Hello Everyone,

Here's a checklist for things to consider when evaluating the release candidate:

1. Download the sources and verify they compile cleanly.

2. Validate the hashes match.

3. Validate that the sources contain no unexpected binaries.
Run the find/grep command:  find . -type f  | grep -v 
'\/test\/\|\/site\/\|\.java\|\.xml\|\.xsl\|\.groovy\|\.properties\|\.sh\|\.bat\|\.md\|\.txt'
which looks for all files that don't have one of the approved extensions.

4. Validate the signature for the build and hashes.
Verify .asc files found at 
https://repository.apache.org/content/repositories/orgapacherya-1002/org/apache/rya/rya-project/3.2.10-incubating/
 using
the Aaron's public key: 
https://dist.apache.org/repos/dist/release/incubator/rya/KEYS .  Then verify 
hashes of these files.

5. Validate the LICENSE/NOTICE/Headers.
Verify that each project contains the ASF license and notice files.
Run the grep command:  fgrep -Ri 'copyright' rya-project-3.2.10 | fgrep -v 'The 
ASF licenses this file'
This should return only License and Notice files in rya-project-3.2.10. The 
license files
and the notice files should be consistent with the ASF license and ASF 
copyright statement.  Verify that only
the notice files contains the ASF copyright statement.






Reply via email to