Ubuntu 20.04.6 LTS, java version "11.0.8" 2020-07-14 LTS * Checked signatures KO
The KEYS file must be in the official location [1], i.e., https://dist.apache.org/repos/dist/release/incubator/xtable and not under the dev area. Projects should not have multiple KEYS files. * Checked checksums OK * Checked "apache" in the filename KO * Checked "incubating" in the filename OK The release archives must contain the "apache-" prefix. I don't remember where I have seen this requirement but I am pretty sure it holds. Likewise, when the archives contents are extracted the directory must contain both "apache" and "incubating" in the name. In terms of archive names and content the RC suffix should not appear. Once the vote passes the release artifacts must be moved from the staging area to the release area unaltered. This means that we cannot change the name of the release artifacts post-vote. Having an RC classifier on the released archives will be misleading for the end-users. Summing up the full URLs should be something like: https://dist.apache.org/repos/dist/dev/incubator/xtable/0.1.0-incubating-rcX/apache-xtable-0.1.0-incubating-src.tgz https://dist.apache.org/repos/dist/release/incubator/xtable/0.1.0-incubating/apache-xtable-0.1.0-incubating-src.tgz * Checked diff between git repo (commit 58a327f096a47d27e91ee1efa17982d7c1a75372) and artifacts (diff -qr xtable-0.1.0-incubating-rc3 incubator-xtable-git) KO There are many differences between the release tag and the source archive and there are various that look worrisome. Notably the source archive contains many MacOS "._" binary files (e.g., "._IdTracking.java") that shouldn't be there. * Checked README.md for build instructions OK * Checked NOTICE, LICENSE OK * Checked DISCLAIMER-WIP OK * All source files have ASF headers OK (grep -RiL "Licensed to the Apache Software Foundation" | grep -v "\._") * No unexpected binary files in source distribution OK (find . -type f -exec file {} \; | grep -v text | grep -v "\._" ) * Checked LICENSE, NOTICE, signature, and checksum for xtable-core-0.1.0-incubating-rc3.jar in nexus [3] KO Found some small problems in the NOTICE file inside the jar [4]. * Built from git tag and run tests (mvn clean package) OK * Built from source artifacts and run tests (mvn clean package) OK Other issues/checks: I tried to run mvn clean install in source distribution but failed with the following error: [ERROR] Failed to execute goal com.diffplug.spotless:spotless-maven-plugin:2.43.0:check (default) on project xtable: Execution default of goal com.diffplug.spotless:spotless-maven-plugin:2.43.0:check failed: Unable to locate file with path: style/text-license-header: Could not find resource 'style/text-license-header'. -> [Help 1] I couldn't find the release notes under [2] as denoted in the vote email. If they exist somewhere it would be helpful to have a direct link to the appropriate file. The website (https://xtable.apache.org/) does not have a downloads page so there is no "official" way for the users to download the release once the vote passes. This is not blocking the vote but needs to be resolved before announcing the release. The vote email should contain the git commit hash that was used to build the release since tags are not necessarily immutable. Moreover, for sanity reasons and extra security it is helpful to include the checksums and or SVN revision in the email as well. The KEY that is used to sign the release is not linked to the web of trust since it has no signatures. Ideally, we should organize a virtual key signing party sometime soon to sign each other keys and expand the web of trust. The negative vote is mainly due to the unexpected MacOS binary files that are present in the sources but let's try to address as many as possible from the reported issues for the next RC. Despite the negative vote, I think the project is in a very good state. I am pretty confident that in 0.2.0 we will be able to remove the DISCLAIMER-WIP and release a fully compliant ASF release. -1 (binding) Best, Stamatis [1] https://infra.apache.org/release-signing.html#keys-policy [2] https://github.com/apache/incubator-xtable/issues/486 [3] https://repository.apache.org/content/repositories/orgapachextable-1002/org/apache/xtable/xtable-core/0.1.0-incubating-rc3/ [4] https://github.com/apache/incubator-xtable/issues/509 On Thu, Aug 8, 2024 at 9:19 PM Vinoth Chandar <vin...@apache.org> wrote: > > +1 (binding) > > On Thu, Aug 8, 2024 at 9:02 AM Tim Brown <tim.brown...@gmail.com> wrote: > > > +1 (binding) > > > > Validated the jars in a local project that converts from Hudi, Iceberg, and > > Delta into the other two formats. > > Validated Hudi writer extensions are working properly. > > > > -Tim > > > > On Thu, Aug 8, 2024 at 2:35 AM Jesus Camacho Rodriguez < > > jcama...@apache.org> > > wrote: > > > > > +1 (binding) > > > > > > Downloaded the source code, checked signatures, disclaimer, and built the > > > project. > > > > > > A couple of notes: > > > - It would be great to include a short section in the release_guide.md > > > covering how to validate a release as well. Here are some examples from > > > other projects [1] [2]. > > > - FYI, you can add your key fingerprint to ASF by following the > > > instructions in [3]. > > > > > > Thanks, Vinish! > > > > > > -Jesús > > > > > > [1] https://calcite.apache.org/docs/howto.html#validating-a-release > > > [2] > > > > > > > > https://cwiki.apache.org/confluence/display/Hive/HowToRelease#HowToRelease-VerifyingtheReleaseCandidate > > > [3] https://people.apache.org/keys/ > > > > > > On Wed, Aug 7, 2024 at 1:49 PM Vinish Reddy <vin...@apache.org> wrote: > > > > > > > Hi everyone, > > > > > > > > Please review and vote on the release candidate #3 for the version > > 0.1.0, > > > > as follows: > > > > > > > > [ ] +1, Approve the release > > > > > > > > [ ] -1, Do not approve the release (please provide specific comments) > > > > > > > > The complete staging area is available for your review, which includes: > > > > > > > > *GH release notes [1], > > > > > > > > * the official Apache source release and binary convenience releases to > > > be > > > > deployed to dist.apache.org [2], which are signed with the key with > > > > fingerprint 5EFD1E91 [3], > > > > > > > > * all artifacts to be deployed to the Maven Central Repository [4], > > > > > > > > * source code tag "0.1.0-incubating-rc3" [5], > > > > > > > > Thanks, > > > > Vinish > > > > > > > > [1] https://github.com/apache/incubator-xtable/issues/486 > > > > > > > > [2] > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/xtable/xtable-0.1.0-incubating-rc3/ > > > > > > > > [3] https://dist.apache.org/repos/dist/dev/incubator/xtable/KEYS > > > > > > > > [4] > > > > > > https://repository.apache.org/content/repositories/orgapachextable-1002/ > > > > > > > > [5] > > > > > > > > > > > > > https://github.com/apache/incubator-xtable/releases/tag/release-0.1.0-incubating-rc3 > > > > > > > > >
