fixed this in the script.
> > >>>> 2. I indeed was signing with a different default key. This has been
> > >>> fixed.
> > >>>> However, please note, your verification call was incorrect. You must
> > do a
> > >>>> one-one mapping between the signatures and their constituent files.
> > For
> > >>>> unix systems, the one-liner below does this:
> > >>>> for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
> > >>>> 3. I updated the script to use sha512sum. This should ameliorate
> your
> > >>>> issues, Jason.
> > >>>>
> > >>>> Please re-assess the candidate and get your votes in. We'll extend
> > voting
> > >>>> by another 72 hours.
> > >>>>
> > >>>> Best
> > >>>>
> > >>>> Evan Jones
> > >>>> Website: www.ea-jones.com
> > >>>>
> > >>>>
> > >>>> On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <
> evan.a.jon...@gmail.com>
> > >>> wrote:
> > >>>>
> > >>>>> Thanks, Jason.
> > >>>>>
> > >>>>> 1. This is odd. I used the script. And explicitly recall it asking
> > >>> about
> > >>>>> git clean.
> > >>>>>
> > >>>>> 2. I was worried about this. I have multiple keys.
> > >>>>>
> > >>>>> 3. I'll update the script to use sha512sum.
> > >>>>>
> > >>>>> Will re-roll later.
> > >>>>>
> > >>>>> Best
> > >>>>>
> > >>>>> Evan Jones
> > >>>>> Website: www.ea-jones.com
> > >>>>>
> > >>>>>
> > >>>>> On Sat, Mar 23, 2024 at 9:55 AM Jason Young <j...@apache.org>
> wrote:
> > >>>>>
> > >>>>>> -1 from me
> > >>>>>>
> > >>>>>> 1. (blocking) Source artifacts should contain only files tracked
> by
> > >>> git
> > >>>>>> but there are build files, log files, and .vscode. The
> > >>>>>> make-release-artifacts.sh script should do this, so maybe this is
> an
> > >>> issue
> > >>>>>> with the script. Otherwise you can remove these files with `git
> > clean
> > >>> -dxf`
> > >>>>>>
> > >>>>>> 2. (blocking) I cannot verify the signatures, I am running:
> > >>>>>> gpg --import KEYS
> > >>>>>> gpg --verify *.asc
> > >>>>>>
> > >>>>>> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
> > >>> verify,
> > >>>>>> which I'm guessing is a different GPG key on your machine
> > >>>>>>
> > >>>>>> 3. (non-blocking) When I check the hashes with shasum it throws
> "no
> > >>>>>> properly formatted SHA checksum lines found". I recalculated and
> > >>> compared
> > >>>>>> the hashes and they are correct but formatted differently.
> > >>>>>>
> > >>>>>> Your hashes were generated with gpg --print-md, and I couldn't
> > figure
> > >>> out
> > >>>>>> how to programmatically check this format. Also, Apache recommends
> > >>> shasum
> > >>>>>> for SHA-512 release hashs.
> > >>>>>> https://infra.apache.org/release-signing.html#sha-checksum
> > >>>>>>
> > >>>>>> [Y] Build and Unit Tests Pass
> > >>>>>> [Y] Integration Tests Pass
> > >>>>>> [N] Signatures and Hashes Match Keys
> > >>>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release
> Packages
> > >>>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator
> Policy
> > >>>>>> [Y] CHANGELOG included with release distribution
> > >>>>>> [Y] All Source Files Have Correct ASF Headers
> > >>>>>> [N] No Binary Files in Source Release Packages
> > >>>>>>
> > >>>>>> -Jason
> > >>>>>>
> > >>>>>> On 2024/03/22 00:58:41 Evan Jones wrote:
> > >>>>>>> Hi Folks,
> > >>>>>>>
> > >>>>>>> Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release
> Candidate
> > >>> # 02.
> > >>>>>>>
> > >>>>>>> About Flagon: http://flagon.apache.org/
> > >>>>>>>
> > >>>>>>> This Minor release includes :
> > >>>>>>> * Refactors Map and Filter APIs as generalized callbacks for
> > >>>>>>> functionality
> > >>>>>>> * Updates packages and dependencies
> > >>>>>>> * Adds additional examples (callback functions)
> > >>>>>>> * Updates to update deprecated downstream dev dependencies
> > >>>>>>> * Changes to documentation, updated examples
> > >>>>>>> * New browser extension setting, password, for basic auth.
> > >>>>>>> * New log fields httpSessionId and browserSessionId
> > >>>>>>> * Callbacks for auth headers and custom headers.
> > >>>>>>> * Example json schema added.
> > >>>>>>>
> > >>>>>>> Git source tag (2.4.0-rc02):
> > >>>>>>> https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
> > >>>>>>>
> > >>>>>>> Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
> > >>>>>>>
> > >>>>>>> Source Release Artifacts:
> > >>>>>>>
> > >>>>>>
> > >>>
> >
> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
> > >>>>>>>
> > >>>>>>> PGP release keys (signed using {8/16 char sigID}):
> > >>>>>>> https://github.com/apache/flagon-useralejs/blob/master/KEYS
> > >>>>>>>
> > >>>>>>> Link to Successful Github Actions tests:
> > >>>>>>>
> https://github.com/apache/flagon-useralejs/actions/runs/8383064872
> > >>>>>>>
> > >>>>>>> Vote will be open for 72 hours. Please VOTE as follows:
> > >>>>>>>
> > >>>>>>> [ ] +1, let's get it released!!!
> > >>>>>>> [ ] +/-0, fine, but consider to fix few issues before...
> > >>>>>>> [ ] -1, nope, because... (and please explain why)
> > >>>>>>>
> > >>>>>>> Along with your VOTE, please indicate testing and checks you've
> > made
> > >>>>>>> against build artifacts, src, and documentation:
> > >>>>>>>
> > >>>>>>> [ ] Build and Unit Tests Pass
> > >>>>>>> [ ] Integration Tests Pass
> > >>>>>>> [ ] Signatures and Hashes Match Keys
> > >>>>>>> [ ] LICENSE, and NOTICE Files in Source and Binary Release
> Packages
> > >>>>>>> [ ] LICENSE, and NOTICE are consistent with ASF and Incubator
> > Policy
> > >>>>>>> [ ] CHANGELOG included with release distribution
> > >>>>>>> [ ] All Source Files Have Correct ASF Headers
> > >>>>>>> [ ] No Binary Files in Source Release Packages
> > >>>>>>>
> > >>>>>>> Thank you to everyone that is able to VOTE as well as everyone
> that
> > >>>>>>> contributed to Apache Flagon 2.4.0.
> > >>>>>>>
> > >>>>>>> Best,
> > >>>>>>> Evan Jones
> > >>>>>>>
> > >>>>>>
> > >>>>>
> > >>>>
> > >>>
> > >
> >
> >
>
