I downloaded the artifacts using svn, checked signatures (.asc files),
LICENSE, NOTICE, DISCLAIMER, file headers; I verified that the
contents of apache-sdap-nexus-1.0.0-src.tar.gz are equal to the
contents of the git commit tagged with 1.0.0-rc2. Checked for binary
files. That all looks good.
But there are several aspects of the vote email that make it
unsuitable for a release vote:
* The URLs have been mangled with a urldefense.us prefix and I am not
able to view them.
* Git tags are mutable and therefore are not a permanent record of
the state of the repository;
you should use git commit SHAs instead.
* I was not able to check hashes because the vote email does not contain them.
This guarantees that I am voting on the same artifacts produced by
the release manager.
I am not sure how the URLs got mangled. Maybe it is because the RM
used their work email server to post the vote email? If so, go to
https://lists.apache.org/list.html?dev@sdap.apache.org, log in, and
post from there.
My vote is -1 because of the above issues with the vote email. I think
that you can cancel this vote, send an email starting a new vote on
the same release candidate (rc2).
It would be convenient if the files in, say,
apache-sdap-nexus-1.0.0-src.tar.gz had a prefix of
apache-sdap-nexus-1.0.0-src. It makes it easier to clean up. Not a
blocker for this release, but you should do it next release.
Julian
On Wed, Dec 14, 2022 at 3:26 PM Perez, Stepheny K (US 398F)
<stepheny.k.pe...@jpl.nasa.gov.invalid> wrote:
>
> This release is working well for me. +1.
>
> ________________________________
> From: Nga Chung <nch...@apache.org>
> Sent: Tuesday, December 13, 2022 11:10 AM
> To: dev@sdap.apache.org <dev@sdap.apache.org>
> Subject: [EXTERNAL] [VOTE] Release Apache SDAP (incubating) 1.0.0-rc2
>
> Hi all,
>
> This is the second release candidate of Apache SDAP (incubating) version
> 1.0.0.
>
> Changes made between previous candidate (rc1) and this one (rc2) are as
> follows:
> - Added README
> - Added DISCLAIMER
>
> Instructions for building docker images from source can be found here:
> https://urldefense.us/v3/__https://incubator-sdap-nexus.readthedocs.io/en/latest/build.html__;!!PvBDto6Hs4WbVuu7!a8nUi_smQN818mWuAEPnw5cIK4sVjNaqWGy47tW1JMb-0EJdftv6755yunjZlymzT1rKYSXxpmw$
> Instructions for deploying locally to test can be found here:
> https://urldefense.us/v3/__https://incubator-sdap-nexus.readthedocs.io/en/latest/quickstart.html__;!!PvBDto6Hs4WbVuu7!a8nUi_smQN818mWuAEPnw5cIK4sVjNaqWGy47tW1JMb-0EJdftv6755yunjZlymzT1rKphBkEF8$
>
> The tags to be voted on are 1.0.0-rc2:
>
> https://urldefense.us/v3/__https://github.com/apache/incubator-sdap-nexusproto/tree/1.0.0-rc2__;!!PvBDto6Hs4WbVuu7!a8nUi_smQN818mWuAEPnw5cIK4sVjNaqWGy47tW1JMb-0EJdftv6755yunjZlymzT1rKF0EW64U$
> https://urldefense.us/v3/__https://github.com/apache/incubator-sdap-ingester/tree/1.0.0-rc2__;!!PvBDto6Hs4WbVuu7!a8nUi_smQN818mWuAEPnw5cIK4sVjNaqWGy47tW1JMb-0EJdftv6755yunjZlymzT1rKxmhlaSc$
> https://urldefense.us/v3/__https://github.com/apache/incubator-sdap-nexus/tree/1.0.0-rc2__;!!PvBDto6Hs4WbVuu7!a8nUi_smQN818mWuAEPnw5cIK4sVjNaqWGy47tW1JMb-0EJdftv6755yunjZlymzT1rKUEr4BgY$
>
> The release files, including signatures, digests, etc. can be found at:
> https://urldefense.us/v3/__https://dist.apache.org/repos/dist/dev/incubator/sdap/apache-sdap-1.0.0-rc2/__;!!PvBDto6Hs4WbVuu7!a8nUi_smQN818mWuAEPnw5cIK4sVjNaqWGy47tW1JMb-0EJdftv6755yunjZlymzT1rKnXyvhrk$
>
> Release artifacts are signed with the following key:
> https://urldefense.us/v3/__https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xD2449E0EB5EF1E73__;!!PvBDto6Hs4WbVuu7!a8nUi_smQN818mWuAEPnw5cIK4sVjNaqWGy47tW1JMb-0EJdftv6755yunjZlymzT1rKdFIqqj8$
>
> Please vote on releasing this package as Apache SDAP (incubating) 1.0.0.
>
> The vote is open for 72 hours and passes if at least 3 +1 PMC votes are
> cast.
>
> [ ] +1 Release this package as Apache SDAP (incubating) 1.0.0
> [ ] +0 No opinion
> [ ] -1 Do not release this package because ...
>
> Thanks,
> Nga
