[x] +1 Approve the release
* only minor note is the source contains pom.xml.versionsBackup, which I
believe is not necessary, though harmless?
Build from commit hash passing on
Apache Maven 3.5.4 (1edded0938998edf8bf061f1ceb3cfdeccf443fe;
2018-06-18T06:33:14+12:00)
Maven home: /opt/apache-maven-3.5.4
Java version: 1.8.0_212, vendor: Oracle Corporation, runtime:
/usr/lib/jvm/java-8-openjdk-amd64/jre
Default locale: en_NZ, platform encoding: UTF-8
OS name: "linux", version: "4.15.0-50-generic", arch: "amd64", family: "unix"
with `mvn clean install -Pdev`.
+ are the GPG signatures fine?
Looks good to me (checked dist area)
+ are the checksums correct?
Looks good to me (checked dist area)
+ is there a source archive?
Dist area contains source. Checked a few artefacts on Maven staging. All good.
+ can the source archive really be built?
(NB This requires a "mvn install" first time)
Tested dist source, `mvn clean install -Pdev`.
+ is there a correct LICENSE and NOTICE file in each artifact
(both source and binary artifacts)?
Checked a few in the source from commit hash, and from dist area.
+ does the NOTICE file contain all necessary attributions?
I think so (was lurking in some recent discussion, found nothing that I could
tell was missing)
+ have any licenses of dependencies changed due to upgrades?
if so have LICENSE and NOTICE been upgraded appropriately?
Not sure, sorry. Missed recent conversation about licenses regarding changes in
this release.
+ does the tag/commit in the SCM contain reproducible sources?
Yup!
Cheers
Bruno
On Tuesday, 28 May 2019, 8:48:41 pm NZST, Andy Seaborne <a...@apache.org>
wrote:
Hi,
Here is a vote on a release of Apache Jena 3.12.0.
This is the first proposed release candidate.
The deadline for the vote is Friday, 31th May, 2019 at 20:00 UTC
==== Release changes:
The main feature of this release is the new GeoSPARQL and Fuseki
GeoSPARQL modules.
The new NOTICE file for the combined binary for fuseki+geosparql is:
https://github.com/apache/jena/blob/d4beb7d99d48e98c981d434c980f83784b519ebd/jena-fuseki2/jena-fuseki-geosparql/src/main/resources/META-INF/NOTICE
Other JIRA:
https://s.apache.org/jena-3.12.0-jira
== Updates
JENA-1711 : Upgrade Jackson dependency to 2.9.9 (CVE-2019-12086)
==== Release Vote
Everyone, not just committers, is invited to test and vote.
Please download and test the proposed release.
Staging repository:
https://repository.apache.org/content/repositories/orgapachejena-1031
Proposed dist/ area:
https://dist.apache.org/repos/dist/dev/jena/
Keys:
https://svn.apache.org/repos/asf/jena/dist/KEYS
Git commit (browser URL):
https://github.com/apache/jena/commit/d4beb7d9
Git Commit Hash:
d4beb7d99d48e98c981d434c980f83784b519ebd
Git Commit Tag:
jena-3.12.0
Please vote to approve this release:
[ ] +1 Approve the release
[ ] 0 Don't care
[ ] -1 Don't release, because ...
This vote will be open until at least
Friday, 31th May, 2019 at 20:00 UTC
If you expect to check the release but the time limit does not work
for you, please email within the schedule above with an expected time
and we can extend the vote period.
Thanks,
Andy
Checking needed:
+ are the GPG signatures fine?
+ are the checksums correct?
+ is there a source archive?
+ can the source archive really be built?
(NB This requires a "mvn install" first time)
+ is there a correct LICENSE and NOTICE file in each artifact
(both source and binary artifacts)?
+ does the NOTICE file contain all necessary attributions?
+ have any licenses of dependencies changed due to upgrades?
if so have LICENSE and NOTICE been upgraded appropriately?
+ does the tag/commit in the SCM contain reproducible sources?