I'd love to vote +1, but after I've looked at this release, I'm sorry, I have to vote -1. This is just the early stage of release, and I think we have the ability to smooth the release standardization process for apache. Here, I'll point out some of the issues I've identified:
1. The recommended name of the GitHub tag is 1.0.0-rc1(rc2, rc3...). This allows you to trace the number of times before a successful release. 2. The source code tarball needs to be uploaded to the Apache dist repository [1] instead of the Stage repository. 3. You are advised to use the Apache email address instead of ja...@asu.edu for GPG signatures. 4. It is recommended that the final package name be sedona-core_2.11-incubing instead of [1]. You must have at least src distribution. Use the sha512 signature. 5. I have not checked the copyright-related issues and the compilation is not passed. I hope that the compilation can pass in rc2. At the same time, I also call on our committer to help verify it carefully and carefully. We are more strict in the first release. If careful enough, I'm sure we'll be able to publish it before rc3. If you have any questions, refer to the voting results of other items in the incubation list. Of course, you are welcome to discuss it in your email. [1] https://dist.apache.org/repos/dist/dev/incubator/ [1] https://repository.apache.org/#nexus-search;quick-sedona Netanel Malka <ma...@apache.org> 于2021年1月12日周二 下午2:13写道: > Great Job!! > +1 > > Netanel Malka > > On 2021/01/07 10:16:11, Jia Yu <ji...@apache.org> wrote: > > Hi All, > > > > After a fruitful discussion about our first Apache Sedona release > > 1.0.0-incubator, the release has been created. This is a call for vote to > > release Apache Sedona (incubating) 1.0.0. > > > > Note that: the current sha1 and checksum verification of Sedona will > > require us to manually download artifact jars, sha1, asc from > > repository.apache.org 12 times each. It is very annoying. Please let me > > know if you have any suggestions to speed up the process. > > > > Release note: > > > https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100 > > > > Build instructions: > > https://sedona.staged.apache.org/download/compile/ > > > > Git tag: > > > https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator > > > > Maven staging repository (search for "sedona", 12 artifacts in total): > > https://repository.apache.org/#stagingRepositories > > > > Release Commit ID: > > > https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6 > > > > GPG public key to verify the Release: > > > https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg > > > > The vote will be open for at least 72 hours or until a majority of at > least > > 3 +1 PMC votes are cast > > > > Please vote accordingly: > > > > [ ] +1 approve > > > > [ ] +0 no opinion > > > > [ ] -1 disapprove with the reason > > > > Checklist for reference (because of DISCLAIMER-WIP, other checklist items > > are not blockers): > > > > [ ] Download links are valid. > > > > [ ] Checksums and PGP signatures are valid. > > > > [ ] DISCLAIMER is included. > > > > [ ] Source code artifacts have correct names matching the current > release. > > > > For a detailed checklist please refer to: > > > https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist > > > > To verify the checksum, > > 1. open https://repository.apache.org > > 2 (1) click each release jar (12 in total) to see its current SHA1 (under > > Artifact tab) (2) download .jar.sha1 to see the content of the uploaded > > sha1. This two should match > > > > To verify the GPG key (12 in total), > > gpg --import the-key-file > > gpg --verify xxx.jar.asc xxx.jar > > > > You should see something like "gpg: Good signature from "Jia Yu (Arizona > > State University Data Systems Lab) <jia...@asu.edu>" gpg: WARNING: This > > key is not certified with a trusted signature!" > > > > Thanks, > > Jia > > > -- Nothing is impossible
