[RESULT] [VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288 RC #3

[Luke Cwik]

I'm happy to announce that we have unanimously approved this release.

There are 3 approving votes, 3 of which are binding:
* Ismaël Mejía
* Jean-Baptiste Onofre
* Luke Cwik

There are no disapproving votes.

Thanks everyone!

On Thu, Mar 5, 2020 at 1:56 PM Ismaël Mejía  wrote:

> +1 (binding)
>
> Verified signatures
> Verified that there are no conscrypt classes or binaries in jar
> Verified pom.xml has runtime dependency on conscrypt
>
> On Thu, Mar 5, 2020 at 9:14 PM Jean-Baptiste Onofre 
> wrote:
> >
> > +1 (binding)
> >
> > Regards
> > JB
> >
> > Le 5 mars 2020 à 19:55, Luke Cwik  a écrit :
> >
> > Please review the release of the following artifacts that we vendor:
> >  * beam-vendor-grpc-1_26_0
> >
> > Hi everyone,
> > Please review and vote on the release candidate #1 for the version 0.3,
> as follows:
> > [ ] +1, Approve the release
> > [ ] -1, Do not approve the release (please provide specific comments)
> >
> >
> > The complete staging area is available for your review, which includes:
> > * the official Apache source release to be deployed to dist.apache.org
> [1], which is signed with the key with fingerprint
> EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
> > * all artifacts to be deployed to the Maven Central Repository [3],
> > * commit hash "28d05d317a39b5d60a31988c69d1fb8a9c5006fc" [4],
> >
> > The vote will be open for at least 72 hours. It is adopted by majority
> approval, with at least 3 PMC affirmative votes.
> >
> > Thanks,
> > Release Manager
> >
> > [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
> > [2] https://dist.apache.org/repos/dist/release/beam/KEYS
> > [3]
> https://repository.apache.org/content/repositories/orgapachebeam-1098/
> > [4]
> https://github.com/apache/beam/commit/28d05d317a39b5d60a31988c69d1fb8a9c5006fc
> >
> >
>

Re: [VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288 RC #3

[Ismaël Mejía]

+1 (binding)

Verified signatures
Verified that there are no conscrypt classes or binaries in jar
Verified pom.xml has runtime dependency on conscrypt

On Thu, Mar 5, 2020 at 9:14 PM Jean-Baptiste Onofre  wrote:
>
> +1 (binding)
>
> Regards
> JB
>
> Le 5 mars 2020 à 19:55, Luke Cwik  a écrit :
>
> Please review the release of the following artifacts that we vendor:
>  * beam-vendor-grpc-1_26_0
>
> Hi everyone,
> Please review and vote on the release candidate #1 for the version 0.3, as 
> follows:
> [ ] +1, Approve the release
> [ ] -1, Do not approve the release (please provide specific comments)
>
>
> The complete staging area is available for your review, which includes:
> * the official Apache source release to be deployed to dist.apache.org [1], 
> which is signed with the key with fingerprint 
> EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
> * all artifacts to be deployed to the Maven Central Repository [3],
> * commit hash "28d05d317a39b5d60a31988c69d1fb8a9c5006fc" [4],
>
> The vote will be open for at least 72 hours. It is adopted by majority 
> approval, with at least 3 PMC affirmative votes.
>
> Thanks,
> Release Manager
>
> [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
> [2] https://dist.apache.org/repos/dist/release/beam/KEYS
> [3] https://repository.apache.org/content/repositories/orgapachebeam-1098/
> [4] 
> https://github.com/apache/beam/commit/28d05d317a39b5d60a31988c69d1fb8a9c5006fc
>
>

Re: [VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288 RC #3

[Jean-Baptiste Onofre]

+1 (binding)

Regards
JB

> Le 5 mars 2020 à 19:55, Luke Cwik  a écrit :
> 
> Please review the release of the following artifacts that we vendor:
>  * beam-vendor-grpc-1_26_0
> 
> Hi everyone,
> Please review and vote on the release candidate #1 for the version 0.3, as 
> follows:
> [ ] +1, Approve the release
> [ ] -1, Do not approve the release (please provide specific comments)
> 
> 
> The complete staging area is available for your review, which includes:
> * the official Apache source release to be deployed to dist.apache.org 
>  [1], which is signed with the key with fingerprint 
> EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
> * all artifacts to be deployed to the Maven Central Repository [3],
> * commit hash "28d05d317a39b5d60a31988c69d1fb8a9c5006fc" [4],
> 
> The vote will be open for at least 72 hours. It is adopted by majority 
> approval, with at least 3 PMC affirmative votes.
> 
> Thanks,
> Release Manager
> 
> [1] https://dist.apache.org/repos/dist/dev/beam/vendor/ 
> 
> [2] https://dist.apache.org/repos/dist/release/beam/KEYS 
> 
> [3] https://repository.apache.org/content/repositories/orgapachebeam-1098/ 
> 
> [4] 
> https://github.com/apache/beam/commit/28d05d317a39b5d60a31988c69d1fb8a9c5006fc
>  
> 

Re: [VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288 RC #3

[Luke Cwik]

+1 (binding)
Verified that conscrypt jars and .so files don't appear in the jar.

On Thu, Mar 5, 2020 at 10:55 AM Luke Cwik  wrote:

> Please review the release of the following artifacts that we vendor:
>  * beam-vendor-grpc-1_26_0
>
> Hi everyone,
> Please review and vote on the release candidate #1 for the version 0.3, as
> follows:
> [ ] +1, Approve the release
> [ ] -1, Do not approve the release (please provide specific comments)
>
>
> The complete staging area is available for your review, which includes:
> * the official Apache source release to be deployed to dist.apache.org [1],
> which is signed with the key with
> fingerprint EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
> * all artifacts to be deployed to the Maven Central Repository [3],
> * commit hash "28d05d317a39b5d60a31988c69d1fb8a9c5006fc" [4],
>
> The vote will be open for at least 72 hours. It is adopted by majority
> approval, with at least 3 PMC affirmative votes.
>
> Thanks,
> Release Manager
>
> [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
> [2] https://dist.apache.org/repos/dist/release/beam/KEYS
> [3] https://repository.apache.org/content/repositories/orgapachebeam-1098/
> [4]
> https://github.com/apache/beam/commit/28d05d317a39b5d60a31988c69d1fb8a9c5006fc
>

[VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288 RC #3

[Luke Cwik]

Please review the release of the following artifacts that we vendor:
 * beam-vendor-grpc-1_26_0

Hi everyone,
Please review and vote on the release candidate #1 for the version 0.3, as
follows:
[ ] +1, Approve the release
[ ] -1, Do not approve the release (please provide specific comments)


The complete staging area is available for your review, which includes:
* the official Apache source release to be deployed to dist.apache.org [1],
which is signed with the key with
fingerprint EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
* all artifacts to be deployed to the Maven Central Repository [3],
* commit hash "28d05d317a39b5d60a31988c69d1fb8a9c5006fc" [4],

The vote will be open for at least 72 hours. It is adopted by majority
approval, with at least 3 PMC affirmative votes.

Thanks,
Release Manager

[1] https://dist.apache.org/repos/dist/dev/beam/vendor/
[2] https://dist.apache.org/repos/dist/release/beam/KEYS
[3] https://repository.apache.org/content/repositories/orgapachebeam-1098/
[4]
https://github.com/apache/beam/commit/28d05d317a39b5d60a31988c69d1fb8a9c5006fc

Re: [VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288 RC #2

[Luke Cwik]

Cancelling this release, I made a mistake for the commit id which I built
from which I should have caught before sending this out.

On Thu, Mar 5, 2020 at 10:45 AM Luke Cwik  wrote:

> Please review the release of the following artifacts that we vendor:
>  * beam-vendor-grpc-1_26_0
>
> Hi everyone,
> Please review and vote on the release candidate #1 for the version 0.3, as
> follows:
> [ ] +1, Approve the release
> [ ] -1, Do not approve the release (please provide specific comments)
>
>
> The complete staging area is available for your review, which includes:
> * the official Apache source release to be deployed to dist.apache.org [1],
> which is signed with the key with
> fingerprint EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
> * all artifacts to be deployed to the Maven Central Repository [3],
> * commit hash "dd4c01ff9f6abcd7bd8d3fc76e89325e409fdd46" [4],
>
> The vote will be open for at least 72 hours. It is adopted by majority
> approval, with at least 3 PMC affirmative votes.
>
> Thanks,
> Release Manager
>
> [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
> [2] https://dist.apache.org/repos/dist/release/beam/KEYS
> [3] https://repository.apache.org/content/repositories/orgapachebeam-1097/
> [4]
> https://github.com/apache/beam/commit/dd4c01ff9f6abcd7bd8d3fc76e89325e409fdd46
>

[VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288 RC #2

[Luke Cwik]

Please review the release of the following artifacts that we vendor:
 * beam-vendor-grpc-1_26_0

Hi everyone,
Please review and vote on the release candidate #1 for the version 0.3, as
follows:
[ ] +1, Approve the release
[ ] -1, Do not approve the release (please provide specific comments)


The complete staging area is available for your review, which includes:
* the official Apache source release to be deployed to dist.apache.org [1],
which is signed with the key with
fingerprint EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
* all artifacts to be deployed to the Maven Central Repository [3],
* commit hash "dd4c01ff9f6abcd7bd8d3fc76e89325e409fdd46" [4],

The vote will be open for at least 72 hours. It is adopted by majority
approval, with at least 3 PMC affirmative votes.

Thanks,
Release Manager

[1] https://dist.apache.org/repos/dist/dev/beam/vendor/
[2] https://dist.apache.org/repos/dist/release/beam/KEYS
[3] https://repository.apache.org/content/repositories/orgapachebeam-1097/
[4]
https://github.com/apache/beam/commit/dd4c01ff9f6abcd7bd8d3fc76e89325e409fdd46

Re: [VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288

[Luke Cwik]

Looks like the vote is cancelled.

On Tue, Mar 3, 2020 at 2:03 PM Ismaël Mejía  wrote:

> -1
>
> It seems we still are adding the conscrypt native libraries as part in
> META-INF
>
> $ jar tvf beam-vendor-grpc-1_26_0-0.3.jar | grep conscrypt
> 2218176 Mon Sep 17 10:36:24 CEST 2018
> META-INF/native/libconscrypt_openjdk_jni-linux-x86_64.so
> 1720832 Mon Sep 17 10:36:24 CEST 2018
> META-INF/native/conscrypt_openjdk_jni-windows-x86.dll
> 2637496 Mon Sep 17 10:36:24 CEST 2018
> META-INF/native/libconscrypt_openjdk_jni-osx-x86_64.dylib
> 2557952 Mon Sep 17 10:36:24 CEST 2018
> META-INF/native/conscrypt_openjdk_jni-windows-x86_64.dll
>
>
> On Tue, Mar 3, 2020 at 9:50 PM Pablo Estrada  wrote:
> >
> > +1 (binding)
> > verified hashes
> >
> > On Tue, Mar 3, 2020 at 11:20 AM Luke Cwik  wrote:
> >>
> >> +1 (binding)
> >> Verified signatures
> >> Verified that there are no conscrypt classes in jar
> >> Verified pom.xml has runtime dependency on conscrypt
> >>
> >> On Tue, Mar 3, 2020 at 10:35 AM Jean-Baptiste Onofré 
> wrote:
> >>>
> >>> +1 (binding)
> >>>
> >>> Regards
> >>> JB
> >>>
> >>> Le mar. 3 mars 2020 ? 19:31, Luke Cwik  a ?crit :
> 
>  Please review the release of the following artifacts that we vendor:
>   * beam-vendor-grpc-1_26_0
> 
>  Hi everyone,
>  Please review and vote on the release candidate #1 for the version
> 0.3, as follows:
>  [ ] +1, Approve the release
>  [ ] -1, Do not approve the release (please provide specific comments)
> 
> 
>  The complete staging area is available for your review, which
> includes:
>  * the official Apache source release to be deployed to
> dist.apache.org [1], which is signed with the key with fingerprint
> EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
>  * all artifacts to be deployed to the Maven Central Repository [3],
>  * commit hash "7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230" [4],
> 
>  The vote will be open for at least 72 hours. It is adopted by
> majority approval, with at least 3 PMC affirmative votes.
> 
>  Thanks,
>  Release Manager
> 
>  [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
>  [2] https://dist.apache.org/repos/dist/release/beam/KEYS
>  [3]
> https://repository.apache.org/content/repositories/orgapachebeam-1096/
>  [4]
> https://github.com/apache/beam/commit/7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230
>

Re: [VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288

[Ismaël Mejía]

-1

It seems we still are adding the conscrypt native libraries as part in META-INF

$ jar tvf beam-vendor-grpc-1_26_0-0.3.jar | grep conscrypt
2218176 Mon Sep 17 10:36:24 CEST 2018
META-INF/native/libconscrypt_openjdk_jni-linux-x86_64.so
1720832 Mon Sep 17 10:36:24 CEST 2018
META-INF/native/conscrypt_openjdk_jni-windows-x86.dll
2637496 Mon Sep 17 10:36:24 CEST 2018
META-INF/native/libconscrypt_openjdk_jni-osx-x86_64.dylib
2557952 Mon Sep 17 10:36:24 CEST 2018
META-INF/native/conscrypt_openjdk_jni-windows-x86_64.dll


On Tue, Mar 3, 2020 at 9:50 PM Pablo Estrada  wrote:
>
> +1 (binding)
> verified hashes
>
> On Tue, Mar 3, 2020 at 11:20 AM Luke Cwik  wrote:
>>
>> +1 (binding)
>> Verified signatures
>> Verified that there are no conscrypt classes in jar
>> Verified pom.xml has runtime dependency on conscrypt
>>
>> On Tue, Mar 3, 2020 at 10:35 AM Jean-Baptiste Onofré  
>> wrote:
>>>
>>> +1 (binding)
>>>
>>> Regards
>>> JB
>>>
>>> Le mar. 3 mars 2020 ? 19:31, Luke Cwik  a ?crit :

 Please review the release of the following artifacts that we vendor:
  * beam-vendor-grpc-1_26_0

 Hi everyone,
 Please review and vote on the release candidate #1 for the version 0.3, as 
 follows:
 [ ] +1, Approve the release
 [ ] -1, Do not approve the release (please provide specific comments)


 The complete staging area is available for your review, which includes:
 * the official Apache source release to be deployed to dist.apache.org 
 [1], which is signed with the key with fingerprint 
 EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
 * all artifacts to be deployed to the Maven Central Repository [3],
 * commit hash "7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230" [4],

 The vote will be open for at least 72 hours. It is adopted by majority 
 approval, with at least 3 PMC affirmative votes.

 Thanks,
 Release Manager

 [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
 [2] https://dist.apache.org/repos/dist/release/beam/KEYS
 [3] https://repository.apache.org/content/repositories/orgapachebeam-1096/
 [4] 
 https://github.com/apache/beam/commit/7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230

Re: [VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288

[Pablo Estrada]

+1 (binding)
verified hashes

On Tue, Mar 3, 2020 at 11:20 AM Luke Cwik  wrote:

> +1 (binding)
> Verified signatures
> Verified that there are no conscrypt classes in jar
> Verified pom.xml has runtime dependency on conscrypt
>
> On Tue, Mar 3, 2020 at 10:35 AM Jean-Baptiste Onofré 
> wrote:
>
>> +1 (binding)
>>
>> Regards
>> JB
>>
>> Le mar. 3 mars 2020 ? 19:31, Luke Cwik  a ?crit :
>>
>>> Please review the release of the following artifacts that we vendor:
>>>  * beam-vendor-grpc-1_26_0
>>>
>>> Hi everyone,
>>> Please review and vote on the release candidate #1 for the version 0.3,
>>> as follows:
>>> [ ] +1, Approve the release
>>> [ ] -1, Do not approve the release (please provide specific comments)
>>>
>>>
>>> The complete staging area is available for your review, which includes:
>>> * the official Apache source release to be deployed to dist.apache.org [1],
>>> which is signed with the key with
>>> fingerprint EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
>>> * all artifacts to be deployed to the Maven Central Repository [3],
>>> * commit hash "7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230" [4],
>>>
>>> The vote will be open for at least 72 hours. It is adopted by majority
>>> approval, with at least 3 PMC affirmative votes.
>>>
>>> Thanks,
>>> Release Manager
>>>
>>> [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
>>> [2] https://dist.apache.org/repos/dist/release/beam/KEYS
>>> [3]
>>> https://repository.apache.org/content/repositories/orgapachebeam-1096/
>>> [4]
>>> https://github.com/apache/beam/commit/7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230
>>>
>>

Re: [VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288

[Luke Cwik]

+1 (binding)
Verified signatures
Verified that there are no conscrypt classes in jar
Verified pom.xml has runtime dependency on conscrypt

On Tue, Mar 3, 2020 at 10:35 AM Jean-Baptiste Onofré 
wrote:

> +1 (binding)
>
> Regards
> JB
>
> Le mar. 3 mars 2020 ? 19:31, Luke Cwik  a ?crit :
>
>> Please review the release of the following artifacts that we vendor:
>>  * beam-vendor-grpc-1_26_0
>>
>> Hi everyone,
>> Please review and vote on the release candidate #1 for the version 0.3,
>> as follows:
>> [ ] +1, Approve the release
>> [ ] -1, Do not approve the release (please provide specific comments)
>>
>>
>> The complete staging area is available for your review, which includes:
>> * the official Apache source release to be deployed to dist.apache.org [1],
>> which is signed with the key with
>> fingerprint EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
>> * all artifacts to be deployed to the Maven Central Repository [3],
>> * commit hash "7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230" [4],
>>
>> The vote will be open for at least 72 hours. It is adopted by majority
>> approval, with at least 3 PMC affirmative votes.
>>
>> Thanks,
>> Release Manager
>>
>> [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
>> [2] https://dist.apache.org/repos/dist/release/beam/KEYS
>> [3]
>> https://repository.apache.org/content/repositories/orgapachebeam-1096/
>> [4]
>> https://github.com/apache/beam/commit/7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230
>>
>

Re: [VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288

[Jean-Baptiste Onofré]

+1 (binding)RegardsJBLe mar. 3 mars 2020 ? 19:31, Luke Cwik  a ?crit :Please review the release of the following artifacts that we vendor: * beam-vendor-grpc-1_26_0Hi everyone,Please review and vote on the release candidate #1 for the version 0.3, as follows:[ ] +1, Approve the release[ ] -1, Do not approve the release (please provide specific comments)The complete staging area is available for your review, which includes:* the official Apache source release to be deployed to dist.apache.org [1], which is signed with the key with fingerprint EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],* all artifacts to be deployed to the Maven Central Repository [3],* commit hash "7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230" [4],The vote will be open for at least 72 hours. It is adopted by majority approval, with at least 3 PMC affirmative votes.Thanks,Release Manager[1] https://dist.apache.org/repos/dist/dev/beam/vendor/[2] https://dist.apache.org/repos/dist/release/beam/KEYS[3] https://repository.apache.org/content/repositories/orgapachebeam-1096/[4] https://github.com/apache/beam/commit/7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230

[VOTE] Vendored Dependencies Release gRPC 1.26.0 v0.3 for BEAM-9288

[Luke Cwik]

Please review the release of the following artifacts that we vendor:
 * beam-vendor-grpc-1_26_0

Hi everyone,
Please review and vote on the release candidate #1 for the version 0.3, as
follows:
[ ] +1, Approve the release
[ ] -1, Do not approve the release (please provide specific comments)


The complete staging area is available for your review, which includes:
* the official Apache source release to be deployed to dist.apache.org [1],
which is signed with the key with
fingerprint EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
* all artifacts to be deployed to the Maven Central Repository [3],
* commit hash "7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230" [4],

The vote will be open for at least 72 hours. It is adopted by majority
approval, with at least 3 PMC affirmative votes.

Thanks,
Release Manager

[1] https://dist.apache.org/repos/dist/dev/beam/vendor/
[2] https://dist.apache.org/repos/dist/release/beam/KEYS
[3] https://repository.apache.org/content/repositories/orgapachebeam-1096/
[4]
https://github.com/apache/beam/commit/7df0d6cda0b1e1d5d360ea68c9ee01ca35acc230