Re: [DISCUSS] Release apache-calcite-1.21.0 (release candidate 1)

2019-09-17 Thread Stamatis Zampetakis 
Done, thanks for noticing.

I will add it also to the RM instructions along with some other minor
improvements.

Best,
Stamatis

On Tue, Sep 17, 2019 at 11:26 PM Julian Hyde  wrote:

> Stamatis,
>
> Can you mark 1.21 as released in JIRA [1].
>
> I don’t recall whether we ever made officially added this task to an RM’s
> responsibilities. I don’t mind doing it if you don’t have karma.
>
> Thank you, again, for being RM.
>
> Julian
>
> [1]
> https://issues.apache.org/jira/projects/CALCITE?selectedItem=com.atlassian.jira.jira-projects-plugin%3Arelease-page=released-unreleased
> <
> https://issues.apache.org/jira/projects/CALCITE?selectedItem=com.atlassian.jira.jira-projects-plugin:release-page=released-unreleased
> >
>
> > On Sep 15, 2019, at 7:38 PM, Danny Chan  wrote:
> >
> > Nice summary of the release problems, Stamatis ! Maybe we should put the
> precautions to the website so that other RM can follow in the next releases
> ~
> >
> > Best,
> > Danny Chan
> > 在 2019年9月12日 +0800 AM7:54,Stamatis Zampetakis ,写道:
> >> The release process for apache-calcite-1.21.0 is now complete.
> >>
> >> You can now commit again to the master.
> >>
> >> Once again, I would like to thank again all the members of the community
> >> that helped in getting 1.21.0 out the door. A special mention for the
> >> reviewers who helped getting in some great features dedicating a
> >> significant amount of their time.
> >>
> >> During the vote various issues were raised.
> >>
> >> Spurious .xml files were present in release candidate 0; I have the
> >> impression that they came up due to the dry run that I did just before
> the
> >> release (without performing a git clean). As it is not indicated in the
> >> documentation I am thinking to add a small notice.
> >>
> >> The build fails for certain locales due to CALCITE-2816; we agree that
> the
> >> build problem must be solved for 1.22.0.
> >>
> >> There are intermittent failures in the Pig module; CALCITE-3336 was
> logged
> >> and we should continue further discussions there.
> >>
> >> There were some small issues with the release notes (passive voice, and
> >> backticks); I took care of them in
> >>
> https://github.com/apache/calcite/commit/034bd7942c35d5b6c948dc6863a9a086fb82386c
> >> .
> >>
> >> There was a comment that adc1532de does not have tag calcite-1.21.0 but
> if
> >> I am not looking at the wrong place I think its there.
> >>
> >> The checksum hash that was communicated in the vote email was wrong;
> given
> >> that the correct one was send along with the artifacts and people used
> this
> >> for the checks I assume there is no problem.
> >>
> >> There are some minor problems with README and README.md files; I will
> >> update them in the following days.
> >>
> >> The instructions in "Publishing a release" related with the release
> >> announcement, and the Javadoc generation are slightly confusing. In
> order
> >> to generate the Javadoc we must be in the tag calcite-1.21.0 and not in
> the
> >> branch-1.21 and on the other hand the release announcement should be
> >> committed in the branch-1.21. It may be worth adding a few more details
> >> there.
> >>
> >> If I missed something else worth mentioning feel free to include it.
> >>
> >> Best,
> >> Stamatis
>
>

Re: [DISCUSS] Release apache-calcite-1.21.0 (release candidate 1)

2019-09-17 Thread Julian Hyde 
Stamatis,

Can you mark 1.21 as released in JIRA [1].

I don’t recall whether we ever made officially added this task to an RM’s 
responsibilities. I don’t mind doing it if you don’t have karma. 

Thank you, again, for being RM.

Julian

[1] 
https://issues.apache.org/jira/projects/CALCITE?selectedItem=com.atlassian.jira.jira-projects-plugin%3Arelease-page=released-unreleased
 


> On Sep 15, 2019, at 7:38 PM, Danny Chan  wrote:
> 
> Nice summary of the release problems, Stamatis ! Maybe we should put the 
> precautions to the website so that other RM can follow in the next releases ~
> 
> Best,
> Danny Chan
> 在 2019年9月12日 +0800 AM7:54,Stamatis Zampetakis ,写道:
>> The release process for apache-calcite-1.21.0 is now complete.
>> 
>> You can now commit again to the master.
>> 
>> Once again, I would like to thank again all the members of the community
>> that helped in getting 1.21.0 out the door. A special mention for the
>> reviewers who helped getting in some great features dedicating a
>> significant amount of their time.
>> 
>> During the vote various issues were raised.
>> 
>> Spurious .xml files were present in release candidate 0; I have the
>> impression that they came up due to the dry run that I did just before the
>> release (without performing a git clean). As it is not indicated in the
>> documentation I am thinking to add a small notice.
>> 
>> The build fails for certain locales due to CALCITE-2816; we agree that the
>> build problem must be solved for 1.22.0.
>> 
>> There are intermittent failures in the Pig module; CALCITE-3336 was logged
>> and we should continue further discussions there.
>> 
>> There were some small issues with the release notes (passive voice, and
>> backticks); I took care of them in
>> https://github.com/apache/calcite/commit/034bd7942c35d5b6c948dc6863a9a086fb82386c
>> .
>> 
>> There was a comment that adc1532de does not have tag calcite-1.21.0 but if
>> I am not looking at the wrong place I think its there.
>> 
>> The checksum hash that was communicated in the vote email was wrong; given
>> that the correct one was send along with the artifacts and people used this
>> for the checks I assume there is no problem.
>> 
>> There are some minor problems with README and README.md files; I will
>> update them in the following days.
>> 
>> The instructions in "Publishing a release" related with the release
>> announcement, and the Javadoc generation are slightly confusing. In order
>> to generate the Javadoc we must be in the tag calcite-1.21.0 and not in the
>> branch-1.21 and on the other hand the release announcement should be
>> committed in the branch-1.21. It may be worth adding a few more details
>> there.
>> 
>> If I missed something else worth mentioning feel free to include it.
>> 
>> Best,
>> Stamatis

Re: [DISCUSS] Release apache-calcite-1.21.0 (release candidate 1)

2019-09-15 Thread Danny Chan 
Nice summary of the release problems, Stamatis ! Maybe we should put the 
precautions to the website so that other RM can follow in the next releases ~

Best,
Danny Chan
在 2019年9月12日 +0800 AM7:54,Stamatis Zampetakis ,写道:
> The release process for apache-calcite-1.21.0 is now complete.
>
> You can now commit again to the master.
>
> Once again, I would like to thank again all the members of the community
> that helped in getting 1.21.0 out the door. A special mention for the
> reviewers who helped getting in some great features dedicating a
> significant amount of their time.
>
> During the vote various issues were raised.
>
> Spurious .xml files were present in release candidate 0; I have the
> impression that they came up due to the dry run that I did just before the
> release (without performing a git clean). As it is not indicated in the
> documentation I am thinking to add a small notice.
>
> The build fails for certain locales due to CALCITE-2816; we agree that the
> build problem must be solved for 1.22.0.
>
> There are intermittent failures in the Pig module; CALCITE-3336 was logged
> and we should continue further discussions there.
>
> There were some small issues with the release notes (passive voice, and
> backticks); I took care of them in
> https://github.com/apache/calcite/commit/034bd7942c35d5b6c948dc6863a9a086fb82386c
> .
>
> There was a comment that adc1532de does not have tag calcite-1.21.0 but if
> I am not looking at the wrong place I think its there.
>
> The checksum hash that was communicated in the vote email was wrong; given
> that the correct one was send along with the artifacts and people used this
> for the checks I assume there is no problem.
>
> There are some minor problems with README and README.md files; I will
> update them in the following days.
>
> The instructions in "Publishing a release" related with the release
> announcement, and the Javadoc generation are slightly confusing. In order
> to generate the Javadoc we must be in the tag calcite-1.21.0 and not in the
> branch-1.21 and on the other hand the release announcement should be
> committed in the branch-1.21. It may be worth adding a few more details
> there.
>
> If I missed something else worth mentioning feel free to include it.
>
> Best,
> Stamatis

Re: [DISCUSS] Release apache-calcite-1.21.0 (release candidate 1)

2019-09-12 Thread Stamatis Zampetakis 
I noticed the problem thanks to Andrei but I underestimated its importance.

Sorry about that!

On Thu, Sep 12, 2019 at 4:35 PM Julian Hyde  wrote:

> Yes, I screwed up. Everyone who voted screwed up. I should have voted ‘-1’
> because the hash of the artifacts I got from svn did not match the hash in
> the email. Let’s all do better next time.
>
> Still, no harm done. We know now that we were voting on the correct
> artifacts. We have a valid release.
>
> Julian
>
>
> > On Sep 12, 2019, at 5:54 AM, Michael Mior  wrote:
> >
> > +1 to everything Vladmir said. Thanks for the release Stamatis! I do
> > agree that the checksum issue shouldn't be ignored although an update
> > from the RM to the vote thread should be sufficient. Really, we rely
> > on the email of the RM not being compromised anyway if we assume we
> > can have a MITM between us and the hosted files.
> > --
> > Michael Mior
> > mm...@apache.org
> >
> > Le jeu. 12 sept. 2019 à 06:59, Vladimir Sitnikov
> >  a écrit :
> >>
> >> Stamatis, thanks for your work on this.
> >>
> >> Stamatis>The checksum hash that was communicated in the vote email was
> wrong
> >> Stamatis>given
> >> Stamatis>that the correct one was send along with the artifacts and
> people
> >> used this
> >> Stamatis>for the checks I assume there is no problem.
> >>
> >> I'm inclined that we should vote with -1 (or wait for RM to send the
> >> updated checksum) when checksum in the mail does not match to the
> checksum
> >> of the archive.
> >>
> >> Well, it is OK, if release manager sends updates, however it should not
> be
> >> the case that actual checksum
> >> differs from the one that was suggested in the vote mail.
> >>
> >> Different checksums might mean there's MITM attempt, and it sounds wrong
> >> that we "kind of ignore it".
> >> Even though I agree the impact in this case was quite low (e.g. I've
> >> personally verified PGP signature and ensured it was SHA512 based), we
> >> would probably want to refrain from repeating that practice.
> >>
> >> I would like to follow https://reproducible-builds.org/ to simplify
> release
> >> validation.
> >>
> >> Vladimir
>
>

Re: [DISCUSS] Release apache-calcite-1.21.0 (release candidate 1)

2019-09-12 Thread Julian Hyde 
Yes, I screwed up. Everyone who voted screwed up. I should have voted ‘-1’ 
because the hash of the artifacts I got from svn did not match the hash in the 
email. Let’s all do better next time.

Still, no harm done. We know now that we were voting on the correct artifacts. 
We have a valid release.

Julian


> On Sep 12, 2019, at 5:54 AM, Michael Mior  wrote:
> 
> +1 to everything Vladmir said. Thanks for the release Stamatis! I do
> agree that the checksum issue shouldn't be ignored although an update
> from the RM to the vote thread should be sufficient. Really, we rely
> on the email of the RM not being compromised anyway if we assume we
> can have a MITM between us and the hosted files.
> --
> Michael Mior
> mm...@apache.org
> 
> Le jeu. 12 sept. 2019 à 06:59, Vladimir Sitnikov
>  a écrit :
>> 
>> Stamatis, thanks for your work on this.
>> 
>> Stamatis>The checksum hash that was communicated in the vote email was wrong
>> Stamatis>given
>> Stamatis>that the correct one was send along with the artifacts and people
>> used this
>> Stamatis>for the checks I assume there is no problem.
>> 
>> I'm inclined that we should vote with -1 (or wait for RM to send the
>> updated checksum) when checksum in the mail does not match to the checksum
>> of the archive.
>> 
>> Well, it is OK, if release manager sends updates, however it should not be
>> the case that actual checksum
>> differs from the one that was suggested in the vote mail.
>> 
>> Different checksums might mean there's MITM attempt, and it sounds wrong
>> that we "kind of ignore it".
>> Even though I agree the impact in this case was quite low (e.g. I've
>> personally verified PGP signature and ensured it was SHA512 based), we
>> would probably want to refrain from repeating that practice.
>> 
>> I would like to follow https://reproducible-builds.org/ to simplify release
>> validation.
>> 
>> Vladimir

Re: [DISCUSS] Release apache-calcite-1.21.0 (release candidate 1)

2019-09-12 Thread Michael Mior 
+1 to everything Vladmir said. Thanks for the release Stamatis! I do
agree that the checksum issue shouldn't be ignored although an update
from the RM to the vote thread should be sufficient. Really, we rely
on the email of the RM not being compromised anyway if we assume we
can have a MITM between us and the hosted files.
--
Michael Mior
mm...@apache.org

Le jeu. 12 sept. 2019 à 06:59, Vladimir Sitnikov
 a écrit :
>
> Stamatis, thanks for your work on this.
>
> Stamatis>The checksum hash that was communicated in the vote email was wrong
> Stamatis>given
> Stamatis>that the correct one was send along with the artifacts and people
> used this
> Stamatis>for the checks I assume there is no problem.
>
> I'm inclined that we should vote with -1 (or wait for RM to send the
> updated checksum) when checksum in the mail does not match to the checksum
> of the archive.
>
> Well, it is OK, if release manager sends updates, however it should not be
> the case that actual checksum
> differs from the one that was suggested in the vote mail.
>
> Different checksums might mean there's MITM attempt, and it sounds wrong
> that we "kind of ignore it".
> Even though I agree the impact in this case was quite low (e.g. I've
> personally verified PGP signature and ensured it was SHA512 based), we
> would probably want to refrain from repeating that practice.
>
> I would like to follow https://reproducible-builds.org/ to simplify release
> validation.
>
> Vladimir

Re: [DISCUSS] Release apache-calcite-1.21.0 (release candidate 1)

2019-09-12 Thread Vladimir Sitnikov 
Stamatis, thanks for your work on this.

Stamatis>The checksum hash that was communicated in the vote email was wrong
Stamatis>given
Stamatis>that the correct one was send along with the artifacts and people
used this
Stamatis>for the checks I assume there is no problem.

I'm inclined that we should vote with -1 (or wait for RM to send the
updated checksum) when checksum in the mail does not match to the checksum
of the archive.

Well, it is OK, if release manager sends updates, however it should not be
the case that actual checksum
differs from the one that was suggested in the vote mail.

Different checksums might mean there's MITM attempt, and it sounds wrong
that we "kind of ignore it".
Even though I agree the impact in this case was quite low (e.g. I've
personally verified PGP signature and ensured it was SHA512 based), we
would probably want to refrain from repeating that practice.

I would like to follow https://reproducible-builds.org/ to simplify release
validation.

Vladimir