Re: [] Apache Jena 3.16.0 RC 1

Fri, 10 Jul 2020 08:33:46 -0700 

Thanks!

On 10/07/2020 14:49, Marco Neumann wrote:

builds successfully in Total time:  06:12 min

FYI in addition to the usual warnings I now also get a few warnings that
the maven-shade-plugin has detected that some class files are present in
two or more JARs
http://www.lotico.com/temp/jena316.log.htm#warn
It's a known issue in Shiro 1.5.x ... but 1.5.x has a CVE bug fix so we ought to ship that. 

https://issues.apache.org/jira/browse/SHIRO-744



And the module-info warnings - that's shading for you!

    Andy


On Thu, Jul 9, 2020 at 7:49 PM Andy Seaborne <[email protected]> wrote:


Hi,

Here is a vote on the release of Apache Jena 3.16.0
This is the first proposed release candidate.

The deadline is Monday, 13th July 2020 at 12:00 UTC

==== Dependency changes:

JENA-1896 : Update shaded Google Guava to 29.0-jre

==== Changes for 3.16.0:

https://s.apache.org/jena-3.16.0-jira

==== Release Vote

Everyone, not just committers, is invited to test and vote.
Please download and test the proposed release.

Staging repository:
    https://repository.apache.org/content/repositories/orgapachejena-1039

Proposed dist/ area:
    https://dist.apache.org/repos/dist/dev/jena/

Keys:
    https://svn.apache.org/repos/asf/jena/dist/KEYS

Git commit (browser URL):
    https://github.com/apache/jena/commit/c78176284b

Git Commit Hash:
    c78176284b89c00fff929cd18e15e2b704991887

Git Commit Tag:
    jena-3.16.0

Please vote to approve this release:

          [ ] +1 Approve the release
          [ ]  0 Don't care
          [ ] -1 Don't release, because ...

This vote will be open until at least

      Monday, 13th July 2020 at 12:00 UTC

If you expect to check the release but the time limit does not work
for you, please email within the schedule above with an expected time
and we can extend the vote period.

Thanks,

        Andy

Checking needed:

+ are the GPG signatures fine?
+ are the checksums correct?
+ is there a source archive?

+ can the source archive really be built?
            (NB This requires a "mvn install" first time)
+ is there a correct LICENSE and NOTICE file in each artifact
            (both source and binary artifacts)?
+ does the NOTICE file contain all necessary attributions?
+ have any licenses of dependencies changed due to upgrades?
             if so have LICENSE and NOTICE been upgraded appropriately?
+ does the tag/commit in the SCM contain reproducible sources?

Reply via email to