+1 (Binding)

Verification as follows:

    + does everything work on OS X?

Built successfully with all tests passing

    + are the GPG signatures fine?

Yes, modulo need to import latest KEYS

    + are the checksums correct?

Yes, included verification of new SHA512 hashes

    + is there a source archive?

Yes
    
    + can the source archive really be built?

Yes

    + is there a correct LICENSE and NOTICE file in each artifact

Yes

Rob

´╗┐On 05/04/2018, 17:08, "Andy Seaborne" <a...@apache.org> wrote:

    Hi,
    
    Here is a vote on a release of Jena 3.7.0.
    
    This is the second proposed candidate for a 3.7.0 release.
    
    There are process changes.
    
    Deadline:
    
            2018-04-08 19:00 UTC
    
    ==== Changes since RC1
    
    RC1 was commit d4e7063e
    
    JENA-1516: TDB ObjectFileStorage fix.
    
    Update links below.
    
    ==== Process Changes
    
    1/
    MD5 files are being discouraged because MD5 is not secure.  Projects are 
    now asked to not publish md5.
    
    There are no md5 files in the proposed dist/jena area - files on Apache 
    hardware.
    
    There are sha1 and sha512 checksums.
    * The sha512 is in Linux sha512sum checkable format.
    * The sha1 is whatever maven generated and is the same as will go to 
    maven central.
    
    Having the sha1 ties the dist/jena artifacts to maven central (as does 
    the .asc).
    
    There are md5 and sha1 in the proposes maven repo staging area for 
    sending to maven central. That part of maven is hardwired to md5/sha1 still.
    
    There's a script to setup the sha512.
    
    2/
    To establish the proof chain for signed artifacts in /dist/project/, I 
    have been asked to try out the new META files.
    
    https://checker.apache.org/doc/README.html#ch-meta
    
    There are two files
    
    /dist/jena/META
    /dist/jena/META.asc
    
    META says who signs what, and is itself signed by the PMC chair.
    
    ==== Release changes
    
    56 JIRA:
    https://s.apache.org/jena-3.7.0-jira
    
    == Significant Changes
    
    ** Java9: Building and running on a Java9 platform is supported
    
    JENA-1461 - Allow ARQ custom functions to be written in JavaScript
    
    JENA-1389 - Return `this` rather than `void` from Dataset (API change)
    JENA-1495 - Return Model from PrefixMapping methods (API change)
    
    JENA-1458, JENA-1483 - Transaction Promotion
    
    JENA-1453 - Lucene indexes using a graph field are smaller
    
    JENA-1490 - Working with Blank Nodes with Fuseki
    
    == Upgrades to libraries (runtime dependencies):
    
    No dependency changes.
    
    
    
    ==== Release Vote
    
    Everyone, not just committers, is invited to test and vote.
    Please download and test the proposed release.
    
    Proposed dist/ area:
       https://dist.apache.org/repos/dist/dev/jena/
    
    Keys:
       https://svn.apache.org/repos/asf/jena/dist/KEYS
    
    Staging repository:
       https://repository.apache.org/content/repositories/orgapachejena-1023/
    
    Git commit (browser URL):
       https://git-wip-us.apache.org/repos/asf?p=jena.git;a=commit;h=cf2e0b55
       https://github.com/apache/jena/commit/cf2e0b55
    
    Git Commit Hash:
       cf2e0b556e796b4819c86fce8dc1854248e1cd80
    
    Git Commit Tag:
          jena-3.7.0-rc2
    
    Please vote to approve this release:
    
            [ ] +1 Approve the release
            [ ]  0 Don't care
            [ ] -1 Don't release, because ...
    
    This vote will be open until at least
    
            2018-04-08 19:00 UTC
    
    If you expect to check the release but the time limit does not work
    for you, please email within the schedule above with an expected time
    and we can extend the vote period.
    
    Thanks,
    
          Andy
    
    Checking:
    
    + does everything work on Linux?
    + does everything work on MS Windows?
    + does everything work on OS X?
    + are the GPG signatures fine?
    + are the checksums correct?
    + is there a source archive?
    
    + can the source archive really be built?
              (NB This requires a "mvn install" first time)
    + is there a correct LICENSE and NOTICE file in each artifact
              (both source and binary artifacts)?
    + does the NOTICE file contain all necessary attributions?
    + have any licenses of dependencies changed due to upgrades?
               if so have LICENSE and NOTICE been upgraded appropriately?
    + does the tag/commit in the SCM contain reproducible sources?
    




Reply via email to