I was able to check the sigs, checksums, and that the source distribution builds and works.
Assuming that our NOTICE is up-to-date with the new contributions (it looks to be, but I didn't follow the discussion of the new geospatial component), I can vote: >> Please vote to approve this release: >> [ ] +1 Approve the release >> [ ] 0 Don't care >> [ ] -1 Don't release, because ... +1 ajs6f > On Jun 1, 2019, at 6:37 AM, Andy Seaborne <a...@apache.org> wrote: > > Hi - would 2+ people from the PMC be able to check and vote please? > > Andy > > On 28/05/2019 09:48, Andy Seaborne wrote: >> Hi, >> Here is a vote on a release of Apache Jena 3.12.0. >> This is the first proposed release candidate. >> The deadline for the vote is Friday, 31th May, 2019 at 20:00 UTC >> ==== Release changes: >> The main feature of this release is the new GeoSPARQL and Fuseki GeoSPARQL >> modules. >> The new NOTICE file for the combined binary for fuseki+geosparql is: >> https://github.com/apache/jena/blob/d4beb7d99d48e98c981d434c980f83784b519ebd/jena-fuseki2/jena-fuseki-geosparql/src/main/resources/META-INF/NOTICE >> Other JIRA: >> https://s.apache.org/jena-3.12.0-jira >> == Updates >> JENA-1711 : Upgrade Jackson dependency to 2.9.9 (CVE-2019-12086) >> ==== Release Vote >> Everyone, not just committers, is invited to test and vote. >> Please download and test the proposed release. >> Staging repository: >> https://repository.apache.org/content/repositories/orgapachejena-1031 >> Proposed dist/ area: >> https://dist.apache.org/repos/dist/dev/jena/ >> Keys: >> https://svn.apache.org/repos/asf/jena/dist/KEYS >> Git commit (browser URL): >> https://github.com/apache/jena/commit/d4beb7d9 >> Git Commit Hash: >> d4beb7d99d48e98c981d434c980f83784b519ebd >> Git Commit Tag: >> jena-3.12.0 >> Please vote to approve this release: >> [ ] +1 Approve the release >> [ ] 0 Don't care >> [ ] -1 Don't release, because ... >> This vote will be open until at least >> Friday, 31th May, 2019 at 20:00 UTC >> If you expect to check the release but the time limit does not work >> for you, please email within the schedule above with an expected time >> and we can extend the vote period. >> Thanks, >> Andy >> Checking needed: >> + are the GPG signatures fine? >> + are the checksums correct? >> + is there a source archive? >> + can the source archive really be built? >> (NB This requires a "mvn install" first time) >> + is there a correct LICENSE and NOTICE file in each artifact >> (both source and binary artifacts)? >> + does the NOTICE file contain all necessary attributions? >> + have any licenses of dependencies changed due to upgrades? >> if so have LICENSE and NOTICE been upgraded appropriately? >> + does the tag/commit in the SCM contain reproducible sources?
