As others have said, there’s no way to retract a release when it’s gone to
Maven Central. (Many of us have noticed show-stopping bugs just after the
release.) The only remedy is to make a superseding release.
I don’t support adding a step where an IPMC member presses the release button.
Mistakes happen, no many how many layers of process you add. Nexus already has
a two-phase process, and it works well with the ASF release process.
Wayang are going to need a new release number, not just a new RC of the same
release. Otherwise their new binary artifacts won’t supersede those already out
there.
Julian
> On Jul 25, 2023, at 6:22 AM, Christofer Dutz
> wrote:
>
> (Also fixed what my mail client thought I wanted to say, to what I said in
> the subject ;-) )
>
> And I think the main problem with the leftpad was the general usage of the
> Maven equivalent of “LATEST” as a dependency version.
> So, anyone with a LATEST dependency that has built today, will have the 0.7.0
> version everyone with a sensible build management won’t be affected.
>
> Alternatively, most things that caused me to vote -1 actually don’t have an
> effect on the produced binaries.
> It was mostly stuff that applies for the source-distribution.
> So, I would in this case be in favor that they stage a new release candidate
> for 0.7.0, release that, and simply drop the nexus repo instead of
> re-releasing it.
>
> Chris
>
> Von: PJ Fanning
> Datum: Dienstag, 25. Juli 2023 um 14:54
> An: general@incubator.apache.org
> Betreff: Re: Little "upside" at the Wayang podling
> The difference here is that this release has just been made and has
> only been announced on the Wayang dev list. I find no evidence of it
> on the Wayang web site nor in the Apache announce mailing list.
>
> I understand the leftpad case but I don't think this is a similar
> case. Users who have upgraded to Wayang 0.7.0 can downgrade to Wayang
> 0.6.0.
>
>> On Tue, 25 Jul 2023 at 13:19, tison wrote:
>>
>>> So I guess we have to check how we can remove the artifacts.
>>
>> A central repository should not _remove_ artifacts. Rust's cargo crate can
>> mark as yanked and prevent further dependent but remain all the existing
>> one. Revoke artifacts can cause significant downstream effect - you may
>> take leftpad on npmjs as an example.
>>
>> Best,
>> tison.
>>
>>
>> Christofer Dutz 于2023年7月25日周二 19:14写道:
>>
>>> Hi PJ,
>>>
>>> Unfortunately, I had to vote -1 on the release and there’s no way on earth
>>> it would pass Justin ;-) …
>>> So, there will be another one.
>>>
>>> So I guess we have to check how we can remove the artifacts.
>>>
>>> Chris
>>>
>>>
>>> Von: PJ Fanning
>>> Datum: Dienstag, 25. Juli 2023 um 11:47
>>> An: general@incubator.apache.org
>>> Betreff: Re: Little "upside" at the Wayang podling
>>> It does seem like a good idea to do a 2 phase release to the Apache Nexus
>>> Repository. I think a lot of Apache projects use that approach. It means
>>> that the binary artifacts can be checked during the release voting along
>>> side the source release. Nexus allows you the drop the artifacts or to
>>> release them and this can be a good way to handle unsuccessful and
>>> successful release votes (respectively).
>>>
>>> It might make sense to bring the 0.7.0 release to an Incubator vote and if
>>> it passes then there isn't much harm. The Wayang team have announced this
>>> release on their dev mailing list but don't appear to have updated their
>>> download page [1] yet. Could we get them to respond to all the announcement
>>> emails to say that release vote is not yet complete and to ask people not
>>> use this release until the vote is finished?
>>>
>>> If the Incubator vote fails, I'm not sure but it may be feasible to see if
>>> the Maven team can remove the 0.7.0 artifacts.
>>>
>>> [1] https://wayang.apache.org/download/
>>>
>>> On 2023/07/25 09:28:00 Christofer Dutz wrote:
Hi all,
yesterday the Wayang podling was following the “release documentation”
>>> of a TLP and “forgot” to do the round over the IPMC.
However, they’ve already moved things to the release distro area (from
>>> where they’ve removed it after me contacting them) but in Nexus they
>>> clicked on “release” and the artifacts are out in the wild.
How to generally deal with this situation? I think in general it would
>>> be good, if releasing maven artifacts in Nexus was a two step thing … a)
>>> the project clicks on “release” and then an IPMC member has to confirm that.
Chris
>>>
>>> -
>>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>>> For additional commands, e-mail: general-h...@incubator.apache.org
>>>
>
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail:
