[RESULT][VOTE]: Apache HAWQ 2.3.0.0-incubating Release
The Apache HAWQ 2.3.0.0-incubating vote is now closed and has passed as follows: [3] +1 (binding) votes [0] -1 (binding) votes Overall vote breakdown as below: Konstantin Boudnik +1 (binding) Roman Shaposhnik +1 (binding) Alan Gates +1 (binding) The Apache HAWQ (incubating) community will proceed with the release. And the comments relating to Apache HAWQ incubating release will be updated in Wiki. Thank you! Best, Yi (yjin)
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
Yes, https://www.apache.org/dev/release-signing.html#basic-facts <https://www.apache.org/dev/release-signing.html#basic-facts> now makes sense. Thanks for updating it, sebb. > On Mar 14, 2018, at 6:15 PM, sebb <seb...@gmail.com> wrote: > > On 14 March 2018 at 19:11, Julian Hyde <jh...@apache.org> wrote: >> The guidance at https://www.apache.org/dev/release-signing.html#basic-facts >> <https://www.apache.org/dev/release-signing.html#basic-facts> is >> inconsistent with >> https://www.apache.org/dev/release-distribution#sigs-and-sums >> <https://www.apache.org/dev/release-distribution#sigs-and-sums>. The former >> says "Every artifact distributed by the Apache Software Foundation must be >> accompanied by a file … containing an MD5 checksum.”. Can someone please fix >> the former to be consistent with the latter. > > Done; please check it makes sense now. > >> >>> On Mar 6, 2018, at 9:58 PM, Henk P. Penning <penn...@uu.nl> wrote: >>> >>> On Wed, 7 Mar 2018, Yi JIN wrote: >>> >>>> Date: Wed, 7 Mar 2018 03:56:54 +0100 >>>> From: Yi JIN <y...@apache.org> >>>> To: general@incubator.apache.org >>>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >>> >>>> The artifacts can be downloaded here: >>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/ >>> >>> Recently the "release policy" [1] changed ; it (now) says : >>> >>> ... >>> * SHOULD NOT supply a MD5 checksum file >>> ... >>> >>> [1] https://www.apache.org/dev/release-distribution#sigs-and-sums >>> >>>> Yi Jin (yjin) >>> >>> Groeten, >>> >>> Henk Penning -- apache.org infrastructure ; dist & mirrors >>> >>> _ >>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ >>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ >>> Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ >>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ >>> >>> - >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> For additional commands, e-mail: general-h...@incubator.apache.org >>> >> > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org >
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
Hi IPMC members, Thank you so much for thoroughly verifying and discussing this release candidate and vote in time. The vote result will be presented in another mail. I will go back as well to check our release steps on Wiki to merge the discussed issues to make coming future releases smoother. Thank you again! Best, Yi (yjin) On Thu, Mar 15, 2018 at 12:15 PM, sebb <seb...@gmail.com> wrote: > On 14 March 2018 at 19:11, Julian Hyde <jh...@apache.org> wrote: > > The guidance at https://www.apache.org/dev/release-signing.html#basic- > facts <https://www.apache.org/dev/release-signing.html#basic-facts> is > inconsistent with https://www.apache.org/dev/ > release-distribution#sigs-and-sums <https://www.apache.org/dev/ > release-distribution#sigs-and-sums>. The former says "Every artifact > distributed by the Apache Software Foundation must be accompanied by a file > … containing an MD5 checksum.”. Can someone please fix the former to be > consistent with the latter. > > Done; please check it makes sense now. > > > > >> On Mar 6, 2018, at 9:58 PM, Henk P. Penning <penn...@uu.nl> wrote: > >> > >> On Wed, 7 Mar 2018, Yi JIN wrote: > >> > >>> Date: Wed, 7 Mar 2018 03:56:54 +0100 > >>> From: Yi JIN <y...@apache.org> > >>> To: general@incubator.apache.org > >>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release > >> > >>> The artifacts can be downloaded here: > >>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0. > 0-incubating.RC2/ > >> > >> Recently the "release policy" [1] changed ; it (now) says : > >> > >>... > >>* SHOULD NOT supply a MD5 checksum file > >>... > >> > >> [1] https://www.apache.org/dev/release-distribution#sigs-and-sums > >> > >>> Yi Jin (yjin) > >> > >> Groeten, > >> > >> Henk Penning -- apache.org infrastructure ; dist & mirrors > >> > >> _ > >> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ > >> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ > >> Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ > >> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ > >> > >> - > >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > >> For additional commands, e-mail: general-h...@incubator.apache.org > >> > > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
On 14 March 2018 at 19:11, Julian Hyde <jh...@apache.org> wrote: > The guidance at https://www.apache.org/dev/release-signing.html#basic-facts > <https://www.apache.org/dev/release-signing.html#basic-facts> is inconsistent > with https://www.apache.org/dev/release-distribution#sigs-and-sums > <https://www.apache.org/dev/release-distribution#sigs-and-sums>. The former > says "Every artifact distributed by the Apache Software Foundation must be > accompanied by a file … containing an MD5 checksum.”. Can someone please fix > the former to be consistent with the latter. Done; please check it makes sense now. > >> On Mar 6, 2018, at 9:58 PM, Henk P. Penning <penn...@uu.nl> wrote: >> >> On Wed, 7 Mar 2018, Yi JIN wrote: >> >>> Date: Wed, 7 Mar 2018 03:56:54 +0100 >>> From: Yi JIN <y...@apache.org> >>> To: general@incubator.apache.org >>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >> >>> The artifacts can be downloaded here: >>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/ >> >> Recently the "release policy" [1] changed ; it (now) says : >> >>... >>* SHOULD NOT supply a MD5 checksum file >>... >> >> [1] https://www.apache.org/dev/release-distribution#sigs-and-sums >> >>> Yi Jin (yjin) >> >> Groeten, >> >> Henk Penning -- apache.org infrastructure ; dist & mirrors >> >> _ >> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ >> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ >> Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ >> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ >> >> - >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
The guidance at https://www.apache.org/dev/release-signing.html#basic-facts <https://www.apache.org/dev/release-signing.html#basic-facts> is inconsistent with https://www.apache.org/dev/release-distribution#sigs-and-sums <https://www.apache.org/dev/release-distribution#sigs-and-sums>. The former says "Every artifact distributed by the Apache Software Foundation must be accompanied by a file … containing an MD5 checksum.”. Can someone please fix the former to be consistent with the latter. > On Mar 6, 2018, at 9:58 PM, Henk P. Penning <penn...@uu.nl> wrote: > > On Wed, 7 Mar 2018, Yi JIN wrote: > >> Date: Wed, 7 Mar 2018 03:56:54 +0100 >> From: Yi JIN <y...@apache.org> >> To: general@incubator.apache.org >> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release > >> The artifacts can be downloaded here: >> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/ > > Recently the "release policy" [1] changed ; it (now) says : > >... >* SHOULD NOT supply a MD5 checksum file >... > > [1] https://www.apache.org/dev/release-distribution#sigs-and-sums > >> Yi Jin (yjin) > > Groeten, > > Henk Penning -- apache.org infrastructure ; dist & mirrors > > _ > Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ > Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ > Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ > http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org >
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
On 13 March 2018 at 17:34, Henk P. Penning <penn...@uu.nl> wrote: > On Tue, 13 Mar 2018, Alan Gates wrote: > >> Date: Tue, 13 Mar 2018 18:04:08 +0100 >> From: Alan Gates <alanfga...@gmail.com> >> To: general@incubator.apache.org >> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >> >> I can't find a KEYS file anywhere in HAWQ to check the key >> against. There is also no name associated with the key, so I'm not >> clear how to check the signature. > > > Actually, you don't need a KEYS file to verify a .asc : > > % gpg apache-hawq-src-2.3.0.0-incubating.tar.gz.asc > gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET > gpg:using RSA key CE60F90D1333092A > gpg: Can't check signature: No public key > > No public key ; so, fetch it : > > % gpg --keyserver pgp.surfnet.nl --recv-key CE60F90D1333092A > gpg: requesting key CE60F90D1333092A from hkp server pgp.surfnet.nl > gpg: key CE60F90D1333092A: public key "Yi Jin <y...@apache.org>" imported > gpg: Total number processed: 1 > gpg: imported: 1 (RSA: 1) > > ... and --verify : > > % gpg --verify apache-hawq-src-2.3.0.0-incubating.tar.gz.asc > gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET > gpg:using RSA key CE60F90D1333092A > gpg: Good signature from "Yi Jin <y...@apache.org>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 > 092A > > % gpg --verify apache-hawq-rpm-2.3.0.0-incubating-rc2.tar.gz.asc > gpg: Signature made Tue 27 Feb 2018 04:38:53 AM CET > gpg:using RSA key CE60F90D1333092A > gpg: Good signature from "Yi Jin <y...@apache.org>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 > 092A > > Note : > - Always use long (16-hex) key-id's, because short (8-hex) > key-id's often point (also) to fake keys. > In your $HOME/.gnupg/gpg.conf configure : keyid-format long > - To check that CE60F90D1333092A is authorised to sign the artifacts, > is another matter. > > IMHO, KEYS files serve no purpose. Since that disagrees with the long-establishe policy, changes need to be agreed with the policy holder before they can be promoted. Also, I think the KEYS file does serve a purpose: - anyone can upload a key to a key-server, but changes to the KEYS file can only be done by a committer/PMC member. - the KEYS file is automatically stored with the archived releases and so acts as an archive of historic keys. > Regards, > > Henk Penning > > _ > Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ > Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ > Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ > http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ > >> On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik <ro...@shaposhnik.org> >> wrote: >> >>> +1 (binding) >>> >>> * checked sigs and checksums >>> * checked licenses >>> * checked for archive matching git tag >>> >>> Thanks, >>> Roman. >>> >>> >>> On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik <c...@apache.org> >>> wrote: >>>> >>>> +1 [biding] >>>> >>>> - signature check [ok] >>>> - checksum check [ok] >>>> - licenses check (RAT) [ok] >>>> >>>> I haven't tried to build it because of the complexity of the build >>>> process and multiplicity of the environment configurations. To lower >>>> the entry barrier, I would recommend the community to think how to >>>> wrap these steps into the build system. You can go as far as to >>>> provide an "official" toolchain for the project. In Bigtop, we even >>>> provide official Docker containers were people can start working with >>>> the project in under 2 minutes and without any need for additional >>>> error prone configuration steps. >>>> -- >>>> With regards, >>>> Konstantin (Cos) Boudnik >>>> 2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 E622 >>>> >>>> Disclaimer: Opi
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
Henk kindly pointed me to the KEYS file that I had missed, thank you. So, +1. I checked the signatures, the LICENSE, NOTICE, and DISCLAIMER files. Alan. On Tue, Mar 13, 2018 at 10:42 AM, Alan Gates <alanfga...@gmail.com> wrote: > Per https://www.apache.org/dev/release-distribution#sigs-and-sums > correctly, the KEYS file is required, hence my comment. > > Alan. > > On Tue, Mar 13, 2018 at 10:34 AM, Henk P. Penning <penn...@uu.nl> wrote: > >> On Tue, 13 Mar 2018, Alan Gates wrote: >> >> Date: Tue, 13 Mar 2018 18:04:08 +0100 >>> From: Alan Gates <alanfga...@gmail.com> >>> To: general@incubator.apache.org >>> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >>> >>> I can't find a KEYS file anywhere in HAWQ to check the key >>> against. There is also no name associated with the key, so I'm not >>> clear how to check the signature. >>> >> >> Actually, you don't need a KEYS file to verify a .asc : >> >> % gpg apache-hawq-src-2.3.0.0-incubating.tar.gz.asc >> gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET >> gpg:using RSA key CE60F90D1333092A >> gpg: Can't check signature: No public key >> >> No public key ; so, fetch it : >> >> % gpg --keyserver pgp.surfnet.nl --recv-key CE60F90D1333092A >> gpg: requesting key CE60F90D1333092A from hkp server pgp.surfnet.nl >> gpg: key CE60F90D1333092A: public key "Yi Jin <y...@apache.org>" >> imported >> gpg: Total number processed: 1 >> gpg: imported: 1 (RSA: 1) >> >> ... and --verify : >> >> % gpg --verify apache-hawq-src-2.3.0.0-incubating.tar.gz.asc >> gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET >> gpg:using RSA key CE60F90D1333092A >> gpg: Good signature from "Yi Jin <y...@apache.org>" >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the >> owner. >> Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 >> 092A >> >> % gpg --verify apache-hawq-rpm-2.3.0.0-incubating-rc2.tar.gz.asc >> gpg: Signature made Tue 27 Feb 2018 04:38:53 AM CET >> gpg:using RSA key CE60F90D1333092A >> gpg: Good signature from "Yi Jin <y...@apache.org>" >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the >> owner. >> Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 >> 092A >> >> Note : >> - Always use long (16-hex) key-id's, because short (8-hex) >> key-id's often point (also) to fake keys. >> In your $HOME/.gnupg/gpg.conf configure : keyid-format long >> - To check that CE60F90D1333092A is authorised to sign the artifacts, >> is another matter. >> >> IMHO, KEYS files serve no purpose. >> >> Regards, >> >> Henk Penning >> >> _ >> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ >> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ >> Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ >> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ >> >> On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik <ro...@shaposhnik.org> >>> wrote: >>> >>> +1 (binding) >>>> >>>> * checked sigs and checksums >>>> * checked licenses >>>> * checked for archive matching git tag >>>> >>>> Thanks, >>>> Roman. >>>> >>>> >>>> On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik <c...@apache.org> >>>> wrote: >>>> >>>>> +1 [biding] >>>>> >>>>> - signature check [ok] >>>>> - checksum check [ok] >>>>> - licenses check (RAT) [ok] >>>>> >>>>> I haven't tried to build it because of the complexity of the build >>>>> process and multiplicity of the environment configurations. To lower >>>>> the entry barrier, I would recommend the community to think how to >>>>> wrap these steps into the build system. You can go as far as to >>>>> provide an "official" toolchain for the project. In Bigtop, we even >>>>> provide official Docker containers were
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
Per https://www.apache.org/dev/release-distribution#sigs-and-sums correctly, the KEYS file is required, hence my comment. Alan. On Tue, Mar 13, 2018 at 10:34 AM, Henk P. Penning <penn...@uu.nl> wrote: > On Tue, 13 Mar 2018, Alan Gates wrote: > > Date: Tue, 13 Mar 2018 18:04:08 +0100 >> From: Alan Gates <alanfga...@gmail.com> >> To: general@incubator.apache.org >> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >> >> I can't find a KEYS file anywhere in HAWQ to check the key >> against. There is also no name associated with the key, so I'm not >> clear how to check the signature. >> > > Actually, you don't need a KEYS file to verify a .asc : > > % gpg apache-hawq-src-2.3.0.0-incubating.tar.gz.asc > gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET > gpg:using RSA key CE60F90D1333092A > gpg: Can't check signature: No public key > > No public key ; so, fetch it : > > % gpg --keyserver pgp.surfnet.nl --recv-key CE60F90D1333092A > gpg: requesting key CE60F90D1333092A from hkp server pgp.surfnet.nl > gpg: key CE60F90D1333092A: public key "Yi Jin <y...@apache.org>" > imported > gpg: Total number processed: 1 > gpg: imported: 1 (RSA: 1) > > ... and --verify : > > % gpg --verify apache-hawq-src-2.3.0.0-incubating.tar.gz.asc > gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET > gpg:using RSA key CE60F90D1333092A > gpg: Good signature from "Yi Jin <y...@apache.org>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 > 092A > > % gpg --verify apache-hawq-rpm-2.3.0.0-incubating-rc2.tar.gz.asc > gpg: Signature made Tue 27 Feb 2018 04:38:53 AM CET > gpg:using RSA key CE60F90D1333092A > gpg: Good signature from "Yi Jin <y...@apache.org>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 > 092A > > Note : > - Always use long (16-hex) key-id's, because short (8-hex) > key-id's often point (also) to fake keys. > In your $HOME/.gnupg/gpg.conf configure : keyid-format long > - To check that CE60F90D1333092A is authorised to sign the artifacts, > is another matter. > > IMHO, KEYS files serve no purpose. > > Regards, > > Henk Penning > > _ > Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ > Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ > Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ > http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ > > On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik <ro...@shaposhnik.org> >> wrote: >> >> +1 (binding) >>> >>> * checked sigs and checksums >>> * checked licenses >>> * checked for archive matching git tag >>> >>> Thanks, >>> Roman. >>> >>> >>> On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik <c...@apache.org> >>> wrote: >>> >>>> +1 [biding] >>>> >>>> - signature check [ok] >>>> - checksum check [ok] >>>> - licenses check (RAT) [ok] >>>> >>>> I haven't tried to build it because of the complexity of the build >>>> process and multiplicity of the environment configurations. To lower >>>> the entry barrier, I would recommend the community to think how to >>>> wrap these steps into the build system. You can go as far as to >>>> provide an "official" toolchain for the project. In Bigtop, we even >>>> provide official Docker containers were people can start working with >>>> the project in under 2 minutes and without any need for additional >>>> error prone configuration steps. >>>> -- >>>> With regards, >>>> Konstantin (Cos) Boudnik >>>> 2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 E622 >>>> >>>> Disclaimer: Opinions expressed in this email are those of the author, >>>> and do not necessarily represent the views of any company the author >>>> might be affiliated with at the moment of writing. >>>> >>>> >>>> On Tue, Mar 6, 2018 a
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
On Tue, 13 Mar 2018, Alan Gates wrote: Date: Tue, 13 Mar 2018 18:04:08 +0100 From: Alan Gates <alanfga...@gmail.com> To: general@incubator.apache.org Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release I can't find a KEYS file anywhere in HAWQ to check the key against. There is also no name associated with the key, so I'm not clear how to check the signature. Actually, you don't need a KEYS file to verify a .asc : % gpg apache-hawq-src-2.3.0.0-incubating.tar.gz.asc gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET gpg:using RSA key CE60F90D1333092A gpg: Can't check signature: No public key No public key ; so, fetch it : % gpg --keyserver pgp.surfnet.nl --recv-key CE60F90D1333092A gpg: requesting key CE60F90D1333092A from hkp server pgp.surfnet.nl gpg: key CE60F90D1333092A: public key "Yi Jin <y...@apache.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) ... and --verify : % gpg --verify apache-hawq-src-2.3.0.0-incubating.tar.gz.asc gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET gpg:using RSA key CE60F90D1333092A gpg: Good signature from "Yi Jin <y...@apache.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 092A % gpg --verify apache-hawq-rpm-2.3.0.0-incubating-rc2.tar.gz.asc gpg: Signature made Tue 27 Feb 2018 04:38:53 AM CET gpg:using RSA key CE60F90D1333092A gpg: Good signature from "Yi Jin <y...@apache.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 41B0 0770 75DF DAFC F809 9A91 CE60 F90D 1333 092A Note : - Always use long (16-hex) key-id's, because short (8-hex) key-id's often point (also) to fake keys. In your $HOME/.gnupg/gpg.conf configure : keyid-format long - To check that CE60F90D1333092A is authorised to sign the artifacts, is another matter. IMHO, KEYS files serve no purpose. Regards, Henk Penning _ Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik <ro...@shaposhnik.org> wrote: +1 (binding) * checked sigs and checksums * checked licenses * checked for archive matching git tag Thanks, Roman. On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik <c...@apache.org> wrote: +1 [biding] - signature check [ok] - checksum check [ok] - licenses check (RAT) [ok] I haven't tried to build it because of the complexity of the build process and multiplicity of the environment configurations. To lower the entry barrier, I would recommend the community to think how to wrap these steps into the build system. You can go as far as to provide an "official" toolchain for the project. In Bigtop, we even provide official Docker containers were people can start working with the project in under 2 minutes and without any need for additional error prone configuration steps. -- With regards, Konstantin (Cos) Boudnik 2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 E622 Disclaimer: Opinions expressed in this email are those of the author, and do not necessarily represent the views of any company the author might be affiliated with at the moment of writing. On Tue, Mar 6, 2018 at 6:56 PM, Yi JIN <y...@apache.org> wrote: Hi IPMC members, The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has passed. So I request IPMC now to vote on this release candidate. Thank you! The release page is here: https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0- incubating+Release The PPMC vote thread is located here: https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54 156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E The artifacts can be downloaded here: https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0. 0-incubating.RC2/ The artifacts have been signed with Key : CE60F90D1333092A All JIRAs completed for this release are tagged with 'FixVersion =2.3.0.0-incubating' https://issues.apache.org/jira/secure/ReleaseNote.jspa? version=12340262=Html=12318826 Please vote accordingly: [ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release [ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating release because... The vote will run for at least 72 hours. Best regards, Yi Jin (yjin) ---
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
I can't find a KEYS file anywhere in HAWQ to check the key against. There is also no name associated with the key, so I'm not clear how to check the signature. Other than that release looks fine. On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnikwrote: > +1 (binding) > > * checked sigs and checksums > * checked licenses > * checked for archive matching git tag > > Thanks, > Roman. > > > On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik > wrote: > > +1 [biding] > > > > - signature check [ok] > > - checksum check [ok] > > - licenses check (RAT) [ok] > > > > I haven't tried to build it because of the complexity of the build > > process and multiplicity of the environment configurations. To lower > > the entry barrier, I would recommend the community to think how to > > wrap these steps into the build system. You can go as far as to > > provide an "official" toolchain for the project. In Bigtop, we even > > provide official Docker containers were people can start working with > > the project in under 2 minutes and without any need for additional > > error prone configuration steps. > > -- > > With regards, > > Konstantin (Cos) Boudnik > > 2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 E622 > > > > Disclaimer: Opinions expressed in this email are those of the author, > > and do not necessarily represent the views of any company the author > > might be affiliated with at the moment of writing. > > > > > > On Tue, Mar 6, 2018 at 6:56 PM, Yi JIN wrote: > >> Hi IPMC members, > >> > >> The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has passed. > >> So I request IPMC now to vote on this release candidate. Thank you! > >> > >> The release page is here: > >> https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0- > incubating+Release > >> > >> The PPMC vote thread is located here: > >> https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54 > 156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E > >> > >> The artifacts can be downloaded here: > >> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0. > 0-incubating.RC2/ > >> The artifacts have been signed with Key : CE60F90D1333092A > >> > >> All JIRAs completed for this release are tagged with 'FixVersion > >> =2.3.0.0-incubating' > >> https://issues.apache.org/jira/secure/ReleaseNote.jspa? > version=12340262=Html=12318826 > >> > >> Please vote accordingly: > >> [ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release > >> [ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating > release > >> because... > >> > >> The vote will run for at least 72 hours. > >> > >> Best regards, > >> Yi Jin (yjin) > > > > - > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
+1 (binding) * checked sigs and checksums * checked licenses * checked for archive matching git tag Thanks, Roman. On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnikwrote: > +1 [biding] > > - signature check [ok] > - checksum check [ok] > - licenses check (RAT) [ok] > > I haven't tried to build it because of the complexity of the build > process and multiplicity of the environment configurations. To lower > the entry barrier, I would recommend the community to think how to > wrap these steps into the build system. You can go as far as to > provide an "official" toolchain for the project. In Bigtop, we even > provide official Docker containers were people can start working with > the project in under 2 minutes and without any need for additional > error prone configuration steps. > -- > With regards, > Konstantin (Cos) Boudnik > 2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 E622 > > Disclaimer: Opinions expressed in this email are those of the author, > and do not necessarily represent the views of any company the author > might be affiliated with at the moment of writing. > > > On Tue, Mar 6, 2018 at 6:56 PM, Yi JIN wrote: >> Hi IPMC members, >> >> The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has passed. >> So I request IPMC now to vote on this release candidate. Thank you! >> >> The release page is here: >> https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0-incubating+Release >> >> The PPMC vote thread is located here: >> https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E >> >> The artifacts can be downloaded here: >> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/ >> The artifacts have been signed with Key : CE60F90D1333092A >> >> All JIRAs completed for this release are tagged with 'FixVersion >> =2.3.0.0-incubating' >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12340262=Html=12318826 >> >> Please vote accordingly: >> [ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release >> [ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating release >> because... >> >> The vote will run for at least 72 hours. >> >> Best regards, >> Yi Jin (yjin) > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
+1 [biding] - signature check [ok] - checksum check [ok] - licenses check (RAT) [ok] I haven't tried to build it because of the complexity of the build process and multiplicity of the environment configurations. To lower the entry barrier, I would recommend the community to think how to wrap these steps into the build system. You can go as far as to provide an "official" toolchain for the project. In Bigtop, we even provide official Docker containers were people can start working with the project in under 2 minutes and without any need for additional error prone configuration steps. -- With regards, Konstantin (Cos) Boudnik 2CAC 8312 4870 D885 8616 6115 220F 6980 1F27 E622 Disclaimer: Opinions expressed in this email are those of the author, and do not necessarily represent the views of any company the author might be affiliated with at the moment of writing. On Tue, Mar 6, 2018 at 6:56 PM, Yi JINwrote: > Hi IPMC members, > > The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has passed. > So I request IPMC now to vote on this release candidate. Thank you! > > The release page is here: > https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0-incubating+Release > > The PPMC vote thread is located here: > https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E > > The artifacts can be downloaded here: > https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/ > The artifacts have been signed with Key : CE60F90D1333092A > > All JIRAs completed for this release are tagged with 'FixVersion > =2.3.0.0-incubating' > https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12340262=Html=12318826 > > Please vote accordingly: > [ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release > [ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating release > because... > > The vote will run for at least 72 hours. > > Best regards, > Yi Jin (yjin) - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
Henk, Thank you very much! Best, Yi (yjin) On Thu, Mar 8, 2018 at 12:35 PM, Henk P. Penning <penn...@uu.nl> wrote: > On Thu, 8 Mar 2018, Yi JIN wrote: > > Date: Thu, 8 Mar 2018 00:34:02 +0100 >> From: Yi JIN <y...@apache.org> >> To: general@incubator.apache.org >> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >> >> Hi IPMC members, >> >> I dropped MD5 checksum files from this candidate following Groeten's >> comment. I'm not sure if we can continue this vote or I have to move back >> to PPMC to prepare another candidate. Thanks. >> > > just continue the vote. > > Yi Jin (yjin) >> > > Regards, > > Henk Penning > > > On Thu, Mar 8, 2018 at 9:41 AM, Yi JIN <y...@apache.org> wrote: >> >> Hi IPMC members, >>> >>> I dropped MD5 checksum files from this candidate following Groeten's >>> comment. I'm now sure if we can continue this vote or I have to move back >>> to PPMC to generate another candidate. >>> >>> Best, >>> Yi Jin (yjin) >>> >>> On Wed, Mar 7, 2018 at 5:43 PM, Makoto Yui <m...@apache.org> wrote: >>> >>> Groeten, >>>> >>>> Thanks for clarification. >>>> >>>> Makoto >>>> >>>> 2018-03-07 15:27 GMT+09:00 Henk P. Penning <penn...@uu.nl>: >>>> >>>>> On Wed, 7 Mar 2018, Makoto Yui wrote: >>>>> >>>>> Date: Wed, 7 Mar 2018 07:15:15 +0100 >>>>>> From: Makoto Yui <m...@apache.org> >>>>>> To: general@incubator.apache.org >>>>>> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >>>>>> >>>>>> Recently the "release policy" [1] changed ; it (now) says : >>>>>>> >>>>>> >>>>>> >>>>>> Good to know about it. >>>>>> >>>>>> MUST supply at least one (SHA or MD5) checksum file, >>>>>>> SHOULD NOT supply a MD5 checksum file (because MD5 is too broken). >>>>>>> >>>>>> >>>>> >>>>> This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?) >>>>>> >>>>> >>>>> >>>>> See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt >>>>> >>>>> "MUST", "SHOULD", "SHOULD NOT" etc are technical terms. >>>>> RFC 2119 explains what they mean. >>>>> >>>>> Hint : >>>>> >>>>> MUST == obligation ; a strict requirement >>>>> SHOULD == recommendation ; >>>>> >>>>> Note : the policy can't say "MUST supply SHA checksum", >>>>> because many projects have older releases in /dist/ >>>>> that are MD5-only ; under "new policy", that is >>>>> frowned upon, but not forbidden. >>>>> >>>>> Makoto >>>>>> >>>>> >>>>> >>>>> Groeten, >>>>> >>>>> HPP >>>>> >>>>> >>>>> _ >>>>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ >>>>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ >>>>> Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ >>>>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ >>>>> >>>>> 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>: >>>>>> >>>>>>> >>>>>>> On Wed, 7 Mar 2018, Yi JIN wrote: >>>>>>> >>>>>>> Date: Wed, 7 Mar 2018 03:56:54 +0100 >>>>>>>> From: Yi JIN <y...@apache.org> >>>>>>>> To: general@incubator.apache.org >>>>>>>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> The artifacts can be downloaded here: >>>>>>>> >>>>>>>> >>>>>>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0. >>>>>>>> >>>>>>> 0-incuba
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
On Thu, 8 Mar 2018, Yi JIN wrote: Date: Thu, 8 Mar 2018 00:34:02 +0100 From: Yi JIN <y...@apache.org> To: general@incubator.apache.org Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release Hi IPMC members, I dropped MD5 checksum files from this candidate following Groeten's comment. I'm not sure if we can continue this vote or I have to move back to PPMC to prepare another candidate. Thanks. just continue the vote. Yi Jin (yjin) Regards, Henk Penning On Thu, Mar 8, 2018 at 9:41 AM, Yi JIN <y...@apache.org> wrote: Hi IPMC members, I dropped MD5 checksum files from this candidate following Groeten's comment. I'm now sure if we can continue this vote or I have to move back to PPMC to generate another candidate. Best, Yi Jin (yjin) On Wed, Mar 7, 2018 at 5:43 PM, Makoto Yui <m...@apache.org> wrote: Groeten, Thanks for clarification. Makoto 2018-03-07 15:27 GMT+09:00 Henk P. Penning <penn...@uu.nl>: On Wed, 7 Mar 2018, Makoto Yui wrote: Date: Wed, 7 Mar 2018 07:15:15 +0100 From: Makoto Yui <m...@apache.org> To: general@incubator.apache.org Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release Recently the "release policy" [1] changed ; it (now) says : Good to know about it. MUST supply at least one (SHA or MD5) checksum file, SHOULD NOT supply a MD5 checksum file (because MD5 is too broken). This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?) See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt "MUST", "SHOULD", "SHOULD NOT" etc are technical terms. RFC 2119 explains what they mean. Hint : MUST == obligation ; a strict requirement SHOULD == recommendation ; Note : the policy can't say "MUST supply SHA checksum", because many projects have older releases in /dist/ that are MD5-only ; under "new policy", that is frowned upon, but not forbidden. Makoto Groeten, HPP _ Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>: On Wed, 7 Mar 2018, Yi JIN wrote: Date: Wed, 7 Mar 2018 03:56:54 +0100 From: Yi JIN <y...@apache.org> To: general@incubator.apache.org Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release The artifacts can be downloaded here: https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0. 0-incubating.RC2/ Recently the "release policy" [1] changed ; it (now) says : ... * SHOULD NOT supply a MD5 checksum file ... [1] https://www.apache.org/dev/release-distribution#sigs-and-sums Yi Jin (yjin) Groeten, Henk Penning -- apache.org infrastructure ; dist & mirrors _ Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org -- Makoto YUI Research Engineer, Treasure Data, Inc. http://myui.github.io/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org -- Makoto YUI Research Engineer, Treasure Data, Inc. http://myui.github.io/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org _ Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
Hi IPMC members, I dropped MD5 checksum files from this candidate following Groeten's comment. I'm not sure if we can continue this vote or I have to move back to PPMC to prepare another candidate. Thanks. Best, Yi Jin (yjin) On Thu, Mar 8, 2018 at 9:41 AM, Yi JIN <y...@apache.org> wrote: > Hi IPMC members, > > I dropped MD5 checksum files from this candidate following Groeten's > comment. I'm now sure if we can continue this vote or I have to move back > to PPMC to generate another candidate. > > Best, > Yi Jin (yjin) > > On Wed, Mar 7, 2018 at 5:43 PM, Makoto Yui <m...@apache.org> wrote: > >> Groeten, >> >> Thanks for clarification. >> >> Makoto >> >> 2018-03-07 15:27 GMT+09:00 Henk P. Penning <penn...@uu.nl>: >> > On Wed, 7 Mar 2018, Makoto Yui wrote: >> > >> >> Date: Wed, 7 Mar 2018 07:15:15 +0100 >> >> From: Makoto Yui <m...@apache.org> >> >> To: general@incubator.apache.org >> >> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >> >> >> >>> Recently the "release policy" [1] changed ; it (now) says : >> >> >> >> >> >> Good to know about it. >> >> >> >>> MUST supply at least one (SHA or MD5) checksum file, >> >>> SHOULD NOT supply a MD5 checksum file (because MD5 is too broken). >> > >> > >> >> This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?) >> > >> > >> > See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt >> > >> > "MUST", "SHOULD", "SHOULD NOT" etc are technical terms. >> > RFC 2119 explains what they mean. >> > >> > Hint : >> > >> > MUST == obligation ; a strict requirement >> > SHOULD == recommendation ; >> > >> > Note : the policy can't say "MUST supply SHA checksum", >> > because many projects have older releases in /dist/ >> > that are MD5-only ; under "new policy", that is >> > frowned upon, but not forbidden. >> > >> >> Makoto >> > >> > >> > Groeten, >> > >> > HPP >> > >> > >> > ---------------- _ >> > Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ >> > Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ >> > Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ >> > http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ >> > >> >> 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>: >> >>> >> >>> On Wed, 7 Mar 2018, Yi JIN wrote: >> >>> >> >>>> Date: Wed, 7 Mar 2018 03:56:54 +0100 >> >>>> From: Yi JIN <y...@apache.org> >> >>>> To: general@incubator.apache.org >> >>>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >> >>> >> >>> >> >>> >> >>>> The artifacts can be downloaded here: >> >>>> >> >>>> >> >>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0. >> 0-incubating.RC2/ >> >>> >> >>> >> >>> >> >>> Recently the "release policy" [1] changed ; it (now) says : >> >>> >> >>> ... >> >>> * SHOULD NOT supply a MD5 checksum file >> >>> ... >> >>> >> >>> [1] https://www.apache.org/dev/release-distribution#sigs-and-sums >> >>> >> >>>> Yi Jin (yjin) >> >>> >> >>> >> >>> >> >>> Groeten, >> >>> >> >>> Henk Penning -- apache.org infrastructure ; dist & mirrors >> >>> >> >>> _ >> >>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ >> >>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ >> >>> Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ >> >>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ >> >>> >> >>> - >> >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> >>> For additional commands, e-mail: general-h...@incubator.apache.org >> >>> >> >> >> >> >> >> >> >> -- >> >> Makoto YUI >> >> Research Engineer, Treasure Data, Inc. >> >> http://myui.github.io/ >> >> >> >> - >> >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> >> For additional commands, e-mail: general-h...@incubator.apache.org >> >> >> >> >> > >> > - >> > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> > For additional commands, e-mail: general-h...@incubator.apache.org >> > >> >> >> >> -- >> Makoto YUI >> Research Engineer, Treasure Data, Inc. >> http://myui.github.io/ >> >> - >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> >> >
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
Hi IPMC members, I dropped MD5 checksum files from this candidate following Groeten's comment. I'm now sure if we can continue this vote or I have to move back to PPMC to generate another candidate. Best, Yi Jin (yjin) On Wed, Mar 7, 2018 at 5:43 PM, Makoto Yui <m...@apache.org> wrote: > Groeten, > > Thanks for clarification. > > Makoto > > 2018-03-07 15:27 GMT+09:00 Henk P. Penning <penn...@uu.nl>: > > On Wed, 7 Mar 2018, Makoto Yui wrote: > > > >> Date: Wed, 7 Mar 2018 07:15:15 +0100 > >> From: Makoto Yui <m...@apache.org> > >> To: general@incubator.apache.org > >> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release > >> > >>> Recently the "release policy" [1] changed ; it (now) says : > >> > >> > >> Good to know about it. > >> > >>> MUST supply at least one (SHA or MD5) checksum file, > >>> SHOULD NOT supply a MD5 checksum file (because MD5 is too broken). > > > > > >> This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?) > > > > > > See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt > > > > "MUST", "SHOULD", "SHOULD NOT" etc are technical terms. > > RFC 2119 explains what they mean. > > > > Hint : > > > > MUST == obligation ; a strict requirement > > SHOULD == recommendation ; > > > > Note : the policy can't say "MUST supply SHA checksum", > > because many projects have older releases in /dist/ > > that are MD5-only ; under "new policy", that is > > frowned upon, but not forbidden. > > > >> Makoto > > > > > > Groeten, > > > > HPP > > > > > > _ > > Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ > > Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \ > > Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ > > http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ > > > >> 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>: > >>> > >>> On Wed, 7 Mar 2018, Yi JIN wrote: > >>> > >>>> Date: Wed, 7 Mar 2018 03:56:54 +0100 > >>>> From: Yi JIN <y...@apache.org> > >>>> To: general@incubator.apache.org > >>>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release > >>> > >>> > >>> > >>>> The artifacts can be downloaded here: > >>>> > >>>> > >>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0. > 0-incubating.RC2/ > >>> > >>> > >>> > >>> Recently the "release policy" [1] changed ; it (now) says : > >>> > >>> ... > >>> * SHOULD NOT supply a MD5 checksum file > >>> ... > >>> > >>> [1] https://www.apache.org/dev/release-distribution#sigs-and-sums > >>> > >>>> Yi Jin (yjin) > >>> > >>> > >>> > >>> Groeten, > >>> > >>> Henk Penning -- apache.org infrastructure ; dist & mirrors > >>> > >>> _ > >>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ > >>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ > >>> Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ > >>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ > >>> > >>> - > >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > >>> For additional commands, e-mail: general-h...@incubator.apache.org > >>> > >> > >> > >> > >> -- > >> Makoto YUI > >> Research Engineer, Treasure Data, Inc. > >> http://myui.github.io/ > >> > >> - > >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > >> For additional commands, e-mail: general-h...@incubator.apache.org > >> > >> > > > > - > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > -- > Makoto YUI > Research Engineer, Treasure Data, Inc. > http://myui.github.io/ > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
Groeten, Thanks for clarification. Makoto 2018-03-07 15:27 GMT+09:00 Henk P. Penning <penn...@uu.nl>: > On Wed, 7 Mar 2018, Makoto Yui wrote: > >> Date: Wed, 7 Mar 2018 07:15:15 +0100 >> From: Makoto Yui <m...@apache.org> >> To: general@incubator.apache.org >> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >> >>> Recently the "release policy" [1] changed ; it (now) says : >> >> >> Good to know about it. >> >>> MUST supply at least one (SHA or MD5) checksum file, >>> SHOULD NOT supply a MD5 checksum file (because MD5 is too broken). > > >> This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?) > > > See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt > > "MUST", "SHOULD", "SHOULD NOT" etc are technical terms. > RFC 2119 explains what they mean. > > Hint : > > MUST == obligation ; a strict requirement > SHOULD == recommendation ; > > Note : the policy can't say "MUST supply SHA checksum", > because many projects have older releases in /dist/ > that are MD5-only ; under "new policy", that is > frowned upon, but not forbidden. > >> Makoto > > > Groeten, > > HPP > > > _ > Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ > Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ > Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ > http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ > >> 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>: >>> >>> On Wed, 7 Mar 2018, Yi JIN wrote: >>> >>>> Date: Wed, 7 Mar 2018 03:56:54 +0100 >>>> From: Yi JIN <y...@apache.org> >>>> To: general@incubator.apache.org >>>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release >>> >>> >>> >>>> The artifacts can be downloaded here: >>>> >>>> >>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/ >>> >>> >>> >>> Recently the "release policy" [1] changed ; it (now) says : >>> >>> ... >>> * SHOULD NOT supply a MD5 checksum file >>> ... >>> >>> [1] https://www.apache.org/dev/release-distribution#sigs-and-sums >>> >>>> Yi Jin (yjin) >>> >>> >>> >>> Groeten, >>> >>> Henk Penning -- apache.org infrastructure ; dist & mirrors >>> >>> _ >>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ >>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ >>> Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ >>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ >>> >>> - >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> For additional commands, e-mail: general-h...@incubator.apache.org >>> >> >> >> >> -- >> Makoto YUI >> Research Engineer, Treasure Data, Inc. >> http://myui.github.io/ >> >> - >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> >> > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > -- Makoto YUI Research Engineer, Treasure Data, Inc. http://myui.github.io/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
On Wed, 7 Mar 2018, Makoto Yui wrote: Date: Wed, 7 Mar 2018 07:15:15 +0100 From: Makoto Yui <m...@apache.org> To: general@incubator.apache.org Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release Recently the "release policy" [1] changed ; it (now) says : Good to know about it. MUST supply at least one (SHA or MD5) checksum file, SHOULD NOT supply a MD5 checksum file (because MD5 is too broken). This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?) See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt "MUST", "SHOULD", "SHOULD NOT" etc are technical terms. RFC 2119 explains what they mean. Hint : MUST == obligation ; a strict requirement SHOULD == recommendation ; Note : the policy can't say "MUST supply SHA checksum", because many projects have older releases in /dist/ that are MD5-only ; under "new policy", that is frowned upon, but not forbidden. Makoto Groeten, HPP _ Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>: On Wed, 7 Mar 2018, Yi JIN wrote: Date: Wed, 7 Mar 2018 03:56:54 +0100 From: Yi JIN <y...@apache.org> To: general@incubator.apache.org Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release The artifacts can be downloaded here: https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/ Recently the "release policy" [1] changed ; it (now) says : ... * SHOULD NOT supply a MD5 checksum file ... [1] https://www.apache.org/dev/release-distribution#sigs-and-sums Yi Jin (yjin) Groeten, Henk Penning -- apache.org infrastructure ; dist & mirrors _ Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org -- Makoto YUI Research Engineer, Treasure Data, Inc. http://myui.github.io/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
> Recently the "release policy" [1] changed ; it (now) says : Good to know about it. > MUST supply at least one (SHA or MD5) checksum file, > SHOULD NOT supply a MD5 checksum file (because MD5 is too broken). This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?) Makoto 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>: > On Wed, 7 Mar 2018, Yi JIN wrote: > >> Date: Wed, 7 Mar 2018 03:56:54 +0100 >> From: Yi JIN <y...@apache.org> >> To: general@incubator.apache.org >> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release > > >> The artifacts can be downloaded here: >> >> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/ > > > Recently the "release policy" [1] changed ; it (now) says : > > ... > * SHOULD NOT supply a MD5 checksum file > ... > > [1] https://www.apache.org/dev/release-distribution#sigs-and-sums > >> Yi Jin (yjin) > > > Groeten, > > Henk Penning -- apache.org infrastructure ; dist & mirrors > > _ > Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ > Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ > Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ > http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > -- Makoto YUI Research Engineer, Treasure Data, Inc. http://myui.github.io/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
On Wed, 7 Mar 2018, Yi JIN wrote: Date: Wed, 7 Mar 2018 03:56:54 +0100 From: Yi JIN <y...@apache.org> To: general@incubator.apache.org Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release The artifacts can be downloaded here: https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/ Recently the "release policy" [1] changed ; it (now) says : ... * SHOULD NOT supply a MD5 checksum file ... [1] https://www.apache.org/dev/release-distribution#sigs-and-sums Yi Jin (yjin) Groeten, Henk Penning -- apache.org infrastructure ; dist & mirrors _ Henk P. Penning, ICT-beta R Uithof MG-403_/ \_ Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \ Leuvenlaan 4, 3584CE Utrecht, NL F +31 30 253 4553 \_/ \_/ http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
[VOTE]: Apache HAWQ 2.3.0.0-incubating Release
Hi IPMC members, The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has passed. So I request IPMC now to vote on this release candidate. Thank you! The release page is here: https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0-incubating+Release The PPMC vote thread is located here: https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E The artifacts can be downloaded here: https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/ The artifacts have been signed with Key : CE60F90D1333092A All JIRAs completed for this release are tagged with 'FixVersion =2.3.0.0-incubating' https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12340262=Html=12318826 Please vote accordingly: [ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release [ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating release because... The vote will run for at least 72 hours. Best regards, Yi Jin (yjin)