Votes: 4 +1, no other votes.
so the VOTE passes.
I'll push bytes, publish the website.
On 05/04/18 17:08, Andy Seaborne wrote:
Here is a vote on a release of Jena 3.7.0.
This is the second proposed candidate for a 3.7.0 release.
There are process changes.
2018-04-08 19:00 UTC
==== Changes since RC1
RC1 was commit d4e7063e
JENA-1516: TDB ObjectFileStorage fix.
Update links below.
==== Process Changes
MD5 files are being discouraged because MD5 is not secure. Projects are
now asked to not publish md5.
There are no md5 files in the proposed dist/jena area - files on Apache
There are sha1 and sha512 checksums.
* The sha512 is in Linux sha512sum checkable format.
* The sha1 is whatever maven generated and is the same as will go to
Having the sha1 ties the dist/jena artifacts to maven central (as does
There are md5 and sha1 in the proposes maven repo staging area for
sending to maven central. That part of maven is hardwired to md5/sha1
There's a script to setup the sha512.
To establish the proof chain for signed artifacts in /dist/project/, I
have been asked to try out the new META files.
There are two files
META says who signs what, and is itself signed by the PMC chair.
==== Release changes
== Significant Changes
** Java9: Building and running on a Java9 platform is supported
JENA-1389 - Return `this` rather than `void` from Dataset (API change)
JENA-1495 - Return Model from PrefixMapping methods (API change)
JENA-1458, JENA-1483 - Transaction Promotion
JENA-1453 - Lucene indexes using a graph field are smaller
JENA-1490 - Working with Blank Nodes with Fuseki
== Upgrades to libraries (runtime dependencies):
No dependency changes.
==== Release Vote
Everyone, not just committers, is invited to test and vote.
Please download and test the proposed release.
Proposed dist/ area:
Git commit (browser URL):
Git Commit Hash:
Git Commit Tag:
Please vote to approve this release:
[ ] +1 Approve the release
[ ] 0 Don't care
[ ] -1 Don't release, because ...
This vote will be open until at least
2018-04-08 19:00 UTC
If you expect to check the release but the time limit does not work
for you, please email within the schedule above with an expected time
and we can extend the vote period.
+ does everything work on Linux?
+ does everything work on MS Windows?
+ does everything work on OS X?
+ are the GPG signatures fine?
+ are the checksums correct?
+ is there a source archive?
+ can the source archive really be built?
(NB This requires a "mvn install" first time)
+ is there a correct LICENSE and NOTICE file in each artifact
(both source and binary artifacts)?
+ does the NOTICE file contain all necessary attributions?
+ have any licenses of dependencies changed due to upgrades?
if so have LICENSE and NOTICE been upgraded appropriately?
+ does the tag/commit in the SCM contain reproducible sources?