Hello Everyone, Here's a checklist for things to consider when evaluating the release candidate:
1. Download the sources and verify they compile cleanly. 2. Validate the hashes match. 3. Validate that the sources contain no unexpected binaries. Run the find/grep command: find . -type f | grep -v '\/test\/\|\/site\/\|\.java\|\.xml\|\.xsl\|\.groovy\|\.properties\|\.sh\|\.bat\|\.md\|\.txt' which looks for all files that don't have one of the approved extensions. 4. Validate the signature for the build and hashes. Verify .asc files found at https://repository.apache.org/content/repositories/orgapacherya-1002/org/apache/rya/rya-project/3.2.10-incubating/ using the Aaron's public key: https://dist.apache.org/repos/dist/release/incubator/rya/KEYS . Then verify hashes of these files. 5. Validate the LICENSE/NOTICE/Headers. Verify that each project contains the ASF license and notice files. Run the grep command: fgrep -Ri 'copyright' rya-project-3.2.10 | fgrep -v 'The ASF licenses this file' This should return only License and Notice files in rya-project-3.2.10. The license files and the notice files should be consistent with the ASF license and ASF copyright statement. Verify that only the notice files contains the ASF copyright statement.
