[RESULT][VOTE] Release Apache Maven 3.9.5

[Tamás Cservenák]

Howdy,

The vote has passed with the following result:

+1: Michael, Karl-Heinz, Slawomir, Arnaud, Herve, Sylwester
+1nb: Romain, Henning

PMC quorum: reached

I will promote the source release zip file to the Apache distribution area
and the artifacts to the central repo.

T

Re: [VOTE] Release Apache Maven 3.9.5

[Tamás Cservenák]

Howdy,

Thanks Herve, but Karl was talking about SHA512 checksums, albeit unclear
is it bin or src...
And the signature probably changed probably due TS
(as what was signed and by whom was signed was byte-wise same, only when
was signed differs)

T

On Wed, Oct 4, 2023 at 8:10 AM Hervé Boutemy  wrote:

> I updated my svn and ran:
>
> for f in *
> do
>   rm $f
>   wget
> https://repository.apache.org/content/repositories/maven-1996/org/apache/maven/apache-maven/3.9.5/$f
> done
>
> both in source and binaries: this resulted in .asc change in source only,
> everything else was ok
>
> I committed the update
>
> now we have:
> ❯ svn log
> 
> r64327 | hboutemy | 2023-10-03 23:37:28 +0200 (Tue, 03 Oct 2023) | 1 line
>
> update signature with new staging content
> 
> r64300 | cstamas | 2023-10-02 20:06:52 +0200 (Mon, 02 Oct 2023) | 2 lines
>
> Updated Maven 3.9.5 bin bundles
>
> 
> r64283 | cstamas | 2023-10-01 20:44:52 +0200 (Sun, 01 Oct 2023) | 3 lines
>
> Apache Maven 3.9.5
>
> Regards,
>
> Hervé
>
> Le mardi 3 octobre 2023, 23:23:06 CEST Tamás Cservenák a écrit :
> > Karl,
> >
> > Are you sure your SVN checkout is up to date?
> > As I did change archives along with signatures and checksums, and they
> > should be OK
> >
> > This is the commit email of my change:
> > https://lists.apache.org/thread/7wn1sgd7hbcndtgypvjz4qzx0d2brobx
> >
> > Can someone else verify this?
> >
> > Thanks
> > T
> >
> > On Tue, Oct 3, 2023 at 1:05 PM Karl Heinz Marbaise 
> >
> > wrote:
> > > Hi,
> > >
> > > the permissions in the .tar.gz archive are Ok now.
> > >
> > > Please update the SHA512 because it's the previous one..(I've checked
> > > the .tar.gz) but I assume that the SHA512 for the -bin.zip has changed
> > > also)...
> > >
> > > https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/binaries/
> > >
> > > Kind regards
> > > Karl Heinz Marbaise
> > >
> > > On 02.10.23 11:10, Tamás Cservenák wrote:
> > > > Bah,
> > > >
> > > > This is the same problem as before... but originally it happened on
> my
> > > > desktop. This time the release was done from my laptop :(
> > > >
> > > > I believe the fix is the same as before: I should rebuild from the
> tag,
> > > > after I fixed my local repository, as source bundles we vote on are
> > > > unchanged...
> > > >
> > > > T
> > > >
> > > >
> > > > On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy 
> > >
> > > wrote:
> > > >> thinking twice, I need to change to -1: this may impact users that
> > >
> > > expect
> > >
> > > >> to use the group permissions to use Maven binaries
> > > >>
> > > >> sorry
> > > >> I don't know what tests you are doing with permissions on your
> > > >> environment, but these tests leak releases :(
> > > >>
> > > >> Regards,
> > > >>
> > > >> Hervé
> > > >>
> > > >> On 2023/10/02 07:11:02 Herve Boutemy wrote:
> > > >>> +1
> > > >>>
> > > >>> but Reproducible not fully ok: reference build done with JDK 17 on
> > > >>> *nix
> > > >>
> > > >> and umask 022
> > > >>
> > > >>> apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask
> (go-r)
> > >
> > > on
> > >
> > > >> wagon jars:
> > > >>> $ diffoscope
> > > >>
> > > >> target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > >> apache-maven/target/apache-maven-3.9.5-bin.zip
> > > >>
> > > >>> --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > >>> +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> > > >>> │┄ Archive contents identical but files differ, possibly due to
> > > >>
> > > >> different compression levels. Falling back to binary comparison.
> > > >>
> > > >>> ├── zipinfo {}
> > > >>> │ @@ -81,21 +81,21 @@
> > > >>> │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38
> > > >>
> > > >> apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> > > >>
> > > >>> │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38
> > > >>
> > > >> apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> > > >>
> > > >>> │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38
> > > >>
> > > >> apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> > > >>
> > > >>> │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38
> > > >>
> > > >> apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> > > >>
> > > >>> │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38
> > > >>
> > > >> apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> > > >>
> > > >>> │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38
> > > >>
> > > >> apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> > > >>
> > > >>> │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38
> > > >>
> > > >> apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> > > >>
> > > >>> │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38
> > > >>
> > > >> 

Re: [VOTE] Release Apache Maven 3.9.5

[Hervé Boutemy]

I updated my svn and ran:

for f in *
do
  rm $f
  wget 
https://repository.apache.org/content/repositories/maven-1996/org/apache/maven/apache-maven/3.9.5/$f
 
done

both in source and binaries: this resulted in .asc change in source only, 
everything else was ok

I committed the update

now we have:
❯ svn log

r64327 | hboutemy | 2023-10-03 23:37:28 +0200 (Tue, 03 Oct 2023) | 1 line

update signature with new staging content

r64300 | cstamas | 2023-10-02 20:06:52 +0200 (Mon, 02 Oct 2023) | 2 lines

Updated Maven 3.9.5 bin bundles


r64283 | cstamas | 2023-10-01 20:44:52 +0200 (Sun, 01 Oct 2023) | 3 lines

Apache Maven 3.9.5

Regards,

Hervé

Le mardi 3 octobre 2023, 23:23:06 CEST Tamás Cservenák a écrit :
> Karl,
> 
> Are you sure your SVN checkout is up to date?
> As I did change archives along with signatures and checksums, and they
> should be OK
> 
> This is the commit email of my change:
> https://lists.apache.org/thread/7wn1sgd7hbcndtgypvjz4qzx0d2brobx
> 
> Can someone else verify this?
> 
> Thanks
> T
> 
> On Tue, Oct 3, 2023 at 1:05 PM Karl Heinz Marbaise 
> 
> wrote:
> > Hi,
> > 
> > the permissions in the .tar.gz archive are Ok now.
> > 
> > Please update the SHA512 because it's the previous one..(I've checked
> > the .tar.gz) but I assume that the SHA512 for the -bin.zip has changed
> > also)...
> > 
> > https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/binaries/
> > 
> > Kind regards
> > Karl Heinz Marbaise
> > 
> > On 02.10.23 11:10, Tamás Cservenák wrote:
> > > Bah,
> > > 
> > > This is the same problem as before... but originally it happened on my
> > > desktop. This time the release was done from my laptop :(
> > > 
> > > I believe the fix is the same as before: I should rebuild from the tag,
> > > after I fixed my local repository, as source bundles we vote on are
> > > unchanged...
> > > 
> > > T
> > > 
> > > 
> > > On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy 
> > 
> > wrote:
> > >> thinking twice, I need to change to -1: this may impact users that
> > 
> > expect
> > 
> > >> to use the group permissions to use Maven binaries
> > >> 
> > >> sorry
> > >> I don't know what tests you are doing with permissions on your
> > >> environment, but these tests leak releases :(
> > >> 
> > >> Regards,
> > >> 
> > >> Hervé
> > >> 
> > >> On 2023/10/02 07:11:02 Herve Boutemy wrote:
> > >>> +1
> > >>> 
> > >>> but Reproducible not fully ok: reference build done with JDK 17 on
> > >>> *nix
> > >> 
> > >> and umask 022
> > >> 
> > >>> apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask (go-r)
> > 
> > on
> > 
> > >> wagon jars:
> > >>> $ diffoscope
> > >> 
> > >> target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > >> apache-maven/target/apache-maven-3.9.5-bin.zip
> > >> 
> > >>> --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > >>> +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> > >>> │┄ Archive contents identical but files differ, possibly due to
> > >> 
> > >> different compression levels. Falling back to binary comparison.
> > >> 
> > >>> ├── zipinfo {}
> > >>> │ @@ -81,21 +81,21 @@
> > >>> │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> > >> 
> > >>> │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> > >> 
> > >>> │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> > >> 
> > >>> │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> > >> 
> > >>> │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> > >> 
> > >>> │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> > >> 
> > >>> │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> > >> 
> > >>> │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > >> 
> > >>> │ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > >> 
> > >>> │  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
> > >> 
> > >>> │  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
> > >> 
> > >>> │ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > >> 
> > >> apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > 

Re: [VOTE] Release Apache Maven 3.9.5

[Sylwester Lachiewicz]

+1

pon., 2 paź 2023, 23:50 użytkownik Herve Boutemy 
napisał:

> +1
>
> Reproducible Builds now ok: reference build done with JDK 17 on *nix and
> umask 022
>
> and dist area in sync
>
> thank you
>
> Hervé
>
> On 2023/10/02 17:37:26 Tamás Cservenák wrote:
> > Howdy,
> >
> > The vote continues, as Herve -1 was ONLY about binaries, while the vote
> is
> > about source bundles.
> >
> > The "take two" repository staged:
> > https://repository.apache.org/content/repositories/maven-1996/
> >
> > That repositository is identical to maven-1995, ONLY changes are the
> fixed
> > binaries (hence, source bundles are unchanged byte-wise, as SHA512 and
> > other hashes show).
> >
> > Thanks
> > T
> >
> >
> > On Mon, Oct 2, 2023 at 2:18 PM Hervé Boutemy 
> wrote:
> >
> > > yes, you can drop the staging repository and re-deploy: only the 2 -bin
> > > archives will be different
> > >
> > > Regards
> > >
> > > Hervé
> > >
> > > Le lundi 2 octobre 2023, 11:10:36 CEST Tamás Cservenák a écrit :
> > > > Bah,
> > > >
> > > > This is the same problem as before... but originally it happened on
> my
> > > > desktop. This time the release was done from my laptop :(
> > > >
> > > > I believe the fix is the same as before: I should rebuild from the
> tag,
> > > > after I fixed my local repository, as source bundles we vote on are
> > > > unchanged...
> > > >
> > > > T
> > > >
> > > > On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy 
> > > wrote:
> > > > > thinking twice, I need to change to -1: this may impact users that
> > > expect
> > > > > to use the group permissions to use Maven binaries
> > > > >
> > > > > sorry
> > > > > I don't know what tests you are doing with permissions on your
> > > > > environment, but these tests leak releases :(
> > > > >
> > > > > Regards,
> > > > >
> > > > > Hervé
> > > > >
> > > > > On 2023/10/02 07:11:02 Herve Boutemy wrote:
> > > > > > +1
> > > > > >
> > > > > > but Reproducible not fully ok: reference build done with JDK 17
> on
> > > *nix
> > > > >
> > > > > and umask 022
> > > > >
> > > > > > apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask
> > > (go-r) on
> > > > >
> > > > > wagon jars:
> > > > > > $ diffoscope
> > > > >
> > > > > target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > > > apache-maven/target/apache-maven-3.9.5-bin.zip
> > > > >
> > > > > > --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > > > > +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> > > > > > │┄ Archive contents identical but files differ, possibly due to
> > > > >
> > > > > different compression levels. Falling back to binary comparison.
> > > > >
> > > > > > ├── zipinfo {}
> > > > > > │ @@ -81,21 +81,21 @@
> > > > > > │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> > > > >
> > > > > > │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > > > >
> > > > > > │ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
> > > > >
> > > > > > │ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > > > >
> > > > > > │ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > > > >
> > > > > > │ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > > > >
> > > > > > │ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> > > > >
> > > > > > │ +-rw-r--r--  2.0 unx 9405 b- defN 

Re: [VOTE] Release Apache Maven 3.9.5

[Tamás Cservenák]

Karl,

Are you sure your SVN checkout is up to date?
As I did change archives along with signatures and checksums, and they
should be OK

This is the commit email of my change:
https://lists.apache.org/thread/7wn1sgd7hbcndtgypvjz4qzx0d2brobx

Can someone else verify this?

Thanks
T

On Tue, Oct 3, 2023 at 1:05 PM Karl Heinz Marbaise 
wrote:

> Hi,
>
> the permissions in the .tar.gz archive are Ok now.
>
> Please update the SHA512 because it's the previous one..(I've checked
> the .tar.gz) but I assume that the SHA512 for the -bin.zip has changed
> also)...
>
> https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/binaries/
>
> Kind regards
> Karl Heinz Marbaise
> On 02.10.23 11:10, Tamás Cservenák wrote:
> > Bah,
> >
> > This is the same problem as before... but originally it happened on my
> > desktop. This time the release was done from my laptop :(
> >
> > I believe the fix is the same as before: I should rebuild from the tag,
> > after I fixed my local repository, as source bundles we vote on are
> > unchanged...
> >
> > T
> >
> >
> > On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy 
> wrote:
> >
> >> thinking twice, I need to change to -1: this may impact users that
> expect
> >> to use the group permissions to use Maven binaries
> >>
> >> sorry
> >> I don't know what tests you are doing with permissions on your
> >> environment, but these tests leak releases :(
> >>
> >> Regards,
> >>
> >> Hervé
> >>
> >> On 2023/10/02 07:11:02 Herve Boutemy wrote:
> >>> +1
> >>>
> >>> but Reproducible not fully ok: reference build done with JDK 17 on *nix
> >> and umask 022
> >>> apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask (go-r)
> on
> >> wagon jars:
> >>>
> >>> $ diffoscope
> >> target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> >> apache-maven/target/apache-maven-3.9.5-bin.zip
> >>> --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> >>> +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> >>> │┄ Archive contents identical but files differ, possibly due to
> >> different compression levels. Falling back to binary comparison.
> >>> ├── zipinfo {}
> >>> │ @@ -81,21 +81,21 @@
> >>> │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> >>> │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> >>> │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> >>> │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> >>> │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> >>> │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> >>> │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> >>> │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> >>> │ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> >>> │  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
> >>> │  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
> >>> │ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> >>> │ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> >>> │ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> >>> │ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> >>> │ +-rw-r--r--  2.0 unx 9405 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> >>> │ +-rw-r--r--  2.0 unx40832 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> >>> │ +-rw-r--r--  2.0 unx   785639 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> >>> │ +-rw-r--r--  2.0 unx11350 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> >>> │  -rw-r--r--  2.0 unx16555 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/jcl-over-slf4j-1.7.36.jar
> >>> │  -rw-r--r--  2.0 unx40277 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/maven-resolver-connector-basic-1.9.16.jar
> >>> │  -rw-r--r--  2.0 unx16249 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/maven-resolver-transport-file-1.9.16.jar
> >>> │  -rw-r--r--  2.0 unx55689 b- defN 23-Oct-01 18:38
> >> apache-maven-3.9.5/lib/maven-resolver-transport-http-1.9.16.jar
> >>> │  -rw-r--r--  2.0 unx   327891 b- defN 23-Oct-01 18:38
> >> 

Re: [VOTE] Release Apache Maven 3.9.5

[Karl Heinz Marbaise]

Hi,

the permissions in the .tar.gz archive are Ok now.

Please update the SHA512 because it's the previous one..(I've checked
the .tar.gz) but I assume that the SHA512 for the -bin.zip has changed
also)...

https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/binaries/

Kind regards
Karl Heinz Marbaise
On 02.10.23 11:10, Tamás Cservenák wrote:

Bah,

This is the same problem as before... but originally it happened on my
desktop. This time the release was done from my laptop :(

I believe the fix is the same as before: I should rebuild from the tag,
after I fixed my local repository, as source bundles we vote on are
unchanged...

T


On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy  wrote:


thinking twice, I need to change to -1: this may impact users that expect
to use the group permissions to use Maven binaries

sorry
I don't know what tests you are doing with permissions on your
environment, but these tests leak releases :(

Regards,

Hervé

On 2023/10/02 07:11:02 Herve Boutemy wrote:

+1

but Reproducible not fully ok: reference build done with JDK 17 on *nix

and umask 022

apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask (go-r) on

wagon jars:


$ diffoscope

target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
apache-maven/target/apache-maven-3.9.5-bin.zip

--- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
+++ apache-maven/target/apache-maven-3.9.5-bin.zip
│┄ Archive contents identical but files differ, possibly due to

different compression levels. Falling back to binary comparison.

├── zipinfo {}
│ @@ -81,21 +81,21 @@
│  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar

│  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar

│  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar

│  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar

│  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar

│  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar

│  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/maven-compat-3.9.5.jar

│ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar

│ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar

│  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar

│  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/commons-cli-1.5.0.jar

│ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/wagon-http-3.5.3.jar

│ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar

│ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/httpclient-4.5.14.jar

│ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/wagon-file-3.5.3.jar

│ +-rw-r--r--  2.0 unx 9405 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/wagon-http-3.5.3.jar

│ +-rw-r--r--  2.0 unx40832 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar

│ +-rw-r--r--  2.0 unx   785639 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/httpclient-4.5.14.jar

│ +-rw-r--r--  2.0 unx11350 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/wagon-file-3.5.3.jar

│  -rw-r--r--  2.0 unx16555 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/jcl-over-slf4j-1.7.36.jar

│  -rw-r--r--  2.0 unx40277 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/maven-resolver-connector-basic-1.9.16.jar

│  -rw-r--r--  2.0 unx16249 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/maven-resolver-transport-file-1.9.16.jar

│  -rw-r--r--  2.0 unx55689 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/maven-resolver-transport-http-1.9.16.jar

│  -rw-r--r--  2.0 unx   327891 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/httpcore-4.4.16.jar

│  -rw-r--r--  2.0 unx   360738 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/commons-codec-1.16.0.jar

│  -rw-r--r--  2.0 unx32488 b- defN 23-Oct-01 18:38

apache-maven-3.9.5/lib/maven-resolver-transport-wagon-1.9.16.jar

│   --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip

Regards,

Hervé


On 2023/10/01 19:07:05 Tamás Cservenák wrote:

Howdy,

Note: This release completes the main goals of Maven 3.9.x lineage,

among

others moving to Java 8 and transition to latest Resolver 1.9.x

features

(new robust transports, local repository locking, provided checksums,
remote repository filtering and more). Maven Resolver 1.9.x lineage is
already in "bugfix only" (no new features) maintenance mode, and this

makes

Maven 3.9.x lineage 

Re: [VOTE] Release Apache Maven 3.9.5

[Olivier Lamy]

+1
tested with various projects no issue found.
thanks!

On Mon, 2 Oct 2023 at 05:07, Tamás Cservenák  wrote:
>
> Howdy,
>
> Note: This release completes the main goals of Maven 3.9.x lineage, among
> others moving to Java 8 and transition to latest Resolver 1.9.x features
> (new robust transports, local repository locking, provided checksums,
> remote repository filtering and more). Maven Resolver 1.9.x lineage is
> already in "bugfix only" (no new features) maintenance mode, and this makes
> Maven 3.9.x lineage getting into this maintenance mode as well. I do
> foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
> lifecycle plugin updates), but the focus should move to upcoming Maven 4,
> Resolver 2 and mvnd (at least when "core" is considered).
>
> ---
>
> We solved 8 issues:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460
>
> There are still a couple of issues left in JIRA:
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved
>
> Staging repo:
> https://repository.apache.org/content/repositories/maven-1995
>
> Dev dist directory (binary bundles updated):
> https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/
>
> Source release checksums:
> apache-maven-3.9.5-src.zip sha512:
> f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f
>
> apache-maven-3.9.5-src.tar.gz sha512:
> fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e
>
> Staged site:
> https://maven.apache.org/ref/3-LATEST/
>
> Draft for release notes:
> https://github.com/apache/maven-site/pull/458
>
> Guide to testing staged releases:
> http://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72h
>
> [ ] +1
> [ ] +0
> [ ] -1

-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Re: [VOTE] Release Apache Maven 3.9.5

[Henning Schmiedehausen]

+1

Eyeballed it and did some basic testing on MacOS. All seems good here.

-h


On Sun, Oct 1, 2023 at 12:07 PM Tamás Cservenák  wrote:

> Howdy,
>
> Note: This release completes the main goals of Maven 3.9.x lineage, among
> others moving to Java 8 and transition to latest Resolver 1.9.x features
> (new robust transports, local repository locking, provided checksums,
> remote repository filtering and more). Maven Resolver 1.9.x lineage is
> already in "bugfix only" (no new features) maintenance mode, and this makes
> Maven 3.9.x lineage getting into this maintenance mode as well. I do
> foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
> lifecycle plugin updates), but the focus should move to upcoming Maven 4,
> Resolver 2 and mvnd (at least when "core" is considered).
>
> ---
>
> We solved 8 issues:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460
>
> There are still a couple of issues left in JIRA:
>
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved
>
> Staging repo:
> https://repository.apache.org/content/repositories/maven-1995
>
> Dev dist directory (binary bundles updated):
> https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/
>
> Source release checksums:
> apache-maven-3.9.5-src.zip sha512:
>
> f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f
>
> apache-maven-3.9.5-src.tar.gz sha512:
>
> fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e
>
> Staged site:
> https://maven.apache.org/ref/3-LATEST/
>
> Draft for release notes:
> https://github.com/apache/maven-site/pull/458
>
> Guide to testing staged releases:
> http://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72h
>
> [ ] +1
> [ ] +0
> [ ] -1
>

Re: [VOTE] Release Apache Maven 3.9.5

[Herve Boutemy]

+1

Reproducible Builds now ok: reference build done with JDK 17 on *nix and umask 
022

and dist area in sync

thank you

Hervé

On 2023/10/02 17:37:26 Tamás Cservenák wrote:
> Howdy,
> 
> The vote continues, as Herve -1 was ONLY about binaries, while the vote is
> about source bundles.
> 
> The "take two" repository staged:
> https://repository.apache.org/content/repositories/maven-1996/
> 
> That repositository is identical to maven-1995, ONLY changes are the fixed
> binaries (hence, source bundles are unchanged byte-wise, as SHA512 and
> other hashes show).
> 
> Thanks
> T
> 
> 
> On Mon, Oct 2, 2023 at 2:18 PM Hervé Boutemy  wrote:
> 
> > yes, you can drop the staging repository and re-deploy: only the 2 -bin
> > archives will be different
> >
> > Regards
> >
> > Hervé
> >
> > Le lundi 2 octobre 2023, 11:10:36 CEST Tamás Cservenák a écrit :
> > > Bah,
> > >
> > > This is the same problem as before... but originally it happened on my
> > > desktop. This time the release was done from my laptop :(
> > >
> > > I believe the fix is the same as before: I should rebuild from the tag,
> > > after I fixed my local repository, as source bundles we vote on are
> > > unchanged...
> > >
> > > T
> > >
> > > On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy 
> > wrote:
> > > > thinking twice, I need to change to -1: this may impact users that
> > expect
> > > > to use the group permissions to use Maven binaries
> > > >
> > > > sorry
> > > > I don't know what tests you are doing with permissions on your
> > > > environment, but these tests leak releases :(
> > > >
> > > > Regards,
> > > >
> > > > Hervé
> > > >
> > > > On 2023/10/02 07:11:02 Herve Boutemy wrote:
> > > > > +1
> > > > >
> > > > > but Reproducible not fully ok: reference build done with JDK 17 on
> > *nix
> > > >
> > > > and umask 022
> > > >
> > > > > apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask
> > (go-r) on
> > > >
> > > > wagon jars:
> > > > > $ diffoscope
> > > >
> > > > target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > > apache-maven/target/apache-maven-3.9.5-bin.zip
> > > >
> > > > > --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > > > +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> > > > > │┄ Archive contents identical but files differ, possibly due to
> > > >
> > > > different compression levels. Falling back to binary comparison.
> > > >
> > > > > ├── zipinfo {}
> > > > > │ @@ -81,21 +81,21 @@
> > > > > │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> > > >
> > > > > │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > > >
> > > > > │ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
> > > >
> > > > > │ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > > >
> > > > > │ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > > >
> > > > > │ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > > >
> > > > > │ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> > > >
> > > > > │ +-rw-r--r--  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > > >
> > > > > │ +-rw-r--r--  2.0 unx40832 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > > >
> > > > > │ +-rw-r--r--  2.0 unx   785639 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > > >
> 

Re: [VOTE] Release Apache Maven 3.9.5

[Arnaud Héritier]

+1

On Mon, Oct 2, 2023 at 8:03 PM Slawomir Jaranowski 
wrote:

> +1
>
> Now permissions in binary distributions look ok.
> Please also update in dist/dev
>
> pon., 2 paź 2023 o 19:38 Tamás Cservenák  napisał(a):
>
> > Howdy,
> >
> > The vote continues, as Herve -1 was ONLY about binaries, while the vote
> is
> > about source bundles.
> >
> > The "take two" repository staged:
> > https://repository.apache.org/content/repositories/maven-1996/
> >
> > That repositository is identical to maven-1995, ONLY changes are the
> fixed
> > binaries (hence, source bundles are unchanged byte-wise, as SHA512 and
> > other hashes show).
> >
> > Thanks
> > T
> >
> >
> > On Mon, Oct 2, 2023 at 2:18 PM Hervé Boutemy 
> > wrote:
> >
> > > yes, you can drop the staging repository and re-deploy: only the 2 -bin
> > > archives will be different
> > >
> > > Regards
> > >
> > > Hervé
> > >
> > > Le lundi 2 octobre 2023, 11:10:36 CEST Tamás Cservenák a écrit :
> > > > Bah,
> > > >
> > > > This is the same problem as before... but originally it happened on
> my
> > > > desktop. This time the release was done from my laptop :(
> > > >
> > > > I believe the fix is the same as before: I should rebuild from the
> tag,
> > > > after I fixed my local repository, as source bundles we vote on are
> > > > unchanged...
> > > >
> > > > T
> > > >
> > > > On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy 
> > > wrote:
> > > > > thinking twice, I need to change to -1: this may impact users that
> > > expect
> > > > > to use the group permissions to use Maven binaries
> > > > >
> > > > > sorry
> > > > > I don't know what tests you are doing with permissions on your
> > > > > environment, but these tests leak releases :(
> > > > >
> > > > > Regards,
> > > > >
> > > > > Hervé
> > > > >
> > > > > On 2023/10/02 07:11:02 Herve Boutemy wrote:
> > > > > > +1
> > > > > >
> > > > > > but Reproducible not fully ok: reference build done with JDK 17
> on
> > > *nix
> > > > >
> > > > > and umask 022
> > > > >
> > > > > > apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask
> > > (go-r) on
> > > > >
> > > > > wagon jars:
> > > > > > $ diffoscope
> > > > >
> > > > > target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > > > apache-maven/target/apache-maven-3.9.5-bin.zip
> > > > >
> > > > > > --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > > > > +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> > > > > > │┄ Archive contents identical but files differ, possibly due to
> > > > >
> > > > > different compression levels. Falling back to binary comparison.
> > > > >
> > > > > > ├── zipinfo {}
> > > > > > │ @@ -81,21 +81,21 @@
> > > > > > │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> > > > >
> > > > > > │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > > > >
> > > > > > │ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
> > > > >
> > > > > > │  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
> > > > >
> > > > > > │ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > > > >
> > > > > > │ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > > > >
> > > > > > │ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > > > >
> > > > > > │ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38
> > > > >
> > > > > apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> > > > >
> > > > > > │ +-rw-r--r--  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > > > >
> > > > > 

Re: [VOTE] Release Apache Maven 3.9.5

[Slawomir Jaranowski]

+1

Now permissions in binary distributions look ok.
Please also update in dist/dev

pon., 2 paź 2023 o 19:38 Tamás Cservenák  napisał(a):

> Howdy,
>
> The vote continues, as Herve -1 was ONLY about binaries, while the vote is
> about source bundles.
>
> The "take two" repository staged:
> https://repository.apache.org/content/repositories/maven-1996/
>
> That repositository is identical to maven-1995, ONLY changes are the fixed
> binaries (hence, source bundles are unchanged byte-wise, as SHA512 and
> other hashes show).
>
> Thanks
> T
>
>
> On Mon, Oct 2, 2023 at 2:18 PM Hervé Boutemy 
> wrote:
>
> > yes, you can drop the staging repository and re-deploy: only the 2 -bin
> > archives will be different
> >
> > Regards
> >
> > Hervé
> >
> > Le lundi 2 octobre 2023, 11:10:36 CEST Tamás Cservenák a écrit :
> > > Bah,
> > >
> > > This is the same problem as before... but originally it happened on my
> > > desktop. This time the release was done from my laptop :(
> > >
> > > I believe the fix is the same as before: I should rebuild from the tag,
> > > after I fixed my local repository, as source bundles we vote on are
> > > unchanged...
> > >
> > > T
> > >
> > > On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy 
> > wrote:
> > > > thinking twice, I need to change to -1: this may impact users that
> > expect
> > > > to use the group permissions to use Maven binaries
> > > >
> > > > sorry
> > > > I don't know what tests you are doing with permissions on your
> > > > environment, but these tests leak releases :(
> > > >
> > > > Regards,
> > > >
> > > > Hervé
> > > >
> > > > On 2023/10/02 07:11:02 Herve Boutemy wrote:
> > > > > +1
> > > > >
> > > > > but Reproducible not fully ok: reference build done with JDK 17 on
> > *nix
> > > >
> > > > and umask 022
> > > >
> > > > > apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask
> > (go-r) on
> > > >
> > > > wagon jars:
> > > > > $ diffoscope
> > > >
> > > > target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > > apache-maven/target/apache-maven-3.9.5-bin.zip
> > > >
> > > > > --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > > > +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> > > > > │┄ Archive contents identical but files differ, possibly due to
> > > >
> > > > different compression levels. Falling back to binary comparison.
> > > >
> > > > > ├── zipinfo {}
> > > > > │ @@ -81,21 +81,21 @@
> > > > > │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> > > >
> > > > > │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > > >
> > > > > │ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
> > > >
> > > > > │  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
> > > >
> > > > > │ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > > >
> > > > > │ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > > >
> > > > > │ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > > >
> > > > > │ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> > > >
> > > > > │ +-rw-r--r--  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > > >
> > > > > │ +-rw-r--r--  2.0 unx40832 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > > >
> > > > > │ +-rw-r--r--  2.0 unx   785639 b- defN 23-Oct-01 18:38
> > > >
> > > > apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > > >
> > > > > │ +-rw-r--r--  2.0 unx11350 

Re: [VOTE] Release Apache Maven 3.9.5

[Tamás Cservenák]

Howdy,

The vote continues, as Herve -1 was ONLY about binaries, while the vote is
about source bundles.

The "take two" repository staged:
https://repository.apache.org/content/repositories/maven-1996/

That repositository is identical to maven-1995, ONLY changes are the fixed
binaries (hence, source bundles are unchanged byte-wise, as SHA512 and
other hashes show).

Thanks
T


On Mon, Oct 2, 2023 at 2:18 PM Hervé Boutemy  wrote:

> yes, you can drop the staging repository and re-deploy: only the 2 -bin
> archives will be different
>
> Regards
>
> Hervé
>
> Le lundi 2 octobre 2023, 11:10:36 CEST Tamás Cservenák a écrit :
> > Bah,
> >
> > This is the same problem as before... but originally it happened on my
> > desktop. This time the release was done from my laptop :(
> >
> > I believe the fix is the same as before: I should rebuild from the tag,
> > after I fixed my local repository, as source bundles we vote on are
> > unchanged...
> >
> > T
> >
> > On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy 
> wrote:
> > > thinking twice, I need to change to -1: this may impact users that
> expect
> > > to use the group permissions to use Maven binaries
> > >
> > > sorry
> > > I don't know what tests you are doing with permissions on your
> > > environment, but these tests leak releases :(
> > >
> > > Regards,
> > >
> > > Hervé
> > >
> > > On 2023/10/02 07:11:02 Herve Boutemy wrote:
> > > > +1
> > > >
> > > > but Reproducible not fully ok: reference build done with JDK 17 on
> *nix
> > >
> > > and umask 022
> > >
> > > > apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask
> (go-r) on
> > >
> > > wagon jars:
> > > > $ diffoscope
> > >
> > > target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > apache-maven/target/apache-maven-3.9.5-bin.zip
> > >
> > > > --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > > +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> > > > │┄ Archive contents identical but files differ, possibly due to
> > >
> > > different compression levels. Falling back to binary comparison.
> > >
> > > > ├── zipinfo {}
> > > > │ @@ -81,21 +81,21 @@
> > > > │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> > >
> > > > │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> > >
> > > > │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> > >
> > > > │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> > >
> > > > │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> > >
> > > > │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> > >
> > > > │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> > >
> > > > │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > >
> > > > │ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > >
> > > > │  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
> > >
> > > > │  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
> > >
> > > > │ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > >
> > > > │ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > >
> > > > │ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > >
> > > > │ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> > >
> > > > │ +-rw-r--r--  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > >
> > > > │ +-rw-r--r--  2.0 unx40832 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > >
> > > > │ +-rw-r--r--  2.0 unx   785639 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > >
> > > > │ +-rw-r--r--  2.0 unx11350 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> > >
> > > > │  -rw-r--r--  2.0 unx16555 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/jcl-over-slf4j-1.7.36.jar
> > >
> > > > │  -rw-r--r--  2.0 unx40277 b- defN 23-Oct-01 18:38
> > >
> > > apache-maven-3.9.5/lib/maven-resolver-connector-basic-1.9.16.jar
> > >
> > > > │  -rw-r--r--  2.0 unx16249 b- defN 23-Oct-01 18:38
> > >

Re: [VOTE] Release Apache Maven 3.9.5

[Hervé Boutemy]

yes, you can drop the staging repository and re-deploy: only the 2 -bin 
archives will be different

Regards

Hervé

Le lundi 2 octobre 2023, 11:10:36 CEST Tamás Cservenák a écrit :
> Bah,
> 
> This is the same problem as before... but originally it happened on my
> desktop. This time the release was done from my laptop :(
> 
> I believe the fix is the same as before: I should rebuild from the tag,
> after I fixed my local repository, as source bundles we vote on are
> unchanged...
> 
> T
> 
> On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy  wrote:
> > thinking twice, I need to change to -1: this may impact users that expect
> > to use the group permissions to use Maven binaries
> > 
> > sorry
> > I don't know what tests you are doing with permissions on your
> > environment, but these tests leak releases :(
> > 
> > Regards,
> > 
> > Hervé
> > 
> > On 2023/10/02 07:11:02 Herve Boutemy wrote:
> > > +1
> > > 
> > > but Reproducible not fully ok: reference build done with JDK 17 on *nix
> > 
> > and umask 022
> > 
> > > apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask (go-r) on
> > 
> > wagon jars:
> > > $ diffoscope
> > 
> > target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > apache-maven/target/apache-maven-3.9.5-bin.zip
> > 
> > > --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > > +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> > > │┄ Archive contents identical but files differ, possibly due to
> > 
> > different compression levels. Falling back to binary comparison.
> > 
> > > ├── zipinfo {}
> > > │ @@ -81,21 +81,21 @@
> > > │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> > 
> > > │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> > 
> > > │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> > 
> > > │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> > 
> > > │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> > 
> > > │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> > 
> > > │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> > 
> > > │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > 
> > > │ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > 
> > > │  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
> > 
> > > │  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
> > 
> > > │ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > 
> > > │ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > 
> > > │ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > 
> > > │ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> > 
> > > │ +-rw-r--r--  2.0 unx 9405 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > 
> > > │ +-rw-r--r--  2.0 unx40832 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > 
> > > │ +-rw-r--r--  2.0 unx   785639 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > 
> > > │ +-rw-r--r--  2.0 unx11350 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> > 
> > > │  -rw-r--r--  2.0 unx16555 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/jcl-over-slf4j-1.7.36.jar
> > 
> > > │  -rw-r--r--  2.0 unx40277 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/maven-resolver-connector-basic-1.9.16.jar
> > 
> > > │  -rw-r--r--  2.0 unx16249 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/maven-resolver-transport-file-1.9.16.jar
> > 
> > > │  -rw-r--r--  2.0 unx55689 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/maven-resolver-transport-http-1.9.16.jar
> > 
> > > │  -rw-r--r--  2.0 unx   327891 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/httpcore-4.4.16.jar
> > 
> > > │  -rw-r--r--  2.0 unx   360738 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/commons-codec-1.16.0.jar
> > 
> > > │  -rw-r--r--  2.0 unx32488 b- defN 23-Oct-01 18:38
> > 
> > apache-maven-3.9.5/lib/maven-resolver-transport-wagon-1.9.16.jar
> > 
> > > │   --- 

Re: [VOTE] Release Apache Maven 3.9.5

[Karl Heinz Marbaise]

Hi,

+1 from me...

with the exceptions as Hervé mentioned (permissions on the wagon jars
and httpclient jar)... and the points Gary mentioned.

Kind regards
Karl Heinz Marbaise


On 01.10.23 21:07, Tamás Cservenák wrote:

Howdy,

Note: This release completes the main goals of Maven 3.9.x lineage, among
others moving to Java 8 and transition to latest Resolver 1.9.x features
(new robust transports, local repository locking, provided checksums,
remote repository filtering and more). Maven Resolver 1.9.x lineage is
already in "bugfix only" (no new features) maintenance mode, and this makes
Maven 3.9.x lineage getting into this maintenance mode as well. I do
foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
lifecycle plugin updates), but the focus should move to upcoming Maven 4,
Resolver 2 and mvnd (at least when "core" is considered).

---

We solved 8 issues:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460

There are still a couple of issues left in JIRA:
https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved

Staging repo:
https://repository.apache.org/content/repositories/maven-1995

Dev dist directory (binary bundles updated):
https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/

Source release checksums:
apache-maven-3.9.5-src.zip sha512:
f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f

apache-maven-3.9.5-src.tar.gz sha512:
fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e

Staged site:
https://maven.apache.org/ref/3-LATEST/

Draft for release notes:
https://github.com/apache/maven-site/pull/458

Guide to testing staged releases:
http://maven.apache.org/guides/development/guide-testing-releases.html

Vote open for 72h

[ ] +1
[ ] +0
[ ] -1




-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Re: [VOTE] Release Apache Maven 3.9.5

[Tamás Cservenák]

Bah,

This is the same problem as before... but originally it happened on my
desktop. This time the release was done from my laptop :(

I believe the fix is the same as before: I should rebuild from the tag,
after I fixed my local repository, as source bundles we vote on are
unchanged...

T


On Mon, Oct 2, 2023 at 9:14 AM Herve Boutemy  wrote:

> thinking twice, I need to change to -1: this may impact users that expect
> to use the group permissions to use Maven binaries
>
> sorry
> I don't know what tests you are doing with permissions on your
> environment, but these tests leak releases :(
>
> Regards,
>
> Hervé
>
> On 2023/10/02 07:11:02 Herve Boutemy wrote:
> > +1
> >
> > but Reproducible not fully ok: reference build done with JDK 17 on *nix
> and umask 022
> > apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask (go-r) on
> wagon jars:
> >
> > $ diffoscope
> target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> apache-maven/target/apache-maven-3.9.5-bin.zip
> > --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> > +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> > │┄ Archive contents identical but files differ, possibly due to
> different compression levels. Falling back to binary comparison.
> > ├── zipinfo {}
> > │ @@ -81,21 +81,21 @@
> > │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> > │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> > │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> > │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> > │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> > │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> > │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> > │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > │ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> > │  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
> > │  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
> > │ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > │ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > │ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > │ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> > │ +-rw-r--r--  2.0 unx 9405 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> > │ +-rw-r--r--  2.0 unx40832 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> > │ +-rw-r--r--  2.0 unx   785639 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> > │ +-rw-r--r--  2.0 unx11350 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> > │  -rw-r--r--  2.0 unx16555 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/jcl-over-slf4j-1.7.36.jar
> > │  -rw-r--r--  2.0 unx40277 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/maven-resolver-connector-basic-1.9.16.jar
> > │  -rw-r--r--  2.0 unx16249 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/maven-resolver-transport-file-1.9.16.jar
> > │  -rw-r--r--  2.0 unx55689 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/maven-resolver-transport-http-1.9.16.jar
> > │  -rw-r--r--  2.0 unx   327891 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/httpcore-4.4.16.jar
> > │  -rw-r--r--  2.0 unx   360738 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/commons-codec-1.16.0.jar
> > │  -rw-r--r--  2.0 unx32488 b- defN 23-Oct-01 18:38
> apache-maven-3.9.5/lib/maven-resolver-transport-wagon-1.9.16.jar
> > │   --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> >
> > Regards,
> >
> > Hervé
> >
> >
> > On 2023/10/01 19:07:05 Tamás Cservenák wrote:
> > > Howdy,
> > >
> > > Note: This release completes the main goals of Maven 3.9.x lineage,
> among
> > > others moving to Java 8 and transition to latest Resolver 1.9.x
> features
> > > (new robust transports, local repository locking, provided checksums,
> > > remote repository filtering and more). Maven Resolver 1.9.x lineage is
> > > already in "bugfix only" (no new features) maintenance mode, and this
> makes
> > > Maven 3.9.x lineage getting into this maintenance mode as well. I do
> > > foresee some more Maven 3.9.x releases with usual fluff (bug 

Re: [VOTE] Release Apache Maven 3.9.5

[Herve Boutemy]

thinking twice, I need to change to -1: this may impact users that expect to 
use the group permissions to use Maven binaries

sorry
I don't know what tests you are doing with permissions on your environment, but 
these tests leak releases :(

Regards,

Hervé

On 2023/10/02 07:11:02 Herve Boutemy wrote:
> +1
> 
> but Reproducible not fully ok: reference build done with JDK 17 on *nix and 
> umask 022
> apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask (go-r) on 
> wagon jars:
> 
> $ diffoscope target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip 
> apache-maven/target/apache-maven-3.9.5-bin.zip
> --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> +++ apache-maven/target/apache-maven-3.9.5-bin.zip
> │┄ Archive contents identical but files differ, possibly due to different 
> compression levels. Falling back to binary comparison.
> ├── zipinfo {}
> │ @@ -81,21 +81,21 @@
> │  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
> │  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
> │  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
> │  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
> │  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
> │  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
> │  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
> │ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> │ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
> │  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
> │  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
> │ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> │ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> │ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> │ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> │ +-rw-r--r--  2.0 unx 9405 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
> │ +-rw-r--r--  2.0 unx40832 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
> │ +-rw-r--r--  2.0 unx   785639 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/httpclient-4.5.14.jar
> │ +-rw-r--r--  2.0 unx11350 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
> │  -rw-r--r--  2.0 unx16555 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/jcl-over-slf4j-1.7.36.jar
> │  -rw-r--r--  2.0 unx40277 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/maven-resolver-connector-basic-1.9.16.jar
> │  -rw-r--r--  2.0 unx16249 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/maven-resolver-transport-file-1.9.16.jar
> │  -rw-r--r--  2.0 unx55689 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/maven-resolver-transport-http-1.9.16.jar
> │  -rw-r--r--  2.0 unx   327891 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/httpcore-4.4.16.jar
> │  -rw-r--r--  2.0 unx   360738 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/commons-codec-1.16.0.jar
> │  -rw-r--r--  2.0 unx32488 b- defN 23-Oct-01 18:38 
> apache-maven-3.9.5/lib/maven-resolver-transport-wagon-1.9.16.jar
> │   --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
> 
> Regards,
> 
> Hervé
> 
> 
> On 2023/10/01 19:07:05 Tamás Cservenák wrote:
> > Howdy,
> > 
> > Note: This release completes the main goals of Maven 3.9.x lineage, among
> > others moving to Java 8 and transition to latest Resolver 1.9.x features
> > (new robust transports, local repository locking, provided checksums,
> > remote repository filtering and more). Maven Resolver 1.9.x lineage is
> > already in "bugfix only" (no new features) maintenance mode, and this makes
> > Maven 3.9.x lineage getting into this maintenance mode as well. I do
> > foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
> > lifecycle plugin updates), but the focus should move to upcoming Maven 4,
> > Resolver 2 and mvnd (at least when "core" is considered).
> > 
> > ---
> > 
> > We solved 8 issues:
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460
> > 
> > There are still a couple of issues left in JIRA:
> > https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved
> > 

Re: [VOTE] Release Apache Maven 3.9.5

[Herve Boutemy]

+1

but Reproducible not fully ok: reference build done with JDK 17 on *nix and 
umask 022
apache-maven-3.9.5-bin.zip and .tar.gz suffer from weird umask (go-r) on wagon 
jars:

$ diffoscope target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip 
apache-maven/target/apache-maven-3.9.5-bin.zip
--- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip
+++ apache-maven/target/apache-maven-3.9.5-bin.zip
│┄ Archive contents identical but files differ, possibly due to different 
compression levels. Falling back to binary comparison.
├── zipinfo {}
│ @@ -81,21 +81,21 @@
│  -rw-r--r--  2.0 unx74345 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/maven-resolver-provider-3.9.5.jar
│  -rw-r--r--  2.0 unx   317619 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/maven-resolver-impl-1.9.16.jar
│  -rw-r--r--  2.0 unx37757 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/maven-resolver-named-locks-1.9.16.jar
│  -rw-r--r--  2.0 unx51503 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/maven-resolver-spi-1.9.16.jar
│  -rw-r--r--  2.0 unx   379348 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/org.eclipse.sisu.inject-0.3.5.jar
│  -rw-r--r--  2.0 unx 4225 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/plexus-component-annotations-2.1.0.jar
│  -rw-r--r--  2.0 unx   289577 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/maven-compat-3.9.5.jar
│ --rw---  2.0 unx55101 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
│ +-rw-r--r--  2.0 unx55101 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/wagon-provider-api-3.5.3.jar
│  -rw-r--r--  2.0 unx   205307 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/org.eclipse.sisu.plexus-0.3.5.jar
│  -rw-r--r--  2.0 unx58284 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/commons-cli-1.5.0.jar
│ --rw---  2.0 unx 9405 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
│ --rw---  2.0 unx40832 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
│ --rw---  2.0 unx   785639 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/httpclient-4.5.14.jar
│ --rw---  2.0 unx11350 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
│ +-rw-r--r--  2.0 unx 9405 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/wagon-http-3.5.3.jar
│ +-rw-r--r--  2.0 unx40832 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/wagon-http-shared-3.5.3.jar
│ +-rw-r--r--  2.0 unx   785639 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/httpclient-4.5.14.jar
│ +-rw-r--r--  2.0 unx11350 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/wagon-file-3.5.3.jar
│  -rw-r--r--  2.0 unx16555 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/jcl-over-slf4j-1.7.36.jar
│  -rw-r--r--  2.0 unx40277 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/maven-resolver-connector-basic-1.9.16.jar
│  -rw-r--r--  2.0 unx16249 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/maven-resolver-transport-file-1.9.16.jar
│  -rw-r--r--  2.0 unx55689 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/maven-resolver-transport-http-1.9.16.jar
│  -rw-r--r--  2.0 unx   327891 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/httpcore-4.4.16.jar
│  -rw-r--r--  2.0 unx   360738 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/commons-codec-1.16.0.jar
│  -rw-r--r--  2.0 unx32488 b- defN 23-Oct-01 18:38 
apache-maven-3.9.5/lib/maven-resolver-transport-wagon-1.9.16.jar
│   --- target/reference/org.apache.maven/apache-maven-3.9.5-bin.zip

Regards,

Hervé


On 2023/10/01 19:07:05 Tamás Cservenák wrote:
> Howdy,
> 
> Note: This release completes the main goals of Maven 3.9.x lineage, among
> others moving to Java 8 and transition to latest Resolver 1.9.x features
> (new robust transports, local repository locking, provided checksums,
> remote repository filtering and more). Maven Resolver 1.9.x lineage is
> already in "bugfix only" (no new features) maintenance mode, and this makes
> Maven 3.9.x lineage getting into this maintenance mode as well. I do
> foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
> lifecycle plugin updates), but the focus should move to upcoming Maven 4,
> Resolver 2 and mvnd (at least when "core" is considered).
> 
> ---
> 
> We solved 8 issues:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460
> 
> There are still a couple of issues left in JIRA:
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved
> 
> Staging repo:
> https://repository.apache.org/content/repositories/maven-1995
> 
> Dev dist directory (binary bundles updated):
> https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/
> 
> Source release checksums:
> apache-maven-3.9.5-src.zip sha512:
> f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f
> 
> apache-maven-3.9.5-src.tar.gz sha512:
> 

Re: [VOTE] Release Apache Maven 3.9.5

[Romain Manni-Bucau]

+1 (works on tested projects and aligned with discussions)

Le lun. 2 oct. 2023 à 00:32, Gary Gregory  a écrit :

> Understood and thank you for the clarification. Seeing the original in a
> VOTE thread gave it top much attention IMO.
>
> Gary
>
> On Sun, Oct 1, 2023, 4:13 PM Tamás Cservenák  wrote:
>
> > Howdy,
> >
> > Yes, I agree.
> >
> > To rephrase, i meant more like "our focus should be Maven4", meaning,
> that
> > IMHO we should not push new features into 3 anymore (similarly in
> resolver,
> > all the new features like HTTP/2 are "parked" for resolver 2 [to be used
> > with Maven 4]). I did not say "no more 3.x releases", just wanted to
> > emphasize the "shift of focus".
> >
> > T
> >
> > On Sun, Oct 1, 2023 at 10:03 PM Gary Gregory 
> > wrote:
> >
> > > From the peanut gallery, it feels odd to call anything 3.x in
> maintenance
> > > mode when there is not a 4.0.
> > >
> > > Gary
> > >
> > > On Sun, Oct 1, 2023, 3:08 PM Tamás Cservenák 
> > wrote:
> > >
> > > > Howdy,
> > > >
> > > > Note: This release completes the main goals of Maven 3.9.x lineage,
> > among
> > > > others moving to Java 8 and transition to latest Resolver 1.9.x
> > features
> > > > (new robust transports, local repository locking, provided checksums,
> > > > remote repository filtering and more). Maven Resolver 1.9.x lineage
> is
> > > > already in "bugfix only" (no new features) maintenance mode, and this
> > > makes
> > > > Maven 3.9.x lineage getting into this maintenance mode as well. I do
> > > > foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
> > > > lifecycle plugin updates), but the focus should move to upcoming
> Maven
> > 4,
> > > > Resolver 2 and mvnd (at least when "core" is considered).
> > > >
> > > > ---
> > > >
> > > > We solved 8 issues:
> > > >
> > > >
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460
> > > >
> > > > There are still a couple of issues left in JIRA:
> > > >
> > > >
> > >
> >
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved
> > > >
> > > > Staging repo:
> > > > https://repository.apache.org/content/repositories/maven-1995
> > > >
> > > > Dev dist directory (binary bundles updated):
> > > > https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/
> > > >
> > > > Source release checksums:
> > > > apache-maven-3.9.5-src.zip sha512:
> > > >
> > > >
> > >
> >
> f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f
> > > >
> > > > apache-maven-3.9.5-src.tar.gz sha512:
> > > >
> > > >
> > >
> >
> fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e
> > > >
> > > > Staged site:
> > > > https://maven.apache.org/ref/3-LATEST/
> > > >
> > > > Draft for release notes:
> > > > https://github.com/apache/maven-site/pull/458
> > > >
> > > > Guide to testing staged releases:
> > > >
> http://maven.apache.org/guides/development/guide-testing-releases.html
> > > >
> > > > Vote open for 72h
> > > >
> > > > [ ] +1
> > > > [ ] +0
> > > > [ ] -1
> > > >
> > >
> >
>

Re: [VOTE] Release Apache Maven 3.9.5

[Gary Gregory]

Understood and thank you for the clarification. Seeing the original in a
VOTE thread gave it top much attention IMO.

Gary

On Sun, Oct 1, 2023, 4:13 PM Tamás Cservenák  wrote:

> Howdy,
>
> Yes, I agree.
>
> To rephrase, i meant more like "our focus should be Maven4", meaning, that
> IMHO we should not push new features into 3 anymore (similarly in resolver,
> all the new features like HTTP/2 are "parked" for resolver 2 [to be used
> with Maven 4]). I did not say "no more 3.x releases", just wanted to
> emphasize the "shift of focus".
>
> T
>
> On Sun, Oct 1, 2023 at 10:03 PM Gary Gregory 
> wrote:
>
> > From the peanut gallery, it feels odd to call anything 3.x in maintenance
> > mode when there is not a 4.0.
> >
> > Gary
> >
> > On Sun, Oct 1, 2023, 3:08 PM Tamás Cservenák 
> wrote:
> >
> > > Howdy,
> > >
> > > Note: This release completes the main goals of Maven 3.9.x lineage,
> among
> > > others moving to Java 8 and transition to latest Resolver 1.9.x
> features
> > > (new robust transports, local repository locking, provided checksums,
> > > remote repository filtering and more). Maven Resolver 1.9.x lineage is
> > > already in "bugfix only" (no new features) maintenance mode, and this
> > makes
> > > Maven 3.9.x lineage getting into this maintenance mode as well. I do
> > > foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
> > > lifecycle plugin updates), but the focus should move to upcoming Maven
> 4,
> > > Resolver 2 and mvnd (at least when "core" is considered).
> > >
> > > ---
> > >
> > > We solved 8 issues:
> > >
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460
> > >
> > > There are still a couple of issues left in JIRA:
> > >
> > >
> >
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved
> > >
> > > Staging repo:
> > > https://repository.apache.org/content/repositories/maven-1995
> > >
> > > Dev dist directory (binary bundles updated):
> > > https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/
> > >
> > > Source release checksums:
> > > apache-maven-3.9.5-src.zip sha512:
> > >
> > >
> >
> f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f
> > >
> > > apache-maven-3.9.5-src.tar.gz sha512:
> > >
> > >
> >
> fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e
> > >
> > > Staged site:
> > > https://maven.apache.org/ref/3-LATEST/
> > >
> > > Draft for release notes:
> > > https://github.com/apache/maven-site/pull/458
> > >
> > > Guide to testing staged releases:
> > > http://maven.apache.org/guides/development/guide-testing-releases.html
> > >
> > > Vote open for 72h
> > >
> > > [ ] +1
> > > [ ] +0
> > > [ ] -1
> > >
> >
>

Re: [VOTE] Release Apache Maven 3.9.5

[Tamás Cservenák]

Howdy,

Yes, I agree.

To rephrase, i meant more like "our focus should be Maven4", meaning, that
IMHO we should not push new features into 3 anymore (similarly in resolver,
all the new features like HTTP/2 are "parked" for resolver 2 [to be used
with Maven 4]). I did not say "no more 3.x releases", just wanted to
emphasize the "shift of focus".

T

On Sun, Oct 1, 2023 at 10:03 PM Gary Gregory  wrote:

> From the peanut gallery, it feels odd to call anything 3.x in maintenance
> mode when there is not a 4.0.
>
> Gary
>
> On Sun, Oct 1, 2023, 3:08 PM Tamás Cservenák  wrote:
>
> > Howdy,
> >
> > Note: This release completes the main goals of Maven 3.9.x lineage, among
> > others moving to Java 8 and transition to latest Resolver 1.9.x features
> > (new robust transports, local repository locking, provided checksums,
> > remote repository filtering and more). Maven Resolver 1.9.x lineage is
> > already in "bugfix only" (no new features) maintenance mode, and this
> makes
> > Maven 3.9.x lineage getting into this maintenance mode as well. I do
> > foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
> > lifecycle plugin updates), but the focus should move to upcoming Maven 4,
> > Resolver 2 and mvnd (at least when "core" is considered).
> >
> > ---
> >
> > We solved 8 issues:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460
> >
> > There are still a couple of issues left in JIRA:
> >
> >
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved
> >
> > Staging repo:
> > https://repository.apache.org/content/repositories/maven-1995
> >
> > Dev dist directory (binary bundles updated):
> > https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/
> >
> > Source release checksums:
> > apache-maven-3.9.5-src.zip sha512:
> >
> >
> f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f
> >
> > apache-maven-3.9.5-src.tar.gz sha512:
> >
> >
> fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e
> >
> > Staged site:
> > https://maven.apache.org/ref/3-LATEST/
> >
> > Draft for release notes:
> > https://github.com/apache/maven-site/pull/458
> >
> > Guide to testing staged releases:
> > http://maven.apache.org/guides/development/guide-testing-releases.html
> >
> > Vote open for 72h
> >
> > [ ] +1
> > [ ] +0
> > [ ] -1
> >
>

Re: [VOTE] Release Apache Maven 3.9.5

[Gary Gregory]

>From the peanut gallery, it feels odd to call anything 3.x in maintenance
mode when there is not a 4.0.

Gary

On Sun, Oct 1, 2023, 3:08 PM Tamás Cservenák  wrote:

> Howdy,
>
> Note: This release completes the main goals of Maven 3.9.x lineage, among
> others moving to Java 8 and transition to latest Resolver 1.9.x features
> (new robust transports, local repository locking, provided checksums,
> remote repository filtering and more). Maven Resolver 1.9.x lineage is
> already in "bugfix only" (no new features) maintenance mode, and this makes
> Maven 3.9.x lineage getting into this maintenance mode as well. I do
> foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
> lifecycle plugin updates), but the focus should move to upcoming Maven 4,
> Resolver 2 and mvnd (at least when "core" is considered).
>
> ---
>
> We solved 8 issues:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460
>
> There are still a couple of issues left in JIRA:
>
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved
>
> Staging repo:
> https://repository.apache.org/content/repositories/maven-1995
>
> Dev dist directory (binary bundles updated):
> https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/
>
> Source release checksums:
> apache-maven-3.9.5-src.zip sha512:
>
> f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f
>
> apache-maven-3.9.5-src.tar.gz sha512:
>
> fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e
>
> Staged site:
> https://maven.apache.org/ref/3-LATEST/
>
> Draft for release notes:
> https://github.com/apache/maven-site/pull/458
>
> Guide to testing staged releases:
> http://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for 72h
>
> [ ] +1
> [ ] +0
> [ ] -1
>

Re: [VOTE] Release Apache Maven 3.9.5

[Michael Osipov]

Am 2023-10-01 um 21:07 schrieb Tamás Cservenák:

Howdy,

Note: This release completes the main goals of Maven 3.9.x lineage, among
others moving to Java 8 and transition to latest Resolver 1.9.x features
(new robust transports, local repository locking, provided checksums,
remote repository filtering and more). Maven Resolver 1.9.x lineage is
already in "bugfix only" (no new features) maintenance mode, and this makes
Maven 3.9.x lineage getting into this maintenance mode as well. I do
foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
lifecycle plugin updates), but the focus should move to upcoming Maven 4,
Resolver 2 and mvnd (at least when "core" is considered).

---

We solved 8 issues:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460

There are still a couple of issues left in JIRA:
https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved

Staging repo:
https://repository.apache.org/content/repositories/maven-1995

Dev dist directory (binary bundles updated):
https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/

Source release checksums:
apache-maven-3.9.5-src.zip sha512:
f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f

apache-maven-3.9.5-src.tar.gz sha512:
fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e

Staged site:
https://maven.apache.org/ref/3-LATEST/

Draft for release notes:
https://github.com/apache/maven-site/pull/458

Guide to testing staged releases:
http://maven.apache.org/guides/development/guide-testing-releases.html

Vote open for 72h


+1

[VOTE] Release Apache Maven 3.9.5

[Tamás Cservenák]

Howdy,

Note: This release completes the main goals of Maven 3.9.x lineage, among
others moving to Java 8 and transition to latest Resolver 1.9.x features
(new robust transports, local repository locking, provided checksums,
remote repository filtering and more). Maven Resolver 1.9.x lineage is
already in "bugfix only" (no new features) maintenance mode, and this makes
Maven 3.9.x lineage getting into this maintenance mode as well. I do
foresee some more Maven 3.9.x releases with usual fluff (bug fixes,
lifecycle plugin updates), but the focus should move to upcoming Maven 4,
Resolver 2 and mvnd (at least when "core" is considered).

---

We solved 8 issues:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922=12353460

There are still a couple of issues left in JIRA:
https://issues.apache.org/jira/issues/?jql=project%20%3D%20MNG%20AND%20resolution%20%3D%20Unresolved

Staging repo:
https://repository.apache.org/content/repositories/maven-1995

Dev dist directory (binary bundles updated):
https://dist.apache.org/repos/dist/dev/maven/maven-3/3.9.5/

Source release checksums:
apache-maven-3.9.5-src.zip sha512:
f1e7f36a6423c4f6d98e599120ede3a9f9f62448edeb2d49ffbdc05e36548190049bc83aae4f49e3305da1060d7b8e49477a55cb78b938951fd41ab3d360995f

apache-maven-3.9.5-src.tar.gz sha512:
fd8f9c4f3c6af001d11146102ba491b248163cd45d8be16907f7dcdc763eef4a081a02286b28a74de7f48c3f377a0a4491d2fa9155c906466aa3c831a5b4ef8e

Staged site:
https://maven.apache.org/ref/3-LATEST/

Draft for release notes:
https://github.com/apache/maven-site/pull/458

Guide to testing staged releases:
http://maven.apache.org/guides/development/guide-testing-releases.html

Vote open for 72h

[ ] +1
[ ] +0
[ ] -1