[x] +1 Approve the release Ran “mvn clean install" from release tag on GH w/ Mac OS/X 10.14.6, Java 1.8.0_162. No rat complaints. Packaged apache-jena-fuseki-3.15.0.tar.gz; ran fuseki-server w/o issue.
Chris > On May 15, 2020, at 9:50 AM, Andy Seaborne <[email protected]> wrote: > > Hi, > > Here is a vote on the release of Apache Jena 3.15.0 > This is the first proposed release candidate. > > The deadline is Tuesday, 19th May 2020 at 06:00 UTC > > ==== Dependency changes: > > JENA-1829: Apache Parent POM to v23. > JENA-1812: Update Commons Codec 1.13 -> 1.14 > JENA-1883: Commons Lang3 : 3.9 -> 3.10 > JENA-1839: Update Commons CSV 1.7 -> 1.8 > > JENA-1005 > Update slf4j 1.7.26 -> 1.7.30 > new : org.apache.logging.log4j2 version 2.13.1 > Remove log4j1 > > JENA-1850: Commons compress 1.19 -> 1.20 > > JENA-1836: Shiro: 1.2.6 -> 1.5.1 (CVE-2019-12422) > JENA-1850: Jetty: 9.4.12.v20180830 -> 9.4.26.v20200117 > JENA-1851: Lucene: 7.4.0 -> 7.7.2 (Not -> 8.4.1) > ElasticSearch 6.4.2 -> ES 6.8.6 for Lucene 7.7.x > (Not -> ES 7.6.0 for Lucene 8.4.x) > > ==== Changes for 3.15.0: > > https://s.apache.org/jena-3.15.0-jira > > ==== Release Vote > > Everyone, not just committers, is invited to test and vote. > Please download and test the proposed release. > > Staging repository: > https://repository.apache.org/content/repositories/orgapachejena-1037 > > Proposed dist/ area: > https://dist.apache.org/repos/dist/dev/jena/ > > Keys: > https://svn.apache.org/repos/asf/jena/dist/KEYS > > Git commit (browser URL): > https://github.com/apache/jena/commit/a59b6b103c > > Git Commit Hash:@@ > a59b6b103c8b109fbbdc15f9269fab6eebfc132c > > Git Commit Tag: > jena-3.15.0 > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This vote will be open until at least > > Tuesday, 19th May 2020 at 06:00 UTC > > If you expect to check the release but the time limit does not work > for you, please email within the schedule above with an expected time > and we can extend the vote period. > > Thanks, > > Andy > > Checking needed: > > + are the GPG signatures fine? > + are the checksums correct? > + is there a source archive? > > + can the source archive really be built? > (NB This requires a "mvn install" first time) > + is there a correct LICENSE and NOTICE file in each artifact > (both source and binary artifacts)? > + does the NOTICE file contain all necessary attributions? > + have any licenses of dependencies changed due to upgrades? > if so have LICENSE and NOTICE been upgraded appropriately? > + does the tag/commit in the SCM contain reproducible sources?
