+1
I checked:
- Naming convention and hashing (Steps 1,2,3)
- To validate signature (Step 4) I had to trust gpg keys first[1] to
avoid this warning exception:
```
|gpg: WARNING: This key is not certified with a trusted signature! gpg:
There is no indication that the signature belongs to the owner.|
```
- Verified source content (Step 5), but last steps cause licensing
plugin warnings as it seems to rely on Git to get the year and this
steps are under the Subversion checkout.
```
Could not compute the year of the last git commit for file
/home/jeqo/src/dist.apache.org/repos/dist/dev/incubator
```
Might be worth it to mention that Maven commands should be executed
under a git repository and not svn.
- Verified git tag (Step 6).
- Verified content built from git tag is identical to released (Step 7)
Also fixed a typo on documentation related to step numbers.
Jorge.
1: https://www.gnupg.org/gph/en/manual.html#AEN84
On 2/11/19 9:08 PM, Zoltán Nagy wrote:
+1 binding
Checked:
- sha512 is correct
- GPG signature is correct, signature was generated with Adrian's key
(which is in the relevant KEYS file)
- git tag matches commit hash
- Base dir in source package named as expected
- Source package matches git repo except for DEPENDENCIES, NOTICE, .git /
.gitignore
- LICENSE is Apache 2.0, DISCLAIMER mentions incubation, NOTICE mentions ASF
- No project binaries in source package
- `./mvnw package` passes
On Mon, Feb 11, 2019 at 6:24 PM Brian Devins-Suresh <[email protected]>
wrote:
+1 binding
I checked:
- sha512 of zip
- Source package compiles and tests (mvn test && mvn package)
- git tag matches commit hash (git show v0.1.2)
- Source package contents match git tree (exceptions: .gitignore, NOTICE,
DEPENDENCIES)
- LICENSE is Apache 2.0
- DISCLAIMER mentions incubation
- Sources package does not include project binaries (maven-wrapper.jar is
included)
- gpg signature matches Adrian's key
On Mon, Feb 11, 2019 at 2:48 AM Tommy Ludwig <[email protected]>
wrote:
+1 binding
I checked the following:
- shasum of zip
- gpg signature
- git tag matches mentioned commit id
- Base directory with the convention PROJECT_NAME-VERSION
- DISCLAIMER mentions it is an incubating project
- LICENSE is the Apache License v2.0
- NOTICE mentions The Apache Software Foundation
- There are source files (ex .java), build files (ex pom.xml), but no
binaries (ex .jar)
- Can compile from source (ex ./mvnw compile)
- Can run unit tests (ex ./mvnw test)
On Mon, Feb 11, 2019 at 3:58 PM Adrian Cole <[email protected]>
wrote:
Hello Zipkin Community,
This is a call for vote to release Apache Zipkin Brave Karaf
(incubating) version 0.1.2.
The release candidates:
https://dist.apache.org/repos/dist/dev/incubator/zipkin/brave-karaf/0.1.2/
Git tag for the release:
https://github.com/apache/incubator-zipkin-brave-karaf/tree/v0.1.2
Hash for the release tag:
31545805a55dbe5e495403d84172fc865a4935e0
Release Notes:
https://github.com/apache/incubator-zipkin-brave-karaf/releases/tag/v0.1.2
The artifacts have been signed with Key : BB67A050, which can be found
in the keys file:
https://dist.apache.org/repos/dist/dev/incubator/zipkin/KEYS
Verification Hints:
For your convenience, the below includes detailed how-to on verifying
a source release. Please note that this document is a work-in-progress
https://cwiki.apache.org/confluence/display/ZIPKIN/Verifying+a+Source+Release
The vote will be open for at least 72 hours or until necessary number
of votes are reached.
Please vote accordingly:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove with the reason
Thanks,
The Apache Zipkin (Incubating) Team
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
