You’re right. It looks like dist-maven/zookeeper-3.4.8.pom was missing the signature file. There is nothing we can do about that retroactively now, but we can update the release instructions for greater clarity on future releases.
Yes, I think it would be ideal to cut another release candidate. --Chris Nauroth On 8/22/16, 7:57 PM, "Rakesh Radhakrishnan" <[email protected]> wrote: Thanks Chris for spotting the inconsistency. I could see 3.4.8 release misses signing of *.pom.asc file. I think this is excluded by mistake, I will include this also in my next release candidate and remove unwanted signing of other files. Shall I cut another release candidate ? It would be good to update "HowToRelease" section about the dist-maven signing part. Thanks, Rakesh On Tue, Aug 23, 2016 at 5:07 AM, Chris Nauroth <[email protected]> wrote: > Hello Rakesh, > > Thank you for your hard work on this release. With release candidate 1, I > can get a successful run of "ant clean test-core-cppunit". > > Unfortunately, I spotted another inconsistency. In the dist-maven > directory, there are signature files (*.asc) for not only the jar files, > but also the md5 and sha1 files. See below for a listing of the dist-maven > directory in 3.4.8 vs. 3.4.9 RC1. I would prefer to see another release > candidate to correct this so that the contents are consistent across > releases, especially within a stable maintenance line like 3.4. If > administrators have coded scripts to automate validation of signatures > within ZooKeeper releases, then there is a risk that the extra files could > confuse that automation. > > This part of the release process is step 2b in the "Building" section. > Perhaps this can be made clearer. I don’t think it currently mentions how > the md5 and sha1 files under dist-maven work. > > > > > ll zookeeper-3.4.8/dist-maven/*.asc > -rw-rw-r-- 1 cnauroth 819 Feb 5 2016 zookeeper-3.4.8/dist-maven/ > zookeeper-3.4.8.jar.asc > -rw-rw-r-- 1 cnauroth 819 Feb 5 2016 zookeeper-3.4.8/dist-maven/ > zookeeper-3.4.8-javadoc.jar.asc > -rw-rw-r-- 1 cnauroth 819 Feb 5 2016 zookeeper-3.4.8/dist-maven/ > zookeeper-3.4.8-sources.jar.asc > -rw-rw-r-- 1 cnauroth 819 Feb 5 2016 zookeeper-3.4.8/dist-maven/ > zookeeper-3.4.8-tests.jar.asc > > > ll zookeeper-3.4.9/dist-maven/*.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:36 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9.jar.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:36 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9.jar.md5.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:36 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9.jar.sha1.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:37 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9-javadoc.jar.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:37 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9-javadoc.jar.md5.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:37 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9-javadoc.jar.sha1.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:35 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9.pom.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:35 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9.pom.md5.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:36 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9.pom.sha1.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:37 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9-sources.jar.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:37 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9-sources.jar.md5.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:37 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9-sources.jar.sha1.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:36 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9-tests.jar.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:36 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9-tests.jar.md5.asc > -rw-rw-r-- 1 cnauroth 819 Aug 22 14:36 zookeeper-3.4.9/dist-maven/ > zookeeper-3.4.9-tests.jar.sha1.asc > > --Chris Nauroth > > On 8/22/16, 3:20 PM, "Rakesh Radhakrishnan" <[email protected]> wrote: > > This is the second release candidate for 3.4.9. This candidate fixes > the > autotools issue found in > the first candidate. > > This is a bugfix release candidate for 3.4.9. It fixes 21 issues, > including > issues that affect ACL cache > in DataTree never removes entries, prevent multiple init of login > object in > each ZKSaslClient instance, > ZK service becomes unavailable when leader fails to write transaction > log, > upgrade netty version due > to security vulnerability (CVE-2014-3488) and others. > > The full release notes are available at: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa? > projectId=12310801&version=12334700 > > *** Please download, test and vote by August 30th 2016, 23:59 UTC+0. > *** > > Source files: > http://people.apache.org/~rakeshr/zookeeper-3.4.9-candidate-1 > > Maven staging repo: > https://repository.apache.org/content/groups/staging/org/ > apache/zookeeper/zookeeper/3.4.9 > > The tag to be voted upon: > https://svn.apache.org/repos/asf/zookeeper/tags/release-3.4.9-rc1 > > ZooKeeper's KEYS file containing PGP keys we use to sign the release: > http://www.apache.org/dist/zookeeper/KEYS > > Should we release this candidate? > > --Rakesh > > >
