+1 (non-binding) * Verified checksums * Verified Signatures * Built from source * Validated source file have Apache headers * Validated no 'code' diff b/w git tag & src tar * Validated LICENSE & Notice files.
Thanx Laszlo for driving the release!!! -Ayush On Mon, 29 Jan 2024 at 15:05, László Bodor <bodorlaszlo0...@gmail.com> wrote: > Thanks, Stamatis for the review and the follow-up tickets! > > Manually checked the checksums that I generated myself :) (removed MD5 in > this release candidate) OK > Checked the contents of the src and bin packages OK > Ran a full Hive precommit with the artifacts in the Apache staging area > < > https://repository.apache.org/content/repositories/orgapachetez-1079/org/apache/tez/ > >, > precommit run > < > http://ci.hive.apache.org/blue/organizations/jenkins/hive-precommit/detail/PR-4991/8/pipeline > >, > only 1 silly unrelated error > < > http://ci.hive.apache.org/blue/organizations/jenkins/hive-precommit/detail/PR-4991/8/tests > > > OK > > +1 (binding) > > Stamatis Zampetakis <zabe...@gmail.com> ezt írta (időpont: 2024. jan. 24., > Sze, 20:33): > > > Ubuntu 20.04.6 LTS, jdk1.8.0_261, Apache Maven 3.6.3 > > > > * Checked signatures and checksums for bin.tar.gz and src.tar.gz [1] OK > > * Checked diff between repo and artifacts [2] OK > > * Checked README.md, NOTICE.txt, LICENSE.txt, in source package OK > > (Logged TEZ-4536 but its minor) > > * All source files have ASF headers [3] OK (TEZ-4534, TEZ-4535 still > > apply but minor) > > * No unexpected binary files [4] OK > > * Built from source artifacts and run tests [5] OK > > > > I noticed that the project publishes artifacts to the Maven > > repository. However, I don't see a link to a maven staging repository > > in the vote email and I couldn't find one by looking at [6]. The Maven > > distribution [7, 8] of an ASF project has also to adhere to some rules > > so if the artifacts are never reviewed by the PMC I am not sure how we > > can ensure that the rules are followed. If the maven artifacts are not > > voted explicitly I don't think it's valid to publish them a > > posteriori. > > > > Another minor thing is that I couldn't fetch the signing key from > > pgp.mit.edu but it is present in the KEYS file so it's fine. > > > > +1 (non-binding) > > > > Best, > > Stamatis > > > > [1] sha512sum -c ... / gpg --verify > > [2] diff -qr apache-tez-0.10.3-src tez-git > > [3] grep -RL -e "Licensed to the Apache Software Foundation" -e > > "Licensed under the Apache License" | grep -v "NOTICE" | grep -v > > "LICENSE" > > [4] find apache-tez-0.10.3-src -type f -exec file {} \; | grep -v text > > [5] mvn clean install > > [6] https://repository.apache.org/#stagingRepositories > > [7] https://incubator.apache.org/guides/distribution.html > > [8] https://infra.apache.org/publishing-maven-artifacts.html > > > > > > > > On Mon, Jan 22, 2024 at 2:54 PM László Bodor <bodorlaszlo0...@gmail.com> > > wrote: > > > > > > Hi Team! > > > > > > I have created a tez-0.10.3 release candidate rc1. > > > GIT source tag: release-0.10.3-rc1 > > > <https://github.com/apache/tez/releases/tag/release-0.10.3-rc1> > > > (288b41c7c69075e587d071178a84ff6a06d346c9) > > > > > > Staging site: > > > https://dist.apache.org/repos/dist/dev/tez/apache-tez-0.10.3-rc1/ (svn > > > revision: 66743) > > > > > > PGP release keys (signed using 0x4ECA5CA5E303605A) > > > > http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x4ECA5CA5E303605A > > > > > > KEYS file available at > > https://dist.apache.org/repos/dist/release/tez/KEYS > > > > > > One can look into the issues fixed in this release at: > > > > > > https://issues.apache.org/jira/issues?jql=project%20%3D%20TEZ%20AND%20fixVersion%20%3D%200.10.3 > > > > > > The vote will be open for at least 72 hours (from Thursday) > > > [ ] +1 approve > > > [ ] +0 no opinion > > > [ ] -1 disapprove (and the reason why) > > > > > > Regards, > > > Laszlo Bodor > > > Apache Tez PMC Chair > > >
