See question about checksums below. > + does everything work on OS X?
Seems to. > + are the GPG signatures fine? Yes. > + are the checksums correct? Hm, yes for the binaries, but for sources, my edition of shasum doesn't recognize the file: ➜ source /usr/bin/shasum5.18 -a 512 -c jena-3.10.0-source-release.zip.sha512 shasum: jena-3.10.0-source-release.zip.sha512: no properly formatted SHA1 checksum lines found because it only contains the checksum itself: d0b5e47616c847d76e77f214b0c346ece34950eb0a8e0e74bfe41888cc85d63aef8149543bc84711c3c2e2442cb5151dd5a66013ccc0805c5b3ec245d6463204 and not also the filename to which it applies, e.g. : 7dafe7aa28cb85a6da9f6f2b109372ec0d097d4f07d8cb5882dde814b55cdb60512ab9bc09c2593118aaf3fbbc1f65f1d3b921faca7bddefd3f6bf9d7f332998 apache-jena-3.10.0.tar.gz Is that a blocker for release? I'm not sure how precise the rules are about the format of checksums. Do we just need to include them or to include them in a certain format? > + is there a source archive? Yes, built fine for me using Maven 3.5.3: Maven home: /usr/local/Cellar/maven/3.5.3/libexec Java version: 1.8.0_65, vendor: Oracle Corporation Default locale: en_US, platform encoding: UTF-8 OS name: "mac os x", version: "10.13.6", arch: "x86_64", family: "mac" > + can the source archive really be built? > (NB This requires a "mvn install" first time) Yes. > + is there a correct LICENSE and NOTICE file in each artifact > (both source and binary artifacts)? Yes. > + does the NOTICE file contain all necessary attributions? I don't really know how to certify the NOTICE. It's correct to the best of my knowledge? > + does the tag/commit in the SCM contain reproducible sources? Yes. ajs6f > On Dec 30, 2018, at 12:31 PM, Andy Seaborne <[email protected]> wrote: > > Hi, > > Here is a vote on a release of Jena 3.10.0. > This is the first proposed release candidate. > > The deadline for the vote is Wednesday, 2 January 2019, at 21:00 UTC > > ==== Release changes: > > 44 JIRA: > > https://s.apache.org/jena-3.10.0-jira > > == Retirements > > Old modules retired and not in this release: > > jena-fuseki1 > jena-csv > > See > https://lists.apache.org/thread.html/edd5876b070f24091e19b5c1dd274ef46c74a0f920d419a29a59f66b@%3Cusers.jena.apache.org%3E > > == Changes of note: > > The project intends to replace jena-spatial in a future release with Greg's > GeoSPARQL: > https://github.com/galbiston/geosparql-jena > > JENA-1621 : Lucene upgrade to 7.4 > May need to reload Lucene indexes. > > (e.g. the Lucene index was create originally with Lucene v5.x (prior Jena > 3.3.0). See Lucene upgrade tool. > https://lucene.apache.org/solr/guide/7_4/indexupgrader-tool.html > > JENA-1623 : Fuseki security - user authentication and access control. > JENA-1627 : HTTPs support > > http://jena.staging.apache.org/documentation/fuseki2/data-access-control > > == Updates > > Only plugins. JENA-1624 > > surefire : 2.21.0 -> 2.22.1 (+ SUREFIRE-1588) > compiler : 3.7.0 -> 3.8.0 > shade : 3.1.0 -> 3.2.0 > > ==== Release Vote > > Everyone, not just committers, is invited to test and vote. > Please download and test the proposed release. > > Staging repository: > https://repository.apache.org/content/repositories/orgapachejena-1028 > > Proposed dist/ area: > https://dist.apache.org/repos/dist/dev/jena/ > > Keys: > https://svn.apache.org/repos/asf/jena/dist/KEYS > > Git commit (browser URL): > https://github.com/apache/jena/commit/ab482e34 > > Git Commit Hash: > ab482e34584350af717db1a8d698aa3949e51871 > > Git Commit Tag: > jena-3.10.0 > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This vote will be open to at least > > Wednesday, 2 January 2019, at 20:00 UTC > > If you expect to check the release but the time limit does not work > for you, please email within the schedule above with an expected time > and we can extend the vote period. > > Thanks, > > Andy > > Checking needed: > > + does everything work on Linux? > + does everything work on MS Windows? > + does everything work on OS X? > + are the GPG signatures fine? > + are the checksums correct? > + is there a source archive? > > + can the source archive really be built? > (NB This requires a "mvn install" first time) > + is there a correct LICENSE and NOTICE file in each artifact > (both source and binary artifacts)? > + does the NOTICE file contain all necessary attributions? > + have any licenses of dependencies changed due to upgrades? > if so have LICENSE and NOTICE been upgraded appropriately? > + does the tag/commit in the SCM contain reproducible sources?
