Hi Do Yung, Thanks for casting the release. The very first release of a podling is very important, so apologize in advance if me or the other mentors we're a bit more picky.
Here my vote: -1 (binding) I can't check the integrity of the release, because the hashfiles does not include a proper checksum. For instance apache-s2graph-0.1.0-incubating-src.tar.gz.md5 is expected to contain exactly "17a40a88c97c00a4e49fb8975b809f7b" to allow automatic checking. How did you generate the hashfiles? Because maven-release-plugin does not do it in that way, but I'm not sure how can be done with SBT. For being productive, I've continued checking the release the spot a many things as possible to take care for RC2: * Not strictly necessary, but it's always good that the key used to signed a release include the apache email address. * apache-s2graph-0.1.0-incubating-src.tar.gz does not expand to apache-s2graph-0.1.0-incubating-src or apache-s2graph-0.1.0-incubating as expected, but in the current folder directly. That's considered a bad practice. * The distributions contains many folders with a very custom layout for the project. Therefore I'd recommend to include a brief description at the beginning of your README explaining what is expected to be found on each one. * The bundle includes a binary file (./lib/apache-rat-0.11.jar) of a third-party library (AL2) that should be removed from the source release. * As I said, I have no much experience with SBT. But I'd expect there is a better way to handle the different dependencies than the current on implemented by bin/download.sh bash script. * The official JDBC driver for MySQL (mysql-connector-java-5.1.39) is GPL licensed, so **can't** be used in a Apache project by default. Do you support any other database by default? I think I read H2 was the default metastore, right? Then I'd remove it from the default build process, and provide extended instruction for those who manually want to use MySQL (e.g., https://github.com/apache/marmotta/blob/develop/README.mysql). * The other dependency retrieved by that script (asynchbase) looks safe in principle, because it's BSD-3-Clause licensed and does not need to be included in the NOTICE file. But I noticed you are downloading a custom fork which includes dependencies (asynchbase-1.7.2-S2GRAPH-jar-with-dependencies.jar), which may required further checking. * I also noticed that in build.sbt:33 you depend on a custom repository ( repository.cloudera.com); ASF releases should only use dependencies available in Maven Central. What dependency is only available in that repo? * There are many files with unknown licenses (/README.md, /Vagrantfile, /bin/download.sh, /dev_support/README.md, / dev_support/docker-compose.yml, /project/Common.scala, /project/Packager.scala, /project/assembly.sbt, /project/build.properties, /project/plugins.sbt, /s2core/README.md) without proper license headers. So this is my feedback for this RC1. I'd gather as much feedback as possible from the other mentors to start ot work in the next RC. Thanks so much for your work. Cheers, On Wed, Aug 10, 2016 at 9:39 AM, Hwansung Yu <[email protected]> wrote: > +1 > > On Wed, Aug 10, 2016 at 3:11 PM, Injun Song <[email protected]> wrote: > > > +1 > > > > On Tue, Aug 9, 2016 at 10:27 PM, Injun Song <[email protected]> wrote: > > > Sorry for verbose message. Another trivial issue in BUILD.md > > > Generated directory by "sbt package" is not > > > "target/s2graph-0.1.0-incubating-bin", but > > > "target/apache-s2graph-0.1.0-incubating-bin". > > > > > > On Tue, Aug 9, 2016 at 10:23 PM, Injun Song <[email protected]> wrote: > > >> Script "bin/download.sh" has no permission to execute it. Although it > > >> is trivial problem, it seems better to fix it. > > >> > > >> On Tue, Aug 9, 2016 at 2:38 PM, DO YUNG YOON <[email protected]> > wrote: > > >>> Hi all, > > >>> > > >>> This is a call for a releasing Apache S2Graph 0.1.0-incubating, > release > > >>> candidate 1. This is the first release of S2Graph. > > >>> > > >>> The source tarball, including signatures, digests, etc. can be found > > at: > > >>> https://dist.apache.org/repos/dist/dev/incubator/s2graph/0. > > 1.0-incubating-RC1/ > > >>> > > >>> The tag to be voted upon is v0.1.0-incubating-rc1: > > >>> https://git-wip-us.apache.org/repos/asf?p=incubator-s2graph. > > git;a=shortlog;h=refs/tags/v0.1.0-incubating-rc1 > > >>> > > >>> The release hash is d52881e2deb6d16f815ebf4f018a23edaf11575a: > > >>> https://git-wip-us.apache.org/repos/asf?p=incubator-s2graph. > > git;a=commit;h=d52881e2deb6d16f815ebf4f018a23edaf11575a > > >>> > > >>> Release artifacts are signed with the following key: > > >>> https://dist.apache.org/repos/dist/dev/incubator/s2graph/KEYS > > >>> > > >>> Once download source, please look into README.md and BUILD.md to > build > > from > > >>> source. > > >>> > > >>> The vote will be open for 72 hours. > > >>> Please download the release candidate and evaluate the necessary > items > > >>> including checking hashes, signatures, build from source, and test. > > >>> please vote: > > >>> > > >>> [ ] +1 Release this package as 0.1.0 > > >>> [ ] +0 no opinion > > >>> [ ] -1 Do not release this package because... > > >>> > > >>> Thanks, > > >>> DOYUNG YOON. > > > -- Sergio Fernández Partner Technology Manager Redlink GmbH m: +43 6602747925 e: [email protected] w: http://redlink.co
