You will need to cancel the RC2 and eventually do an RC3. I won't get involved with the RC3 unless there is some evidence that the ResilientDB PPMC is going to get involved in reviewing the release.
Frankly, I think the ResilientDB PPMC should consider retiring the Apache podling and maybe operating it outside of the Apache Software Foundation. You don't appear to have enough people to operate the PPMC under Apache rules. You need a minimum of 3 active people in the PPMC to review and vote on the release candidates. On 2024/06/23 08:43:16 Junchao Chen wrote: > Hi PJ Fanning, > > Thanks for the help. I have updated the code as you suggested. > > > 1. Updated [DISCLAIMER-WIP]( > https://github.com/apache/incubator-resilientdb/blob/master/DISCLAIMER-WIP) > and removed the license info there. > > 2. Updated [LICENSE]( > https://github.com/apache/incubator-resilientdb/blob/master/LICENSE) to fix > the public domain issue. I also removed the license for bazel stuff. > > 3. Provided install [scripts]( > https://github.com/apache/incubator-resilientdb/blob/master/INSTALL/README.md) > for non-root users. However, the users still need to install python3 and > pip using sudo. > > > > The release candidates: > https://dist.apache.org/repos/dist/dev/incubator/resilientdb/1.10.0-rc2/ > > Release notes: > https://github.com/apache/incubator-resilientdb/blob/master/CHANGELOG.md#resielientdb-v1100-2024-4-16 > > Git commit ID for the release: > [9bdc6783219db301bc4ab8f171965cb9181a10d5]( > https://github.com/apache/incubator-resilientdb/commit/9bdc6783219db301bc4ab8f171965cb9181a10d5 > ) > > Keys to verify the Release Candidate: > https://downloads.apache.org/incubator/resilientdb/KEYS > > To compile from the source, please refer to: > https://github.com/apache/incubator-resilientdb?tab=readme-ov-file#build-and-deploy-resilientdb > > > > We asked PPMC to help us check the release, but unfortunately, they were > too busy to respond. > > > Thanks, > Junchao > > On Sat, Jun 22, 2024 at 5:35 PM PJ Fanning <fannin...@apache.org> wrote: > > > -1 from me > > > > My 2 biggest concerns are: > > * INSTALL.sh [1] requires sudo - I'm not sure that it does to be honest - > > but I will not run an install on my laptop that requires sudo for security > > reasons. It also uses curl commands to install Bazel. I would prefer if you > > provided a buold script that does not use sudo and that assumes the user > > has Bazel installed. You can provide a link in your docs about how to > > install Bazel. > > * I know you are using a DISCLAIMER-WIP file which allows you not to have > > finalised the 3rd party info in your LICENSE [2] file but there are factual > > inaccuracies in the file are far as I can see. It is one thing to have > > omissions but I think false claims are a big problem. Some of these false > > claims are listed in the DISCLAIMER-WIP [3]. I don't even know why you > > include license info in the DISCLAIMER-WIP (you do need to state that users > > need to check the licensing of the 3rd party code because you have not > > completed this work). Under public domain you include: > > > > * protobuf-3.10.0 (https://github.com/protocolbuffers/protobuf) > > > > Protobuf is not public domain. I think many of the other items you listed > > are not public domain either. > > > > I'm not sure why you are even listing this stuff in your LICENSE. The > > LICENSE is for the source code that is in the source release. If you link > > to binaries that are pulled in the install, that is not something that does > > not affect the LICENSE. Many projects provide a separate LICENSE-BINARY > > file but this is not strictly necessary unless you are providing a binary > > release as well as a source release. > > > > I'm also concerned about the health of the ResilientDB PPMC. PPMC members > > need to be more involved in checking the release candidates. You shouldn't > > be relying on Incubator PMC members to do the checks - we are just a final > > check but we assume that the PPMC members have been actively involved in > > checking the release candidates first. > > > > > > I also noted a number of issues in the Vote email. > > > > The preference for the KEYS file is to link this file > > https://downloads.apache.org/incubator/resilientdb/KEYS > > Which is a CDN equivalent of > > https://dist.apache.org/repos/dist/release/incubator/resilientdb/KEYS > > > > The vote email should include the Git commit ID. The Git tag is useful too > > but Git tags can be moved. > > The commit ID appears to be 1b5b5e39884f72345f682209add8ab3dc491bb7e > > > > Your link to the docs to compile the code is broken > > This works: > > > > https://github.com/apache/incubator-resilientdb?tab=readme-ov-file#build-and-deploy-resilientdb > > > > > > > > [1] https://github.com/apache/incubator-resilientdb/blob/master/INSTALL.sh > > [2] https://github.com/apache/incubator-resilientdb/blob/master/LICENSE > > [3] > > https://github.com/apache/incubator-resilientdb/blob/master/DISCLAIMER-WIP > > > > > > > > On 2024/06/22 03:31:30 Junchao Chen wrote: > > > Hello, > > > > > > This is a call for vote to release Apache ResilientDB(Incubating) version > > > 1.10.0-RC2. > > > > > > The release candidates: > > > https://dist.apache.org/repos/dist/dev/incubator/resilientdb/1.10.0-rc2/ > > > > > > Release notes: > > > > > https://github.com/apache/incubator-resilientdb/blob/master/CHANGELOG.md#resielientdb-v1100-2024-4-16 > > > > > > Git tag for the release: > > > https://github.com/apache/incubator-resilientdb/tree/v1.10.0-rc02 > > > > > > Keys to verify the Release Candidate: > > > https://dist.apache.org/repos/dist/dev//incubator/resilientdb/KEYS > > > > > > The vote will be open for at least 72 hours or until the necessary number > > > of votes are reached. > > > > > > Please vote accordingly: > > > [ ] +1 approve > > > [ ] +0 no opinion > > > [ ] -1 disapprove with the reason > > > > > > Checklist for reference: > > > > > > [ ] Download links are valid. > > > [ ] Checksums and PGP signatures are valid. > > > [ ] Source code distributions have correct names matching the current > > > release. > > > [ ] LICENSE and NOTICE files are correct for each repo. > > > [ ] All files have license headers if necessary. > > > [ ] No unlicensed compiled archives bundled in the source archive. > > > > > > To compile from the source, please refer to: > > > > > https://github.com/apache/incubator-resilientdb/tree/1.10.0-rc02?tab=readme-ov-file#build-and-deploy-resilientdb > > > < > > https://github.com/apache/incubator-resilientdb/tree/v1.10.0-rc01?tab=readme-ov-file#build-and-deploy-resilientdb > > > > > > > > > > > > Thanks, > > > Junchao > > > > > >
