[X] +1 Approve the release (binding) Verified signatures Verified checksums Built from source dist with JDK 11 & 17 on Mac Built from SCM tag with JDK 11 & 17 on linux LICENSE/NOTICE files are present and look good
Thanks for the quick turn-around on this. Aaron On Fri, 10 Dec 2021 at 11:40, Andy Seaborne <a...@apache.org> wrote: > Hi, > > Here is a vote on the release of Apache Jena 4.3.1. > This is the first proposed release candidate. > > The primary purpose of this release is to update log4j2: > https://nvd.nist.gov/vuln/detail/CVE-2021-44228 > > The deadline is Monday, 13 December 2021 at 17:00 UTC. > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > ==== Items in this release > > JENA-2211: Upgrade to Log4j2 2.15.0 > > JENA-2209, JENA-2210: xloader improvements > > JENA-2207: Fix for SERVICE > > ==== Release Vote > > Everyone, not just committers, is invited to test and vote. > Please download and test the proposed release. > > Staging repository: > https://repository.apache.org/content/repositories/orgapachejena-1046 > > Proposed dist/ area: > https://dist.apache.org/repos/dist/dev/jena/ > > Keys: > https://svn.apache.org/repos/asf/jena/dist/KEYS > > Git commit (browser URL): > https://github.com/apache/jena/commit/7f47eaaf7c > Git Commit Hash: > 7f47eaaf7cc0029291ce64790da987ec2d29fdf5 > Git Commit Tag: > jena-4.3.1 > > This vote will be open until at least > > Monday, 13 December 2021 at 17:00 UTC. > > If you expect to check the release but the time limit does not work > for you, please email within the schedule above with an expected time > and we can extend the vote period. > > Thanks, > > Andy > > Checking needed: > > + are the GPG signatures fine? > + are the checksums correct? > + is there a source archive? > > + can the source archive be built? > (NB This requires a "mvn install" first time) > + is there a correct LICENSE and NOTICE file in each artifact > (both source and binary artifacts)? > + does the NOTICE file contain all necessary attributions? > + have any licenses of dependencies changed due to upgrades? > if so have LICENSE and NOTICE been upgraded appropriately? > + does the tag/commit in the SCM contain reproducible sources? >
