Here's a checklist for things to consider when evaluating the release candidate:
1. Download the sources and verify they compile cleanly.
2. Validate the hashes match.
3. Validate that the sources contain no unexpected binaries.
Run the find/grep command: find . -type f | grep -v
which looks for all files that don't have one of the approved extensions.
4. Validate the signature for the build and hashes.
Verify .asc files found at
the Aaron's public key:
https://dist.apache.org/repos/dist/release/incubator/rya/KEYS . Then verify
hashes of these files.
5. Validate the LICENSE/NOTICE/Headers.
Verify that each project contains the ASF license and notice files.
Run the grep command: fgrep -Ri 'copyright' rya-project-3.2.10 | fgrep -v 'The
ASF licenses this file'
This should return only License and Notice files in rya-project-3.2.10. The
and the notice files should be consistent with the ASF license and ASF
copyright statement. Verify that only
the notice files contains the ASF copyright statement.