On Sun, Jan 28, 2024 at 2:12 PM PJ Fanning <fannin...@apache.org> wrote:
> [X] Download links are valid. > [X] Checksums and signatures. > [X] LICENSE/NOTICE files exist > [X] No unexpected binary files > [ ] Source files have ASF headers > [ ] Can compile from source > I also checked there are no unexpected differences between source tar and git. Checking for reproducibility, I encountered one problem with archive timestamps, for which I filed https://github.com/apache/incubator-pekko-http/issues/457 . Building on a different environment avoided triggering this problem, so that's encouraging, but we should track this down for easier checking. On the different environment, there were still unreproducibilities in pekko-http-core, pekko-http-jackson and pekko-http, for all three supported Scala versions. A look at the diffoscope comparison suggests for 2.12/2.13 they are only changes in the id's/ordering of constants. We've seen this before when not doing "clean" before building, or building with/without "-Dpekko.genjavadoc.enabled=true". Additionally, the Scala 3 artifacts still suffer from https://github.com/lampepfl/dotty/issues/17330 , which makes sense since Pekko Http is still on Scala 3.3.1 and this issue should be fixed on 3.3.2. Kind regards, Arnout > > To compile from the source, please refer to: > > > https://github.com/apache/incubator-pekko-http/blob/main/README.md#building-from-source > > Some notes about verifying downloads can be found at: > > https://pekko.apache.org/download.html#verifying-downloads > > > Here is my +1. > > Thanks, > PJ Fanning (Apache Pekko PPMC member) > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org > For additional commands, e-mail: dev-h...@pekko.apache.org > > -- Arnout Engelen ASF Security Response Committer on Apache Pekko Committer on NixOS Independent Open Source consultant
