[RESULT] [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Enrico Olivelli]

Hi,
with 8 positive votes (3 binding) we can release this RC as ZooKeeper 3.5.6
- Zili Chen
- Suijth Simon
- Norbert Kalmar
- Mohammad Arshad
- Justin Ling Mao
- Patrick Hunt (binding)
- Andor Molnar (binding)
- Flavio Junqueira (binding)

Thank you to every one who participated in the release

I will finish the release procedure, artifacts will be available in the
next few hours.

Enrico Olivelli

Il giorno mar 15 ott 2019 alle ore 23:53 Flavio Junqueira 
ha scritto:

> +1
>
> - Built from sources
> - Validated digest and signature for sources tar.gz
> - Verified that dependency from staging repo resolves
> - Checked release notes
> - Ran some local smoke tests
>
> -Flavio
>
>
> > On 11 Oct 2019, at 08:45, Zili Chen  wrote:
> >
> > +1 (non-binding)
> >
> > + verify source tarball contains no binary files
> > + verify binary tarball contains no source files
> >
> > + locally build by `mvn clean install -DskipTests -Pfull-build)` and
> verify
> > by `mvn verify`, tests pass
> >
> > + Verified basic zookeeper operation through Cli
> >
> > Best,
> > tison.
> >
> >
> > Mohammad arshad  于2019年10月11日周五 下午2:38写道：
> >
> >> +1 (non-binding)
> >> Verified checksums and signature
> >> Run UT on ubuntu 16.04 with jdk1.8.0_221 with non-root user. All 2554
> UTs
> >> passed
> >> Verified basic zk operation through Cli
> >> Executed 4 letter word commands
> >> Verified admin server commands
> >> Ran rat
> >> All are OK :-)
> >>
> >>
> >> Thanks & Regards
> >> Mohammad Arshad
> >>
> >> -Original Message-
> >> From: sujith simon [mailto:sujithsimo...@gmail.com]
> >> Sent: Friday, October 11, 2019 11:32 AM
> >> To: dev@zookeeper.apache.org
> >> Subject: Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4
> >>
> >> +1 (non-binding)
> >>
> >> - Verified Checksum
> >> - Verified Signature
> >> - Verfied that tags are correct
> >> - Verified build, installed ZooKeeper and tested basic commands from
> >> source tarball
> >> - Installed ZooKeeper from bin tarball on a 3 node cluster and tested
> >> basic ZooKeeper commands
> >> - Verified that Unit tests are passing
> >>
> >> Thanks :)
> >>
> >>
> >> On Thu, Oct 10, 2019 at 2:53 PM Norbert Kalmar
> >> 
> >> wrote:
> >>
> >>> +1 (non-binding)
> >>>
> >>> - unit tests pass
> >>> - built and started ZK + run few commands from source tarball
> >>> - checked bin tarball, license files, run ZK + few commands
> >>> - signature OK.
> >>> - git tag OK :)
> >>>
> >>> Thanks Enrico!
> >>>
> >>> Norbert
> >>>
> >>> On Wed, Oct 9, 2019 at 10:45 PM Andor Molnar  wrote:
> >>>
> >>>> +1
> >>>>
> >>>> Verified…
> >>>>
> >>>> - checksums, signature,
> >>>> - unit tests
> >>>> - 3-node cluster smoke tests.
> >>>>
> >>>> Andor
> >>>>
> >>>>
> >>>>> On 2019. Oct 9., at 22:40, Enrico Olivelli 
> >>> wrote:
> >>>>>
> >>>>> Il mer 9 ott 2019, 21:14 Patrick Hunt  ha scritto:
> >>>>>
> >>>>>> +1 checksums/sig validated. rat ran clean and I was able to build
> >>>>>> +and
> >>>>>> exercise the code just fine with java 8.
> >>>>>>
> >>>>>> Note dep check is failing again however:
> >>>>>>
> >>>>>> jackson-databind-2.9.10.jar
> >>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
> >>>>>> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
> >>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
> >>>>>> CVE-2019-16942, CVE-2019-16943
> >>>>>>
> >>>>>> I looked at the issue and they seem very specific, given that and
> >>>>>> the status of databind these days I think we should get this one
> >>>>>> next time around vs re-re... spinning the rc. What do you think?
> >>>>>>
> >>>>>
> >>>>> Agreed.
> >>>>> And as we are doing a very limited use of Jackson we can look for
> >>>&g

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Flavio Junqueira]

+1

- Built from sources
- Validated digest and signature for sources tar.gz
- Verified that dependency from staging repo resolves
- Checked release notes
- Ran some local smoke tests

-Flavio


> On 11 Oct 2019, at 08:45, Zili Chen  wrote:
> 
> +1 (non-binding)
> 
> + verify source tarball contains no binary files
> + verify binary tarball contains no source files
> 
> + locally build by `mvn clean install -DskipTests -Pfull-build)` and verify
> by `mvn verify`, tests pass
> 
> + Verified basic zookeeper operation through Cli
> 
> Best,
> tison.
> 
> 
> Mohammad arshad  于2019年10月11日周五 下午2:38写道：
> 
>> +1 (non-binding)
>> Verified checksums and signature
>> Run UT on ubuntu 16.04 with jdk1.8.0_221 with non-root user. All 2554 UTs
>> passed
>> Verified basic zk operation through Cli
>> Executed 4 letter word commands
>> Verified admin server commands
>> Ran rat
>> All are OK :-)
>> 
>> 
>> Thanks & Regards
>> Mohammad Arshad
>> 
>> -Original Message-
>> From: sujith simon [mailto:sujithsimo...@gmail.com]
>> Sent: Friday, October 11, 2019 11:32 AM
>> To: dev@zookeeper.apache.org
>> Subject: Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4
>> 
>> +1 (non-binding)
>> 
>> - Verified Checksum
>> - Verified Signature
>> - Verfied that tags are correct
>> - Verified build, installed ZooKeeper and tested basic commands from
>> source tarball
>> - Installed ZooKeeper from bin tarball on a 3 node cluster and tested
>> basic ZooKeeper commands
>> - Verified that Unit tests are passing
>> 
>> Thanks :)
>> 
>> 
>> On Thu, Oct 10, 2019 at 2:53 PM Norbert Kalmar
>> 
>> wrote:
>> 
>>> +1 (non-binding)
>>> 
>>> - unit tests pass
>>> - built and started ZK + run few commands from source tarball
>>> - checked bin tarball, license files, run ZK + few commands
>>> - signature OK.
>>> - git tag OK :)
>>> 
>>> Thanks Enrico!
>>> 
>>> Norbert
>>> 
>>> On Wed, Oct 9, 2019 at 10:45 PM Andor Molnar  wrote:
>>> 
>>>> +1
>>>> 
>>>> Verified…
>>>> 
>>>> - checksums, signature,
>>>> - unit tests
>>>> - 3-node cluster smoke tests.
>>>> 
>>>> Andor
>>>> 
>>>> 
>>>>> On 2019. Oct 9., at 22:40, Enrico Olivelli 
>>> wrote:
>>>>> 
>>>>> Il mer 9 ott 2019, 21:14 Patrick Hunt  ha scritto:
>>>>> 
>>>>>> +1 checksums/sig validated. rat ran clean and I was able to build
>>>>>> +and
>>>>>> exercise the code just fine with java 8.
>>>>>> 
>>>>>> Note dep check is failing again however:
>>>>>> 
>>>>>> jackson-databind-2.9.10.jar
>>>>>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
>>>>>> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
>>>>>> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
>>>>>> CVE-2019-16942, CVE-2019-16943
>>>>>> 
>>>>>> I looked at the issue and they seem very specific, given that and
>>>>>> the status of databind these days I think we should get this one
>>>>>> next time around vs re-re... spinning the rc. What do you think?
>>>>>> 
>>>>> 
>>>>> Agreed.
>>>>> And as we are doing a very limited use of Jackson we can look for
>>>>> a replacement
>>>>> 
>>>>> Enrico
>>>>> 
>>>>>> 
>>>>>> Patrick
>>>>>> 
>>>>>> 
>>>>>> On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli
>>>>>> 
>>>>>> wrote:
>>>>>> 
>>>>>>> This is a bugfix release candidate for 3.5.6.
>>>>>>> 
>>>>>>> It fixes 29 issues, including upgrade of third party libraries,
>>>>>>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade
>>>>>>> of
>>>> Netty 4
>>>>>>> and better procedure for the upgrade of servers from 3.4 to 3.5.
>>>>>>> 
>>>>>>> The full release notes is available at:
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>> 
>>>> 
>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310
>>> 801=12345243
>>>>>>> 
>>>>>>> *** Please download, test and vote by October 11th 2019, 23:59
>> UTC+0.
>>>> ***
>>>>>>> 
>>>>>>> Source files:
>>>>>>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
>>>>>>> 
>>>>>>> Maven staging repo:
>>>>>>> 
>>>>>> 
>>>> 
>>> https://repository.apache.org/content/repositories/orgapachezookeeper-
>>> 1044
>>>>>>> 
>>>>>>> The release candidate tag in git to be voted upon:
>>>>>>> release-3.5.6-rc4
>>>>>>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
>>>>>>> 
>>>>>>> ZooKeeper's KEYS file containing PGP keys we use to sign the
>> release:
>>>>>>> https://www.apache.org/dist/zookeeper/KEYS
>>>>>>> 
>>>>>>> Should we release this candidate?
>>>>>>> 
>>>>>>> Enrico Olivelli
>>>> 
>>>> 
>>> 
>> 

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Patrick Hunt]

If you haven't already I'd recommend reaching out 1:1 with each of the pmc
members. That will usually turn up at least a couple.

Regards,

Patrick


On Sun, Oct 13, 2019 at 2:21 PM Enrico Olivelli  wrote:

> Thank you all, we need one more PMC +1 in order to validate the candidate.
>
> Enrico
>
> Il giorno ven 11 ott 2019 alle ore 08:55 Zili Chen 
> ha scritto:
>
> > +1 (non-binding)
> >
> > + verify source tarball contains no binary files
> > + verify binary tarball contains no source files
> >
> > + locally build by `mvn clean install -DskipTests -Pfull-build)` and
> verify
> > by `mvn verify`, tests pass
> >
> > + Verified basic zookeeper operation through Cli
> >
> > Best,
> > tison.
> >
> >
> > Mohammad arshad  于2019年10月11日周五 下午2:38写道：
> >
> > > +1 (non-binding)
> > > Verified checksums and signature
> > > Run UT on ubuntu 16.04 with jdk1.8.0_221 with non-root user. All 2554
> UTs
> > > passed
> > > Verified basic zk operation through Cli
> > > Executed 4 letter word commands
> > > Verified admin server commands
> > > Ran rat
> > > All are OK :-)
> > >
> > >
> > > Thanks & Regards
> > > Mohammad Arshad
> > >
> > > -Original Message-
> > > From: sujith simon [mailto:sujithsimo...@gmail.com]
> > > Sent: Friday, October 11, 2019 11:32 AM
> > > To: dev@zookeeper.apache.org
> > > Subject: Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4
> > >
> > > +1 (non-binding)
> > >
> > > - Verified Checksum
> > > - Verified Signature
> > > - Verfied that tags are correct
> > > - Verified build, installed ZooKeeper and tested basic commands from
> > > source tarball
> > > - Installed ZooKeeper from bin tarball on a 3 node cluster and tested
> > > basic ZooKeeper commands
> > > - Verified that Unit tests are passing
> > >
> > > Thanks :)
> > >
> > >
> > > On Thu, Oct 10, 2019 at 2:53 PM Norbert Kalmar
> > > 
> > > wrote:
> > >
> > > > +1 (non-binding)
> > > >
> > > > - unit tests pass
> > > > - built and started ZK + run few commands from source tarball
> > > > - checked bin tarball, license files, run ZK + few commands
> > > > - signature OK.
> > > > - git tag OK :)
> > > >
> > > > Thanks Enrico!
> > > >
> > > > Norbert
> > > >
> > > > On Wed, Oct 9, 2019 at 10:45 PM Andor Molnar 
> wrote:
> > > >
> > > > > +1
> > > > >
> > > > > Verified…
> > > > >
> > > > > - checksums, signature,
> > > > > - unit tests
> > > > > - 3-node cluster smoke tests.
> > > > >
> > > > > Andor
> > > > >
> > > > >
> > > > > > On 2019. Oct 9., at 22:40, Enrico Olivelli 
> > > > wrote:
> > > > > >
> > > > > > Il mer 9 ott 2019, 21:14 Patrick Hunt  ha
> > scritto:
> > > > > >
> > > > > >> +1 checksums/sig validated. rat ran clean and I was able to
> build
> > > > > >> +and
> > > > > >> exercise the code just fine with java 8.
> > > > > >>
> > > > > >> Note dep check is failing again however:
> > > > > >>
> > > > > >> jackson-databind-2.9.10.jar
> > > > > >> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
> > > > > >> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
> > > > > >> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
> > > > > >> CVE-2019-16942, CVE-2019-16943
> > > > > >>
> > > > > >> I looked at the issue and they seem very specific, given that
> and
> > > > > >> the status of databind these days I think we should get this one
> > > > > >> next time around vs re-re... spinning the rc. What do you think?
> > > > > >>
> > > > > >
> > > > > > Agreed.
> > > > > > And as we are doing a very limited use of Jackson we can look for
> > > > > > a replacement
> > > > > >
> > > > > > Enrico
> > > > > >
> > > > > >>
> > > > > >&

Re: Re: Re: Re: Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Justin Ling Mao]

+1 (non-binding)A benchmark test for 3.5.6 candidate 4 with YCSB tool:
Machine Env:my local(8core,16G, 256SSD)
ZooKeeper Env: 3.5.6-c11b7e26bc554b8523dc929761dd28808913f091, built on 
10/08/2019 20:18 GMTstandalone mode(one zk server); 100 znodes;   data 
length(per znode):100;default configuration without any tuning.
Benchmark result:PS: workloada(read:50%,write:50%); 
workloadb(read:95%,write:5%); workloadc(read:100%)

- Original Message -
From: Zili Chen 
To: DevZooKeeper 
Subject: Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4
Date: 2019-10-14 06:55

+1 (non-binding)
+ verify source tarball contains no binary files
+ verify binary tarball contains no source files
+ locally build by `mvn clean install -DskipTests -Pfull-build)` and verify
by `mvn verify`, tests pass
+ Verified basic zookeeper operation through Cli
Best,
tison.
Mohammad arshad  于2019年10月11日周五 下午2:38写道：
> +1 (non-binding)
> Verified checksums and signature
> Run UT on ubuntu 16.04 with jdk1.8.0_221 with non-root user. All 2554 UTs
> passed
> Verified basic zk operation through Cli
> Executed 4 letter word commands
> Verified admin server commands
> Ran rat
> All are OK :-)
>
>
> Thanks & Regards
> Mohammad Arshad
>
> -Original Message-
> From: sujith simon [mailto:sujithsimo...@gmail.com]
> Sent: Friday, October 11, 2019 11:32 AM
> To: dev@zookeeper.apache.org
> Subject: Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4
>
> +1 (non-binding)
>
> - Verified Checksum
> - Verified Signature
> - Verfied that tags are correct
> - Verified build, installed ZooKeeper and tested basic commands from
> source tarball
> - Installed ZooKeeper from bin tarball on a 3 node cluster and tested
> basic ZooKeeper commands
> - Verified that Unit tests are passing
>
> Thanks :)
>
>
> On Thu, Oct 10, 2019 at 2:53 PM Norbert Kalmar
> 
> wrote:
>
> > +1 (non-binding)
> >
> > - unit tests pass
> > - built and started ZK + run few commands from source tarball
> > - checked bin tarball, license files, run ZK + few commands
> > - signature OK.
> > - git tag OK :)
> >
> > Thanks Enrico!
> >
> > Norbert
> >
> > On Wed, Oct 9, 2019 at 10:45 PM Andor Molnar  wrote:
> >
> > > +1
> > >
> > > Verified…
> > >
> > > - checksums, signature,
> > > - unit tests
> > > - 3-node cluster smoke tests.
> > >
> > > Andor
> > >
> > >
> > > > On 2019. Oct 9., at 22:40, Enrico Olivelli 
> > wrote:
> > > >
> > > > Il mer 9 ott 2019, 21:14 Patrick Hunt  ha scritto:
> > > >
> > > >> +1 checksums/sig validated. rat ran clean and I was able to build
> > > >> +and
> > > >> exercise the code just fine with java 8.
> > > >>
> > > >> Note dep check is failing again however:
> > > >>
> > > >> jackson-databind-2.9.10.jar
> > > >> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
> > > >> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
> > > >> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
> > > >> CVE-2019-16942, CVE-2019-16943
> > > >>
> > > >> I looked at the issue and they seem very specific, given that and
> > > >> the status of databind these days I think we should get this one
> > > >> next time around vs re-re... spinning the rc. What do you think?
> > > >>
> > > >
> > > > Agreed.
> > > > And as we are doing a very limited use of Jackson we can look for
> > > > a replacement
> > > >
> > > > Enrico
> > > >
> > > >>
> > > >> Patrick
> > > >>
> > > >>
> > > >> On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli
> > > >> 
> > > >> wrote:
> > > >>
> > > >>> This is a bugfix release candidate for 3.5.6.
> > > >>>
> > > >>> It fixes 29 issues, including upgrade of third party libraries,
> > > >>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade
> > > >>> of
> > > Netty 4
> > > >>> and better procedure for the upgrade of servers from 3.4 to 3.5.
> > > >>>
> > > >>> The full release notes is available at:
> > > >>>
> > > >>>
> > > >>>
> > > >>
> > >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310
> > 801=12345243
> > > >>>
> > > >>> *** Please download, test and vote by October 11th 2019, 23:59
> UTC+0.
> > > ***
> > > >>>
> > > >>> Source files:
> > > >>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
> > > >>>
> > > >>> Maven staging repo:
> > > >>>
> > > >>
> > >
> > https://repository.apache.org/content/repositories/orgapachezookeeper-
> > 1044
> > > >>>
> > > >>> The release candidate tag in git to be voted upon:
> > > >>> release-3.5.6-rc4
> > > >>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
> > > >>>
> > > >>> ZooKeeper's KEYS file containing PGP keys we use to sign the
> release:
> > > >>> https://www.apache.org/dist/zookeeper/KEYS
> > > >>>
> > > >>> Should we release this candidate?
> > > >>>
> > > >>> Enrico Olivelli
> > >
> > >
> >
>

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Enrico Olivelli]

Thank you all, we need one more PMC +1 in order to validate the candidate.

Enrico

Il giorno ven 11 ott 2019 alle ore 08:55 Zili Chen 
ha scritto:

> +1 (non-binding)
>
> + verify source tarball contains no binary files
> + verify binary tarball contains no source files
>
> + locally build by `mvn clean install -DskipTests -Pfull-build)` and verify
> by `mvn verify`, tests pass
>
> + Verified basic zookeeper operation through Cli
>
> Best,
> tison.
>
>
> Mohammad arshad  于2019年10月11日周五 下午2:38写道：
>
> > +1 (non-binding)
> > Verified checksums and signature
> > Run UT on ubuntu 16.04 with jdk1.8.0_221 with non-root user. All 2554 UTs
> > passed
> > Verified basic zk operation through Cli
> > Executed 4 letter word commands
> > Verified admin server commands
> > Ran rat
> > All are OK :-)
> >
> >
> > Thanks & Regards
> > Mohammad Arshad
> >
> > -Original Message-
> > From: sujith simon [mailto:sujithsimo...@gmail.com]
> > Sent: Friday, October 11, 2019 11:32 AM
> > To: dev@zookeeper.apache.org
> > Subject: Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4
> >
> > +1 (non-binding)
> >
> > - Verified Checksum
> > - Verified Signature
> > - Verfied that tags are correct
> > - Verified build, installed ZooKeeper and tested basic commands from
> > source tarball
> > - Installed ZooKeeper from bin tarball on a 3 node cluster and tested
> > basic ZooKeeper commands
> > - Verified that Unit tests are passing
> >
> > Thanks :)
> >
> >
> > On Thu, Oct 10, 2019 at 2:53 PM Norbert Kalmar
> > 
> > wrote:
> >
> > > +1 (non-binding)
> > >
> > > - unit tests pass
> > > - built and started ZK + run few commands from source tarball
> > > - checked bin tarball, license files, run ZK + few commands
> > > - signature OK.
> > > - git tag OK :)
> > >
> > > Thanks Enrico!
> > >
> > > Norbert
> > >
> > > On Wed, Oct 9, 2019 at 10:45 PM Andor Molnar  wrote:
> > >
> > > > +1
> > > >
> > > > Verified…
> > > >
> > > > - checksums, signature,
> > > > - unit tests
> > > > - 3-node cluster smoke tests.
> > > >
> > > > Andor
> > > >
> > > >
> > > > > On 2019. Oct 9., at 22:40, Enrico Olivelli 
> > > wrote:
> > > > >
> > > > > Il mer 9 ott 2019, 21:14 Patrick Hunt  ha
> scritto:
> > > > >
> > > > >> +1 checksums/sig validated. rat ran clean and I was able to build
> > > > >> +and
> > > > >> exercise the code just fine with java 8.
> > > > >>
> > > > >> Note dep check is failing again however:
> > > > >>
> > > > >> jackson-databind-2.9.10.jar
> > > > >> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
> > > > >> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
> > > > >> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
> > > > >> CVE-2019-16942, CVE-2019-16943
> > > > >>
> > > > >> I looked at the issue and they seem very specific, given that and
> > > > >> the status of databind these days I think we should get this one
> > > > >> next time around vs re-re... spinning the rc. What do you think?
> > > > >>
> > > > >
> > > > > Agreed.
> > > > > And as we are doing a very limited use of Jackson we can look for
> > > > > a replacement
> > > > >
> > > > > Enrico
> > > > >
> > > > >>
> > > > >> Patrick
> > > > >>
> > > > >>
> > > > >> On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli
> > > > >> 
> > > > >> wrote:
> > > > >>
> > > > >>> This is a bugfix release candidate for 3.5.6.
> > > > >>>
> > > > >>> It fixes 29 issues, including upgrade of third party libraries,
> > > > >>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade
> > > > >>> of
> > > > Netty 4
> > > > >>> and better procedure for the upgrade of servers from 3.4 to 3.5.
> > > > >>>
> > > > >>> The full release notes is available at:
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>
> > > >
> > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310
> > > 801=12345243
> > > > >>>
> > > > >>> *** Please download, test and vote by October 11th 2019, 23:59
> > UTC+0.
> > > > ***
> > > > >>>
> > > > >>> Source files:
> > > > >>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
> > > > >>>
> > > > >>> Maven staging repo:
> > > > >>>
> > > > >>
> > > >
> > > https://repository.apache.org/content/repositories/orgapachezookeeper-
> > > 1044
> > > > >>>
> > > > >>> The release candidate tag in git to be voted upon:
> > > > >>> release-3.5.6-rc4
> > > > >>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
> > > > >>>
> > > > >>> ZooKeeper's KEYS file containing PGP keys we use to sign the
> > release:
> > > > >>> https://www.apache.org/dist/zookeeper/KEYS
> > > > >>>
> > > > >>> Should we release this candidate?
> > > > >>>
> > > > >>> Enrico Olivelli
> > > >
> > > >
> > >
> >
>

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Zili Chen]

+1 (non-binding)

+ verify source tarball contains no binary files
+ verify binary tarball contains no source files

+ locally build by `mvn clean install -DskipTests -Pfull-build)` and verify
by `mvn verify`, tests pass

+ Verified basic zookeeper operation through Cli

Best,
tison.


Mohammad arshad  于2019年10月11日周五 下午2:38写道：

> +1 (non-binding)
> Verified checksums and signature
> Run UT on ubuntu 16.04 with jdk1.8.0_221 with non-root user. All 2554 UTs
> passed
> Verified basic zk operation through Cli
> Executed 4 letter word commands
> Verified admin server commands
> Ran rat
> All are OK :-)
>
>
> Thanks & Regards
> Mohammad Arshad
>
> -Original Message-
> From: sujith simon [mailto:sujithsimo...@gmail.com]
> Sent: Friday, October 11, 2019 11:32 AM
> To: dev@zookeeper.apache.org
> Subject: Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4
>
> +1 (non-binding)
>
> - Verified Checksum
> - Verified Signature
> - Verfied that tags are correct
> - Verified build, installed ZooKeeper and tested basic commands from
> source tarball
> - Installed ZooKeeper from bin tarball on a 3 node cluster and tested
> basic ZooKeeper commands
> - Verified that Unit tests are passing
>
> Thanks :)
>
>
> On Thu, Oct 10, 2019 at 2:53 PM Norbert Kalmar
> 
> wrote:
>
> > +1 (non-binding)
> >
> > - unit tests pass
> > - built and started ZK + run few commands from source tarball
> > - checked bin tarball, license files, run ZK + few commands
> > - signature OK.
> > - git tag OK :)
> >
> > Thanks Enrico!
> >
> > Norbert
> >
> > On Wed, Oct 9, 2019 at 10:45 PM Andor Molnar  wrote:
> >
> > > +1
> > >
> > > Verified…
> > >
> > > - checksums, signature,
> > > - unit tests
> > > - 3-node cluster smoke tests.
> > >
> > > Andor
> > >
> > >
> > > > On 2019. Oct 9., at 22:40, Enrico Olivelli 
> > wrote:
> > > >
> > > > Il mer 9 ott 2019, 21:14 Patrick Hunt  ha scritto:
> > > >
> > > >> +1 checksums/sig validated. rat ran clean and I was able to build
> > > >> +and
> > > >> exercise the code just fine with java 8.
> > > >>
> > > >> Note dep check is failing again however:
> > > >>
> > > >> jackson-databind-2.9.10.jar
> > > >> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
> > > >> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
> > > >> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
> > > >> CVE-2019-16942, CVE-2019-16943
> > > >>
> > > >> I looked at the issue and they seem very specific, given that and
> > > >> the status of databind these days I think we should get this one
> > > >> next time around vs re-re... spinning the rc. What do you think?
> > > >>
> > > >
> > > > Agreed.
> > > > And as we are doing a very limited use of Jackson we can look for
> > > > a replacement
> > > >
> > > > Enrico
> > > >
> > > >>
> > > >> Patrick
> > > >>
> > > >>
> > > >> On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli
> > > >> 
> > > >> wrote:
> > > >>
> > > >>> This is a bugfix release candidate for 3.5.6.
> > > >>>
> > > >>> It fixes 29 issues, including upgrade of third party libraries,
> > > >>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade
> > > >>> of
> > > Netty 4
> > > >>> and better procedure for the upgrade of servers from 3.4 to 3.5.
> > > >>>
> > > >>> The full release notes is available at:
> > > >>>
> > > >>>
> > > >>>
> > > >>
> > >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310
> > 801=12345243
> > > >>>
> > > >>> *** Please download, test and vote by October 11th 2019, 23:59
> UTC+0.
> > > ***
> > > >>>
> > > >>> Source files:
> > > >>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
> > > >>>
> > > >>> Maven staging repo:
> > > >>>
> > > >>
> > >
> > https://repository.apache.org/content/repositories/orgapachezookeeper-
> > 1044
> > > >>>
> > > >>> The release candidate tag in git to be voted upon:
> > > >>> release-3.5.6-rc4
> > > >>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
> > > >>>
> > > >>> ZooKeeper's KEYS file containing PGP keys we use to sign the
> release:
> > > >>> https://www.apache.org/dist/zookeeper/KEYS
> > > >>>
> > > >>> Should we release this candidate?
> > > >>>
> > > >>> Enrico Olivelli
> > >
> > >
> >
>

RE: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Mohammad arshad]

+1 (non-binding)
Verified checksums and signature
Run UT on ubuntu 16.04 with jdk1.8.0_221 with non-root user. All 2554 UTs passed
Verified basic zk operation through Cli
Executed 4 letter word commands
Verified admin server commands
Ran rat
All are OK :-)


Thanks & Regards
Mohammad Arshad

-Original Message-
From: sujith simon [mailto:sujithsimo...@gmail.com] 
Sent: Friday, October 11, 2019 11:32 AM
To: dev@zookeeper.apache.org
Subject: Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

+1 (non-binding)

- Verified Checksum
- Verified Signature
- Verfied that tags are correct
- Verified build, installed ZooKeeper and tested basic commands from source 
tarball
- Installed ZooKeeper from bin tarball on a 3 node cluster and tested basic 
ZooKeeper commands
- Verified that Unit tests are passing

Thanks :)


On Thu, Oct 10, 2019 at 2:53 PM Norbert Kalmar 
wrote:

> +1 (non-binding)
>
> - unit tests pass
> - built and started ZK + run few commands from source tarball
> - checked bin tarball, license files, run ZK + few commands
> - signature OK.
> - git tag OK :)
>
> Thanks Enrico!
>
> Norbert
>
> On Wed, Oct 9, 2019 at 10:45 PM Andor Molnar  wrote:
>
> > +1
> >
> > Verified…
> >
> > - checksums, signature,
> > - unit tests
> > - 3-node cluster smoke tests.
> >
> > Andor
> >
> >
> > > On 2019. Oct 9., at 22:40, Enrico Olivelli 
> wrote:
> > >
> > > Il mer 9 ott 2019, 21:14 Patrick Hunt  ha scritto:
> > >
> > >> +1 checksums/sig validated. rat ran clean and I was able to build 
> > >> +and
> > >> exercise the code just fine with java 8.
> > >>
> > >> Note dep check is failing again however:
> > >>
> > >> jackson-databind-2.9.10.jar
> > >> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
> > >> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
> > >> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
> > >> CVE-2019-16942, CVE-2019-16943
> > >>
> > >> I looked at the issue and they seem very specific, given that and 
> > >> the status of databind these days I think we should get this one 
> > >> next time around vs re-re... spinning the rc. What do you think?
> > >>
> > >
> > > Agreed.
> > > And as we are doing a very limited use of Jackson we can look for 
> > > a replacement
> > >
> > > Enrico
> > >
> > >>
> > >> Patrick
> > >>
> > >>
> > >> On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli 
> > >> 
> > >> wrote:
> > >>
> > >>> This is a bugfix release candidate for 3.5.6.
> > >>>
> > >>> It fixes 29 issues, including upgrade of third party libraries, 
> > >>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade 
> > >>> of
> > Netty 4
> > >>> and better procedure for the upgrade of servers from 3.4 to 3.5.
> > >>>
> > >>> The full release notes is available at:
> > >>>
> > >>>
> > >>>
> > >>
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310
> 801=12345243
> > >>>
> > >>> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0.
> > ***
> > >>>
> > >>> Source files:
> > >>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
> > >>>
> > >>> Maven staging repo:
> > >>>
> > >>
> >
> https://repository.apache.org/content/repositories/orgapachezookeeper-
> 1044
> > >>>
> > >>> The release candidate tag in git to be voted upon: 
> > >>> release-3.5.6-rc4
> > >>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
> > >>>
> > >>> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> > >>> https://www.apache.org/dist/zookeeper/KEYS
> > >>>
> > >>> Should we release this candidate?
> > >>>
> > >>> Enrico Olivelli
> >
> >
>

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[sujith simon]

+1 (non-binding)

- Verified Checksum
- Verified Signature
- Verfied that tags are correct
- Verified build, installed ZooKeeper and tested basic commands from source
tarball
- Installed ZooKeeper from bin tarball on a 3 node cluster and tested basic
ZooKeeper commands
- Verified that Unit tests are passing

Thanks :)


On Thu, Oct 10, 2019 at 2:53 PM Norbert Kalmar 
wrote:

> +1 (non-binding)
>
> - unit tests pass
> - built and started ZK + run few commands from source tarball
> - checked bin tarball, license files, run ZK + few commands
> - signature OK.
> - git tag OK :)
>
> Thanks Enrico!
>
> Norbert
>
> On Wed, Oct 9, 2019 at 10:45 PM Andor Molnar  wrote:
>
> > +1
> >
> > Verified…
> >
> > - checksums, signature,
> > - unit tests
> > - 3-node cluster smoke tests.
> >
> > Andor
> >
> >
> > > On 2019. Oct 9., at 22:40, Enrico Olivelli 
> wrote:
> > >
> > > Il mer 9 ott 2019, 21:14 Patrick Hunt  ha scritto:
> > >
> > >> +1 checksums/sig validated. rat ran clean and I was able to build and
> > >> exercise the code just fine with java 8.
> > >>
> > >> Note dep check is failing again however:
> > >>
> > >> jackson-databind-2.9.10.jar
> > >> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
> > >> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
> > >> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
> > >> CVE-2019-16942, CVE-2019-16943
> > >>
> > >> I looked at the issue and they seem very specific, given that and the
> > >> status of databind these days I think we should get this one next time
> > >> around vs re-re... spinning the rc. What do you think?
> > >>
> > >
> > > Agreed.
> > > And as we are doing a very limited use of Jackson we can look for a
> > > replacement
> > >
> > > Enrico
> > >
> > >>
> > >> Patrick
> > >>
> > >>
> > >> On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli 
> > >> wrote:
> > >>
> > >>> This is a bugfix release candidate for 3.5.6.
> > >>>
> > >>> It fixes 29 issues, including upgrade of third party libraries,
> > >>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of
> > Netty 4
> > >>> and better procedure for the upgrade of servers from 3.4 to 3.5.
> > >>>
> > >>> The full release notes is available at:
> > >>>
> > >>>
> > >>>
> > >>
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243
> > >>>
> > >>> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0.
> > ***
> > >>>
> > >>> Source files:
> > >>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
> > >>>
> > >>> Maven staging repo:
> > >>>
> > >>
> >
> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
> > >>>
> > >>> The release candidate tag in git to be voted upon: release-3.5.6-rc4
> > >>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
> > >>>
> > >>> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> > >>> https://www.apache.org/dist/zookeeper/KEYS
> > >>>
> > >>> Should we release this candidate?
> > >>>
> > >>> Enrico Olivelli
> >
> >
>

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Norbert Kalmar]

+1 (non-binding)

- unit tests pass
- built and started ZK + run few commands from source tarball
- checked bin tarball, license files, run ZK + few commands
- signature OK.
- git tag OK :)

Thanks Enrico!

Norbert

On Wed, Oct 9, 2019 at 10:45 PM Andor Molnar  wrote:

> +1
>
> Verified…
>
> - checksums, signature,
> - unit tests
> - 3-node cluster smoke tests.
>
> Andor
>
>
> > On 2019. Oct 9., at 22:40, Enrico Olivelli  wrote:
> >
> > Il mer 9 ott 2019, 21:14 Patrick Hunt  ha scritto:
> >
> >> +1 checksums/sig validated. rat ran clean and I was able to build and
> >> exercise the code just fine with java 8.
> >>
> >> Note dep check is failing again however:
> >>
> >> jackson-databind-2.9.10.jar
> >> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
> >> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
> >> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
> >> CVE-2019-16942, CVE-2019-16943
> >>
> >> I looked at the issue and they seem very specific, given that and the
> >> status of databind these days I think we should get this one next time
> >> around vs re-re... spinning the rc. What do you think?
> >>
> >
> > Agreed.
> > And as we are doing a very limited use of Jackson we can look for a
> > replacement
> >
> > Enrico
> >
> >>
> >> Patrick
> >>
> >>
> >> On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli 
> >> wrote:
> >>
> >>> This is a bugfix release candidate for 3.5.6.
> >>>
> >>> It fixes 29 issues, including upgrade of third party libraries,
> >>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of
> Netty 4
> >>> and better procedure for the upgrade of servers from 3.4 to 3.5.
> >>>
> >>> The full release notes is available at:
> >>>
> >>>
> >>>
> >>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243
> >>>
> >>> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0.
> ***
> >>>
> >>> Source files:
> >>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
> >>>
> >>> Maven staging repo:
> >>>
> >>
> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
> >>>
> >>> The release candidate tag in git to be voted upon: release-3.5.6-rc4
> >>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
> >>>
> >>> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> >>> https://www.apache.org/dist/zookeeper/KEYS
> >>>
> >>> Should we release this candidate?
> >>>
> >>> Enrico Olivelli
>
>

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Andor Molnar]

+1

Verified…

- checksums, signature,
- unit tests
- 3-node cluster smoke tests.

Andor


> On 2019. Oct 9., at 22:40, Enrico Olivelli  wrote:
> 
> Il mer 9 ott 2019, 21:14 Patrick Hunt  ha scritto:
> 
>> +1 checksums/sig validated. rat ran clean and I was able to build and
>> exercise the code just fine with java 8.
>> 
>> Note dep check is failing again however:
>> 
>> jackson-databind-2.9.10.jar
>> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
>> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
>> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
>> CVE-2019-16942, CVE-2019-16943
>> 
>> I looked at the issue and they seem very specific, given that and the
>> status of databind these days I think we should get this one next time
>> around vs re-re... spinning the rc. What do you think?
>> 
> 
> Agreed.
> And as we are doing a very limited use of Jackson we can look for a
> replacement
> 
> Enrico
> 
>> 
>> Patrick
>> 
>> 
>> On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli 
>> wrote:
>> 
>>> This is a bugfix release candidate for 3.5.6.
>>> 
>>> It fixes 29 issues, including upgrade of third party libraries,
>>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty 4
>>> and better procedure for the upgrade of servers from 3.4 to 3.5.
>>> 
>>> The full release notes is available at:
>>> 
>>> 
>>> 
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243
>>> 
>>> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0. ***
>>> 
>>> Source files:
>>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
>>> 
>>> Maven staging repo:
>>> 
>> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
>>> 
>>> The release candidate tag in git to be voted upon: release-3.5.6-rc4
>>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
>>> 
>>> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
>>> https://www.apache.org/dist/zookeeper/KEYS
>>> 
>>> Should we release this candidate?
>>> 
>>> Enrico Olivelli

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Enrico Olivelli]

Il mer 9 ott 2019, 21:14 Patrick Hunt  ha scritto:

> +1 checksums/sig validated. rat ran clean and I was able to build and
> exercise the code just fine with java 8.
>
> Note dep check is failing again however:
>
> jackson-databind-2.9.10.jar
> (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
> cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
> cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
> CVE-2019-16942, CVE-2019-16943
>
> I looked at the issue and they seem very specific, given that and the
> status of databind these days I think we should get this one next time
> around vs re-re... spinning the rc. What do you think?
>

Agreed.
And as we are doing a very limited use of Jackson we can look for a
replacement

Enrico

>
> Patrick
>
>
> On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli 
> wrote:
>
> > This is a bugfix release candidate for 3.5.6.
> >
> > It fixes 29 issues, including upgrade of third party libraries,
> > TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty 4
> > and better procedure for the upgrade of servers from 3.4 to 3.5.
> >
> > The full release notes is available at:
> >
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243
> >
> > *** Please download, test and vote by October 11th 2019, 23:59 UTC+0. ***
> >
> > Source files:
> > https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
> >
> > Maven staging repo:
> >
> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
> >
> > The release candidate tag in git to be voted upon: release-3.5.6-rc4
> > https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
> >
> > ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> > https://www.apache.org/dist/zookeeper/KEYS
> >
> > Should we release this candidate?
> >
> > Enrico Olivelli
> >
>

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Patrick Hunt]

+1 checksums/sig validated. rat ran clean and I was able to build and
exercise the code just fine with java 8.

Note dep check is failing again however:

jackson-databind-2.9.10.jar
(pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10,
cpe:2.3:a:fasterxml:jackson:2.9.10:*:*:*:*:*:*:*,
cpe:2.3:a:fasterxml:jackson-databind:2.9.10:*:*:*:*:*:*:*) :
CVE-2019-16942, CVE-2019-16943

I looked at the issue and they seem very specific, given that and the
status of databind these days I think we should get this one next time
around vs re-re... spinning the rc. What do you think?

Patrick


On Tue, Oct 8, 2019 at 1:46 PM Enrico Olivelli  wrote:

> This is a bugfix release candidate for 3.5.6.
>
> It fixes 29 issues, including upgrade of third party libraries,
> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty 4
> and better procedure for the upgrade of servers from 3.4 to 3.5.
>
> The full release notes is available at:
>
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243
>
> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0. ***
>
> Source files:
> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
>
> Maven staging repo:
> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
>
> The release candidate tag in git to be voted upon: release-3.5.6-rc4
> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
>
> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> https://www.apache.org/dist/zookeeper/KEYS
>
> Should we release this candidate?
>
> Enrico Olivelli
>

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Andor Molnar]

I hope we don’t have to create another RC because of this…

Andor



> On 2019. Oct 9., at 18:08, Enrico Olivelli  wrote:
> 
> Il mer 9 ott 2019, 17:55 Jordan Zimmerman  ha
> scritto:
> 
>> It's required by the Apache Release process:
>> 
>> http://www.apache.org/dev/release-distribution <
>> http://www.apache.org/dev/release-distribution>
>> 
>> For every artifact distributed to the public through Apache channels, the
>> PMC
>> 
>>• MUST supply a valid OpenPGP-compatible ASCII-armored detached
>> signature file
>>• MUST supply at least one checksum file
>>• SHOULD supply a SHA-256 and/or SHA-512 checksum file
>>• SHOULD NOT supply a MD5 or SHA-1 checksum file (because these
>> are deprecated)
>> 
>> For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT
>> supply MD5 or SHA-1. Existing releases do not need to be changed.
>> 
>>> On Oct 9, 2019, at 6:50 PM, Andor Molnar  wrote:
>>> 
>>> Checking.
>>> Why do we generated SHA512 sums for the gpg signatures?
>>> Is that intentional?
>> 
> 
> Good catch.
> The build generated those files and I uploaded all of them to the staging
> area.
> 
> It happens when you run
> mvn deploy -Papache-release
> 
> I felt they are desirable.
> 
> I will start another email thread.
> 
> Enrico
> 
>> 
>>> Andor
>>> 
>>> 
>>> 
 On 2019. Oct 8., at 22:36, Enrico Olivelli  wrote:
 
 This is a bugfix release candidate for 3.5.6.
 
 It fixes 29 issues, including upgrade of third party libraries,
 TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty
>> 4
 and better procedure for the upgrade of servers from 3.4 to 3.5.
 
 The full release notes is available at:
 
 
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243
 
 *** Please download, test and vote by October 11th 2019, 23:59 UTC+0.
>> ***
 
 Source files:
 https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
 
 Maven staging repo:
 
>> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
 
 The release candidate tag in git to be voted upon: release-3.5.6-rc4
 https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
 
 ZooKeeper's KEYS file containing PGP keys we use to sign the release:
 https://www.apache.org/dist/zookeeper/KEYS
 
 Should we release this candidate?
 
 Enrico Olivelli

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Enrico Olivelli]

Il mer 9 ott 2019, 17:55 Jordan Zimmerman  ha
scritto:

> It's required by the Apache Release process:
>
> http://www.apache.org/dev/release-distribution <
> http://www.apache.org/dev/release-distribution>
>
> For every artifact distributed to the public through Apache channels, the
> PMC
>
> • MUST supply a valid OpenPGP-compatible ASCII-armored detached
> signature file
> • MUST supply at least one checksum file
> • SHOULD supply a SHA-256 and/or SHA-512 checksum file
> • SHOULD NOT supply a MD5 or SHA-1 checksum file (because these
> are deprecated)
>
> For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT
> supply MD5 or SHA-1. Existing releases do not need to be changed.
>
> > On Oct 9, 2019, at 6:50 PM, Andor Molnar  wrote:
> >
> > Checking.
> > Why do we generated SHA512 sums for the gpg signatures?
> > Is that intentional?
>

Good catch.
The build generated those files and I uploaded all of them to the staging
area.

It happens when you run
mvn deploy -Papache-release

I felt they are desirable.

I will start another email thread.

Enrico

>
> > Andor
> >
> >
> >
> >> On 2019. Oct 8., at 22:36, Enrico Olivelli  wrote:
> >>
> >> This is a bugfix release candidate for 3.5.6.
> >>
> >> It fixes 29 issues, including upgrade of third party libraries,
> >> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty
> 4
> >> and better procedure for the upgrade of servers from 3.4 to 3.5.
> >>
> >> The full release notes is available at:
> >>
> >>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243
> >>
> >> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0.
> ***
> >>
> >> Source files:
> >> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
> >>
> >> Maven staging repo:
> >>
> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
> >>
> >> The release candidate tag in git to be voted upon: release-3.5.6-rc4
> >> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
> >>
> >> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> >> https://www.apache.org/dist/zookeeper/KEYS
> >>
> >> Should we release this candidate?
> >>
> >> Enrico Olivelli
> >
>
>

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Andor Molnar]

Yeah, we supply SHA512 sum and GPG signature for the tarballs.
But I don’t think we need to supply checksum for the GPG signatures too.

Here: https://archive.apache.org/dist/zookeeper/zookeeper-3.5.5/

Andor



> On 2019. Oct 9., at 17:54, Jordan Zimmerman  
> wrote:
> 
> It's required by the Apache Release process:
> 
> http://www.apache.org/dev/release-distribution 
> 
> 
> For every artifact distributed to the public through Apache channels, the PMC
> 
>   • MUST supply a valid OpenPGP-compatible ASCII-armored detached 
> signature file
>   • MUST supply at least one checksum file
>   • SHOULD supply a SHA-256 and/or SHA-512 checksum file
>   • SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are 
> deprecated)
> 
> For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT 
> supply MD5 or SHA-1. Existing releases do not need to be changed.
> 
>> On Oct 9, 2019, at 6:50 PM, Andor Molnar  wrote:
>> 
>> Checking.
>> Why do we generated SHA512 sums for the gpg signatures?
>> Is that intentional?
>> 
>> Andor
>> 
>> 
>> 
>>> On 2019. Oct 8., at 22:36, Enrico Olivelli  wrote:
>>> 
>>> This is a bugfix release candidate for 3.5.6.
>>> 
>>> It fixes 29 issues, including upgrade of third party libraries,
>>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty 4
>>> and better procedure for the upgrade of servers from 3.4 to 3.5.
>>> 
>>> The full release notes is available at:
>>> 
>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243
>>> 
>>> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0. ***
>>> 
>>> Source files:
>>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
>>> 
>>> Maven staging repo:
>>> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
>>> 
>>> The release candidate tag in git to be voted upon: release-3.5.6-rc4
>>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
>>> 
>>> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
>>> https://www.apache.org/dist/zookeeper/KEYS
>>> 
>>> Should we release this candidate?
>>> 
>>> Enrico Olivelli
>> 
> 

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Jordan Zimmerman]

It's required by the Apache Release process:

http://www.apache.org/dev/release-distribution 


For every artifact distributed to the public through Apache channels, the PMC

• MUST supply a valid OpenPGP-compatible ASCII-armored detached 
signature file
• MUST supply at least one checksum file
• SHOULD supply a SHA-256 and/or SHA-512 checksum file
• SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are 
deprecated)

For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT 
supply MD5 or SHA-1. Existing releases do not need to be changed.

> On Oct 9, 2019, at 6:50 PM, Andor Molnar  wrote:
> 
> Checking.
> Why do we generated SHA512 sums for the gpg signatures?
> Is that intentional?
> 
> Andor
> 
> 
> 
>> On 2019. Oct 8., at 22:36, Enrico Olivelli  wrote:
>> 
>> This is a bugfix release candidate for 3.5.6.
>> 
>> It fixes 29 issues, including upgrade of third party libraries,
>> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty 4
>> and better procedure for the upgrade of servers from 3.4 to 3.5.
>> 
>> The full release notes is available at:
>> 
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243
>> 
>> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0. ***
>> 
>> Source files:
>> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
>> 
>> Maven staging repo:
>> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
>> 
>> The release candidate tag in git to be voted upon: release-3.5.6-rc4
>> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
>> 
>> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
>> https://www.apache.org/dist/zookeeper/KEYS
>> 
>> Should we release this candidate?
>> 
>> Enrico Olivelli
> 

Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Andor Molnar]

Checking.
Why do we generated SHA512 sums for the gpg signatures?
Is that intentional?

Andor



> On 2019. Oct 8., at 22:36, Enrico Olivelli  wrote:
> 
> This is a bugfix release candidate for 3.5.6.
> 
> It fixes 29 issues, including upgrade of third party libraries,
> TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty 4
> and better procedure for the upgrade of servers from 3.4 to 3.5.
> 
> The full release notes is available at:
> 
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243
> 
> *** Please download, test and vote by October 11th 2019, 23:59 UTC+0. ***
> 
> Source files:
> https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4
> 
> Maven staging repo:
> https://repository.apache.org/content/repositories/orgapachezookeeper-1044
> 
> The release candidate tag in git to be voted upon: release-3.5.6-rc4
> https://github.com/apache/zookeeper/tree/release-3.5.6-rc4
> 
> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> https://www.apache.org/dist/zookeeper/KEYS
> 
> Should we release this candidate?
> 
> Enrico Olivelli

[VOTE] Apache ZooKeeper release 3.5.6 candidate 4

[Enrico Olivelli]

This is a bugfix release candidate for 3.5.6.

It fixes 29 issues, including upgrade of third party libraries,
TTL Node APIs for C API, support for PCKS12 Keystores, upgrade of Netty 4
and better procedure for the upgrade of servers from 3.4 to 3.5.

The full release notes is available at:

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801=12345243

*** Please download, test and vote by October 11th 2019, 23:59 UTC+0. ***

Source files:
https://people.apache.org/~eolivelli/zookeeper-3.5.6-candidate-4

Maven staging repo:
https://repository.apache.org/content/repositories/orgapachezookeeper-1044

The release candidate tag in git to be voted upon: release-3.5.6-rc4
https://github.com/apache/zookeeper/tree/release-3.5.6-rc4

ZooKeeper's KEYS file containing PGP keys we use to sign the release:
https://www.apache.org/dist/zookeeper/KEYS

Should we release this candidate?

Enrico Olivelli