-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Andy Seaborne wrote: > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... >
+1 Longer answer: 1. is the GPG signature fine? cd /tmp/ wget http://people.apache.org/~andy/dist-jena-tdb-0.9.0-incubating-RC-4/source-release/jena-tdb-0.9.0-incubating/jena-tdb-0.9.0-incubating-source-release.zip wget http://people.apache.org/~andy/dist-jena-tdb-0.9.0-incubating-RC-4/source-release/jena-tdb-0.9.0-incubating/jena-tdb-0.9.0-incubating-source-release.zip.asc wget http://people.apache.org/~andy/dist-jena-tdb-0.9.0-incubating-RC-4/KEYS gpg --import < KEYS gpg --verify jena-tdb-0.9.0-incubating-source-release.zip.asc [ok] 2. is there a source archive? http://people.apache.org/~andy/dist-jena-tdb-0.9.0-incubating-RC-4/source-release/jena-tdb-0.9.0-incubating/jena-tdb-0.9.0-incubating-source-release.zip [ok] 3. can the source archive really be built? cd /tmp wget http://people.apache.org/~andy/dist-jena-tdb-0.9.0-incubating-RC-4/source-release/jena-tdb-0.9.0-incubating/jena-tdb-0.9.0-incubating-source-release.zip unzip jena-tdb-0.9.0-incubating-source-release.zip cd jena-tdb-0.9.0-incubating/ mvn dependency:resolve mvn clean package [ok] 4. is there a correct LICENSE and NOTICE file in each artifact (both source and binary artifacts)? cd /tmp/jena-tdb-0.9.0-incubating/ cat NOTICE cat DEPENDENCIES cat LICENSE cd /tmp wget https://repository.apache.org/content/repositories/orgapachejena-001/org/apache/jena/jena-tdb/0.9.0-incubating/jena-tdb-0.9.0-incubating.jar jar xvf jena-tdb-0.9.0-incubating.jar cat META-INF/LICENSE cat META-INF/NOTICE cat META-INF/DEPENDENCIES - - This file lists the dependences for Apache Jena SDB. + This file lists the dependences for Apache Jena TDB. Minor issue. Fixed in SVN. [ok] LICENSE has no additional licenses in it (at the bottom), I think it's fine. 5. does the NOTICE file contain all necessary attributions? [ok] 6. check the dependencies. We must not have any GPL dependencies and LGPL only if they are optional, etc! See http://www.apache.org/legal/3party.html [ok] 7. do all the tests work? [ok] 8. if there is a TCK to run, does it succeed? [skip] 9. if there is a tag in the SCM, does it contain reproduceable sources? cd /tmp svn co http://svn.apache.org/repos/asf/incubator/jena/Jena2/TDB/tags/jena-tdb-0.9.0-incubating-RC-4/ jena-tdb-0.9.0-incubating-RC-4 cd jena-tdb-0.9.0-incubating-RC-4/ mvn clean package -Papache-release cd target unzip jena-tdb-0.9.0-incubating-source-release.zip cd jena-tdb-0.9.0-incubating/ mvn clean package cat NOTICE cat DEPENDENCIES cat LICENSE [ok] 10. are the Maven artifacts fine? For two of my projects using TDB, I pointed Maven at the staging repo: https://repository.apache.org/content/repositories/orgapachejena-001 [ok] 11. check the binary distribution cd /tmp wget https://repository.apache.org/content/repositories/orgapachejena-001/org/apache/jena/jena-tdb/0.9.0-incubating/jena-tdb-0.9.0-incubating-distribution.zip unzip jena-tdb-0.9.0-incubating-distribution.zip cd apache-jena-tdb-0.9.0-incubating/ ls -la cat DEPENDENCIES cat DISCLAIMER cat LICENSE ls -la lib/ ls -la bin/ export TDBROOT=/tmp/apache-jena-tdb-0.9.0-incubating/ ./bin/tdbloader --version Minor issue: Plugged In Software license is duplicated in LICENSE. In addition, ICU License - ICU 1.8.1 and later and http://www.slf4j.org/license.html licenses are there. This seems ok, since they are shipped in the lib/ directory in binary format. Inspected manually/visually: https://repository.apache.org/content/repositories/orgapachejena-001/org/apache/jena/jena-tdb/0.9.0-incubating/jena-tdb-0.9.0-incubating-distribution.tar.gz https://repository.apache.org/content/repositories/orgapachejena-001/org/apache/jena/jena-tdb/0.9.0-incubating/jena-tdb-0.9.0-incubating-sources.jar (this is also retrieved from the Maven repo, via mvn eclipse:eclipse) [ok] Thanks Andy. Paolo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJPRR2QAAoJEARUjz2XyHeQ1XIP/As75pg50fMF6Wgd6mWdl0BK +1JfvF2Z2iCXiSkyHCt++RXQ/KF60iJntsBZ2O1rfZAvaShW3UYdICgsExXppXB/ ml/ugHvCNj1ZI9/SEINx8p4kH1tPidj3FBD0TNdzxt8FW5s/baO8DfLmDgaPHtPU kmlOygISibiK85sKiarBXkCxFlmuA0cqvW6x+uuy/kvqR1O82gse9DZJhEmpXMt3 nZixhK0uQWl5Z7QrvOpv4pAYG6r0PvTql0DqMvJElZeEYHNz7ai3SWhnAgcRJbys Kw+GA6qMheZBJoaIwnVftllmq1I1M4+TglCFSY6FywsqZYPSaprBPelHxeKduDiN B74FaVdTiJ+uGhf2FMKKZLrQ/0R6iQtfWvM6DeC0j6bgcO1L05xiBJAz+2iKS9zu czny+WMeF0oQcdbxUmclekZgQolWZpzBNfA8khOEizDf1co1qizBDz4xhADLm348 fx2aaJ7AeQcW0rq7aCPsz/iay3yd3fNs7VkjEawa1Kyv7u15kjZAJ0CzkXL3dl05 LhcnpZ5ab/ExdX3DKXAAhyNF39kXo/uA3o9rI8qk3AosK6zy95z+kM5zGZLh9VdQ Ch5odkKtW1rkYGHZdfEjZdJPuHY4y24201lZGPwgYaIqZ7KdJfgKER8xAQbv10dy 9Br7QP/YFNqbMrphougR =oetM -----END PGP SIGNATURE-----
