Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Julian Hyde]

Yes, https://www.apache.org/dev/release-signing.html#basic-facts 
 now makes sense. 
Thanks for updating it, sebb.

> On Mar 14, 2018, at 6:15 PM, sebb  wrote:
> 
> On 14 March 2018 at 19:11, Julian Hyde  wrote:
>> The guidance at https://www.apache.org/dev/release-signing.html#basic-facts 
>>  is 
>> inconsistent with 
>> https://www.apache.org/dev/release-distribution#sigs-and-sums 
>> . The former 
>> says "Every artifact distributed by the Apache Software Foundation must be 
>> accompanied by a file … containing an MD5 checksum.”. Can someone please fix 
>> the former to be consistent with the latter.
> 
> Done; please check it makes sense now.
> 
>> 
>>> On Mar 6, 2018, at 9:58 PM, Henk P. Penning  wrote:
>>> 
>>> On Wed, 7 Mar 2018, Yi JIN wrote:
>>> 
 Date: Wed, 7 Mar 2018 03:56:54 +0100
 From: Yi JIN 
 To: general@incubator.apache.org
 Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>>> 
 The artifacts can be downloaded here:
 https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/
>>> 
>>> Recently the "release policy" [1] changed ; it (now) says :
>>> 
>>>   ...
>>>   * SHOULD NOT supply a MD5 checksum file
>>>   ...
>>> 
>>> [1] https://www.apache.org/dev/release-distribution#sigs-and-sums
>>> 
 Yi Jin (yjin)
>>> 
>>> Groeten,
>>> 
>>> Henk Penning -- apache.org infrastructure ; dist & mirrors
>>> 
>>>    _
>>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
>>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
>>> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
>>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>>> 
>>> -
>>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>>> For additional commands, e-mail: general-h...@incubator.apache.org
>>> 
>> 
> 
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
> 

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Yi JIN]

Hi IPMC members,

Thank you so much for thoroughly verifying and discussing this release
candidate and vote in time. The vote result will be presented in another
mail. I will go back as well to check our release steps on Wiki to merge
the discussed issues to make coming future releases smoother. Thank you
again!

Best,
Yi (yjin)

On Thu, Mar 15, 2018 at 12:15 PM, sebb  wrote:

> On 14 March 2018 at 19:11, Julian Hyde  wrote:
> > The guidance at https://www.apache.org/dev/release-signing.html#basic-
> facts  is
> inconsistent with https://www.apache.org/dev/
> release-distribution#sigs-and-sums  release-distribution#sigs-and-sums>. The former says "Every artifact
> distributed by the Apache Software Foundation must be accompanied by a file
> … containing an MD5 checksum.”. Can someone please fix the former to be
> consistent with the latter.
>
> Done; please check it makes sense now.
>
> >
> >> On Mar 6, 2018, at 9:58 PM, Henk P. Penning  wrote:
> >>
> >> On Wed, 7 Mar 2018, Yi JIN wrote:
> >>
> >>> Date: Wed, 7 Mar 2018 03:56:54 +0100
> >>> From: Yi JIN 
> >>> To: general@incubator.apache.org
> >>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
> >>
> >>> The artifacts can be downloaded here:
> >>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.
> 0-incubating.RC2/
> >>
> >>  Recently the "release policy" [1] changed ; it (now) says :
> >>
> >>...
> >>* SHOULD NOT supply a MD5 checksum file
> >>...
> >>
> >>  [1] https://www.apache.org/dev/release-distribution#sigs-and-sums
> >>
> >>> Yi Jin (yjin)
> >>
> >>  Groeten,
> >>
> >>  Henk Penning -- apache.org infrastructure ; dist & mirrors
> >>
> >>    _
> >> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
> >> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
> >> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
> >> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
> >>
> >> -
> >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> >> For additional commands, e-mail: general-h...@incubator.apache.org
> >>
> >
>
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>
>

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[sebb]

On 14 March 2018 at 19:11, Julian Hyde  wrote:
> The guidance at https://www.apache.org/dev/release-signing.html#basic-facts 
>  is inconsistent 
> with https://www.apache.org/dev/release-distribution#sigs-and-sums 
> . The former 
> says "Every artifact distributed by the Apache Software Foundation must be 
> accompanied by a file … containing an MD5 checksum.”. Can someone please fix 
> the former to be consistent with the latter.

Done; please check it makes sense now.

>
>> On Mar 6, 2018, at 9:58 PM, Henk P. Penning  wrote:
>>
>> On Wed, 7 Mar 2018, Yi JIN wrote:
>>
>>> Date: Wed, 7 Mar 2018 03:56:54 +0100
>>> From: Yi JIN 
>>> To: general@incubator.apache.org
>>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>>
>>> The artifacts can be downloaded here:
>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/
>>
>>  Recently the "release policy" [1] changed ; it (now) says :
>>
>>...
>>* SHOULD NOT supply a MD5 checksum file
>>...
>>
>>  [1] https://www.apache.org/dev/release-distribution#sigs-and-sums
>>
>>> Yi Jin (yjin)
>>
>>  Groeten,
>>
>>  Henk Penning -- apache.org infrastructure ; dist & mirrors
>>
>>    _
>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
>> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>>
>> -
>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>> For additional commands, e-mail: general-h...@incubator.apache.org
>>
>

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Julian Hyde]

The guidance at https://www.apache.org/dev/release-signing.html#basic-facts 
 is inconsistent 
with https://www.apache.org/dev/release-distribution#sigs-and-sums 
. The former 
says "Every artifact distributed by the Apache Software Foundation must be 
accompanied by a file … containing an MD5 checksum.”. Can someone please fix 
the former to be consistent with the latter.


> On Mar 6, 2018, at 9:58 PM, Henk P. Penning  wrote:
> 
> On Wed, 7 Mar 2018, Yi JIN wrote:
> 
>> Date: Wed, 7 Mar 2018 03:56:54 +0100
>> From: Yi JIN 
>> To: general@incubator.apache.org
>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
> 
>> The artifacts can be downloaded here:
>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/
> 
>  Recently the "release policy" [1] changed ; it (now) says :
> 
>...
>* SHOULD NOT supply a MD5 checksum file
>...
> 
>  [1] https://www.apache.org/dev/release-distribution#sigs-and-sums
> 
>> Yi Jin (yjin)
> 
>  Groeten,
> 
>  Henk Penning -- apache.org infrastructure ; dist & mirrors
> 
>    _
> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
> 
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
> 

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[sebb]

On 13 March 2018 at 17:34, Henk P. Penning <penn...@uu.nl> wrote:
> On Tue, 13 Mar 2018, Alan Gates wrote:
>
>> Date: Tue, 13 Mar 2018 18:04:08 +0100
>> From: Alan Gates <alanfga...@gmail.com>
>> To: general@incubator.apache.org
>> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>>
>> I can't find a KEYS file anywhere in HAWQ to check the key
>> against.  There is also no name associated with the key, so I'm not
>> clear how to check the signature.
>
>
>   Actually, you don't need a KEYS file to verify a .asc :
>
>   % gpg apache-hawq-src-2.3.0.0-incubating.tar.gz.asc
>   gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET
>   gpg:using RSA key CE60F90D1333092A
>   gpg: Can't check signature: No public key
>
>   No public key ; so, fetch it :
>
>   % gpg --keyserver pgp.surfnet.nl --recv-key CE60F90D1333092A
>   gpg: requesting key CE60F90D1333092A from hkp server pgp.surfnet.nl
>   gpg: key CE60F90D1333092A: public key "Yi Jin <y...@apache.org>" imported
>   gpg: Total number processed: 1
>   gpg:   imported: 1  (RSA: 1)
>
>   ... and --verify :
>
>   % gpg --verify apache-hawq-src-2.3.0.0-incubating.tar.gz.asc
>   gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET
>   gpg:using RSA key CE60F90D1333092A
>   gpg: Good signature from "Yi Jin <y...@apache.org>"
>   gpg: WARNING: This key is not certified with a trusted signature!
>   gpg:  There is no indication that the signature belongs to the
> owner.
>   Primary key fingerprint: 41B0 0770 75DF DAFC F809  9A91 CE60 F90D 1333
> 092A
>
>   % gpg --verify apache-hawq-rpm-2.3.0.0-incubating-rc2.tar.gz.asc
>   gpg: Signature made Tue 27 Feb 2018 04:38:53 AM CET
>   gpg:using RSA key CE60F90D1333092A
>   gpg: Good signature from "Yi Jin <y...@apache.org>"
>   gpg: WARNING: This key is not certified with a trusted signature!
>   gpg:  There is no indication that the signature belongs to the
> owner.
>   Primary key fingerprint: 41B0 0770 75DF DAFC F809  9A91 CE60 F90D 1333
> 092A
>
>   Note :
>   - Always use long (16-hex) key-id's, because short (8-hex)
> key-id's often point (also) to fake keys.
> In your $HOME/.gnupg/gpg.conf configure : keyid-format long
>   - To check that CE60F90D1333092A is authorised to sign the artifacts,
> is another matter.
>
>   IMHO, KEYS files serve no purpose.

Since that disagrees with the long-establishe policy, changes need to
be agreed with the policy holder before they can be promoted.

Also, I think the KEYS file does serve a purpose:
- anyone can upload a key to a key-server, but changes to the KEYS
file can only be done by a committer/PMC member.
- the KEYS file is automatically stored with the archived releases and
so acts as an archive of historic keys.

>   Regards,
>
>   Henk Penning
>
>    _
> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>
>> On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik <ro...@shaposhnik.org>
>> wrote:
>>
>>> +1 (binding)
>>>
>>> * checked sigs and checksums
>>> * checked licenses
>>> * checked for archive matching git tag
>>>
>>> Thanks,
>>> Roman.
>>>
>>>
>>> On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik <c...@apache.org>
>>> wrote:
>>>>
>>>> +1 [biding]
>>>>
>>>> - signature check [ok]
>>>> - checksum check [ok]
>>>> - licenses check (RAT) [ok]
>>>>
>>>> I haven't tried to build it because of the complexity of the build
>>>> process and multiplicity of the environment configurations. To lower
>>>> the entry barrier, I would recommend the community to think how to
>>>> wrap these steps into the build system. You can go as far as to
>>>> provide an "official" toolchain for the project. In Bigtop, we even
>>>> provide official Docker containers were people can start working with
>>>> the project in under 2 minutes and without any need for additional
>>>> error prone configuration steps.
>>>> --
>>>>   With regards,
>>>> Konstantin (Cos) Boudnik
>>>> 2CAC 8312 4870 D885 8616  6115 220F 6980 1F27 E622
>>>>
>>>> Disclaimer: Opi

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Alan Gates]

Henk kindly pointed me to the KEYS file that I had missed, thank you.

So, +1.  I checked the signatures, the LICENSE, NOTICE, and DISCLAIMER
files.

Alan.

On Tue, Mar 13, 2018 at 10:42 AM, Alan Gates <alanfga...@gmail.com> wrote:

> Per https://www.apache.org/dev/release-distribution#sigs-and-sums
> correctly, the KEYS file is required, hence my comment.
>
> Alan.
>
> On Tue, Mar 13, 2018 at 10:34 AM, Henk P. Penning <penn...@uu.nl> wrote:
>
>> On Tue, 13 Mar 2018, Alan Gates wrote:
>>
>> Date: Tue, 13 Mar 2018 18:04:08 +0100
>>> From: Alan Gates <alanfga...@gmail.com>
>>> To: general@incubator.apache.org
>>> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>>>
>>> ​I can't find a KEYS file anywhere in HAWQ to check the key
>>> against.  There is also no name associated with the key, so I'm not
>>> clear how to check the signature.
>>>
>>
>>   Actually, you don't need a KEYS file to verify a .asc :
>>
>>   % gpg apache-hawq-src-2.3.0.0-incubating.tar.gz.asc
>>   gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET
>>   gpg:using RSA key CE60F90D1333092A
>>   gpg: Can't check signature: No public key
>>
>>   No public key ; so, fetch it :
>>
>>   % gpg --keyserver pgp.surfnet.nl --recv-key CE60F90D1333092A
>>   gpg: requesting key CE60F90D1333092A from hkp server pgp.surfnet.nl
>>   gpg: key CE60F90D1333092A: public key "Yi Jin <y...@apache.org>"
>> imported
>>   gpg: Total number processed: 1
>>   gpg:   imported: 1  (RSA: 1)
>>
>>   ... and --verify :
>>
>>   % gpg --verify apache-hawq-src-2.3.0.0-incubating.tar.gz.asc
>>   gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET
>>   gpg:using RSA key CE60F90D1333092A
>>   gpg: Good signature from "Yi Jin <y...@apache.org>"
>>   gpg: WARNING: This key is not certified with a trusted signature!
>>   gpg:  There is no indication that the signature belongs to the
>> owner.
>>   Primary key fingerprint: 41B0 0770 75DF DAFC F809  9A91 CE60 F90D 1333
>> 092A
>>
>>   % gpg --verify apache-hawq-rpm-2.3.0.0-incubating-rc2.tar.gz.asc
>>   gpg: Signature made Tue 27 Feb 2018 04:38:53 AM CET
>>   gpg:using RSA key CE60F90D1333092A
>>   gpg: Good signature from "Yi Jin <y...@apache.org>"
>>   gpg: WARNING: This key is not certified with a trusted signature!
>>   gpg:  There is no indication that the signature belongs to the
>> owner.
>>   Primary key fingerprint: 41B0 0770 75DF DAFC F809  9A91 CE60 F90D 1333
>> 092A
>>
>>   Note :
>>   - Always use long (16-hex) key-id's, because short (8-hex)
>> key-id's often point (also) to fake keys.
>> In your $HOME/.gnupg/gpg.conf configure : keyid-format long
>>   - To check that CE60F90D1333092A is authorised to sign the artifacts,
>> is another matter.
>>
>>   IMHO, KEYS files serve no purpose.
>>
>>   Regards,
>>
>>   Henk Penning
>>
>>    _
>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
>> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>>
>> On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik <ro...@shaposhnik.org>
>>> wrote:
>>>
>>> +1 (binding)
>>>>
>>>> * checked sigs and checksums
>>>> * checked licenses
>>>> * checked for archive matching git tag
>>>>
>>>> Thanks,
>>>> Roman.
>>>>
>>>>
>>>> On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik <c...@apache.org>
>>>> wrote:
>>>>
>>>>> +1 [biding]
>>>>>
>>>>> - signature check [ok]
>>>>> - checksum check [ok]
>>>>> - licenses check (RAT) [ok]
>>>>>
>>>>> I haven't tried to build it because of the complexity of the build
>>>>> process and multiplicity of the environment configurations. To lower
>>>>> the entry barrier, I would recommend the community to think how to
>>>>> wrap these steps into the build system. You can go as far as to
>>>>> provide an "official" toolchain for the project. In Bigtop, we even
>>>>> provide official Docker containers were 

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Alan Gates]

Per https://www.apache.org/dev/release-distribution#sigs-and-sums
correctly, the KEYS file is required, hence my comment.

Alan.

On Tue, Mar 13, 2018 at 10:34 AM, Henk P. Penning <penn...@uu.nl> wrote:

> On Tue, 13 Mar 2018, Alan Gates wrote:
>
> Date: Tue, 13 Mar 2018 18:04:08 +0100
>> From: Alan Gates <alanfga...@gmail.com>
>> To: general@incubator.apache.org
>> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>>
>> ​I can't find a KEYS file anywhere in HAWQ to check the key
>> against.  There is also no name associated with the key, so I'm not
>> clear how to check the signature.
>>
>
>   Actually, you don't need a KEYS file to verify a .asc :
>
>   % gpg apache-hawq-src-2.3.0.0-incubating.tar.gz.asc
>   gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET
>   gpg:using RSA key CE60F90D1333092A
>   gpg: Can't check signature: No public key
>
>   No public key ; so, fetch it :
>
>   % gpg --keyserver pgp.surfnet.nl --recv-key CE60F90D1333092A
>   gpg: requesting key CE60F90D1333092A from hkp server pgp.surfnet.nl
>   gpg: key CE60F90D1333092A: public key "Yi Jin <y...@apache.org>"
> imported
>   gpg: Total number processed: 1
>   gpg:   imported: 1  (RSA: 1)
>
>   ... and --verify :
>
>   % gpg --verify apache-hawq-src-2.3.0.0-incubating.tar.gz.asc
>   gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET
>   gpg:using RSA key CE60F90D1333092A
>   gpg: Good signature from "Yi Jin <y...@apache.org>"
>   gpg: WARNING: This key is not certified with a trusted signature!
>   gpg:  There is no indication that the signature belongs to the
> owner.
>   Primary key fingerprint: 41B0 0770 75DF DAFC F809  9A91 CE60 F90D 1333
> 092A
>
>   % gpg --verify apache-hawq-rpm-2.3.0.0-incubating-rc2.tar.gz.asc
>   gpg: Signature made Tue 27 Feb 2018 04:38:53 AM CET
>   gpg:using RSA key CE60F90D1333092A
>   gpg: Good signature from "Yi Jin <y...@apache.org>"
>   gpg: WARNING: This key is not certified with a trusted signature!
>   gpg:  There is no indication that the signature belongs to the
> owner.
>   Primary key fingerprint: 41B0 0770 75DF DAFC F809  9A91 CE60 F90D 1333
> 092A
>
>   Note :
>   - Always use long (16-hex) key-id's, because short (8-hex)
> key-id's often point (also) to fake keys.
> In your $HOME/.gnupg/gpg.conf configure : keyid-format long
>   - To check that CE60F90D1333092A is authorised to sign the artifacts,
> is another matter.
>
>   IMHO, KEYS files serve no purpose.
>
>   Regards,
>
>   Henk Penning
>
>    _
> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>
> On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik <ro...@shaposhnik.org>
>> wrote:
>>
>> +1 (binding)
>>>
>>> * checked sigs and checksums
>>> * checked licenses
>>> * checked for archive matching git tag
>>>
>>> Thanks,
>>> Roman.
>>>
>>>
>>> On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik <c...@apache.org>
>>> wrote:
>>>
>>>> +1 [biding]
>>>>
>>>> - signature check [ok]
>>>> - checksum check [ok]
>>>> - licenses check (RAT) [ok]
>>>>
>>>> I haven't tried to build it because of the complexity of the build
>>>> process and multiplicity of the environment configurations. To lower
>>>> the entry barrier, I would recommend the community to think how to
>>>> wrap these steps into the build system. You can go as far as to
>>>> provide an "official" toolchain for the project. In Bigtop, we even
>>>> provide official Docker containers were people can start working with
>>>> the project in under 2 minutes and without any need for additional
>>>> error prone configuration steps.
>>>> --
>>>>   With regards,
>>>> Konstantin (Cos) Boudnik
>>>> 2CAC 8312 4870 D885 8616  6115 220F 6980 1F27 E622
>>>>
>>>> Disclaimer: Opinions expressed in this email are those of the author,
>>>> and do not necessarily represent the views of any company the author
>>>> might be affiliated with at the moment of writing.
>>>>
>>>>
>>>> On Tue, Mar 6, 2018 a

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Henk P. Penning]

On Tue, 13 Mar 2018, Alan Gates wrote:


Date: Tue, 13 Mar 2018 18:04:08 +0100
From: Alan Gates <alanfga...@gmail.com>
To: general@incubator.apache.org
Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

​I can't find a KEYS file anywhere in HAWQ to check the key
against.  There is also no name associated with the key, so I'm not
clear how to check the signature.


  Actually, you don't need a KEYS file to verify a .asc :

  % gpg apache-hawq-src-2.3.0.0-incubating.tar.gz.asc
  gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET
  gpg:using RSA key CE60F90D1333092A
  gpg: Can't check signature: No public key

  No public key ; so, fetch it :

  % gpg --keyserver pgp.surfnet.nl --recv-key CE60F90D1333092A
  gpg: requesting key CE60F90D1333092A from hkp server pgp.surfnet.nl
  gpg: key CE60F90D1333092A: public key "Yi Jin <y...@apache.org>" imported
  gpg: Total number processed: 1
  gpg:   imported: 1  (RSA: 1)

  ... and --verify :

  % gpg --verify apache-hawq-src-2.3.0.0-incubating.tar.gz.asc
  gpg: Signature made Tue 27 Feb 2018 04:35:17 AM CET
  gpg:using RSA key CE60F90D1333092A
  gpg: Good signature from "Yi Jin <y...@apache.org>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:  There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 41B0 0770 75DF DAFC F809  9A91 CE60 F90D 1333 092A

  % gpg --verify apache-hawq-rpm-2.3.0.0-incubating-rc2.tar.gz.asc
  gpg: Signature made Tue 27 Feb 2018 04:38:53 AM CET
  gpg:using RSA key CE60F90D1333092A
  gpg: Good signature from "Yi Jin <y...@apache.org>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:  There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 41B0 0770 75DF DAFC F809  9A91 CE60 F90D 1333 092A

  Note :
  - Always use long (16-hex) key-id's, because short (8-hex)
key-id's often point (also) to fake keys.
In your $HOME/.gnupg/gpg.conf configure : keyid-format long
  - To check that CE60F90D1333092A is authorised to sign the artifacts,
is another matter.

  IMHO, KEYS files serve no purpose.

  Regards,

  Henk Penning

   _
Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/


On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik <ro...@shaposhnik.org>
wrote:


+1 (binding)

* checked sigs and checksums
* checked licenses
* checked for archive matching git tag

Thanks,
Roman.


On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik <c...@apache.org>
wrote:

+1 [biding]

- signature check [ok]
- checksum check [ok]
- licenses check (RAT) [ok]

I haven't tried to build it because of the complexity of the build
process and multiplicity of the environment configurations. To lower
the entry barrier, I would recommend the community to think how to
wrap these steps into the build system. You can go as far as to
provide an "official" toolchain for the project. In Bigtop, we even
provide official Docker containers were people can start working with
the project in under 2 minutes and without any need for additional
error prone configuration steps.
--
  With regards,
Konstantin (Cos) Boudnik
2CAC 8312 4870 D885 8616  6115 220F 6980 1F27 E622

Disclaimer: Opinions expressed in this email are those of the author,
and do not necessarily represent the views of any company the author
might be affiliated with at the moment of writing.


On Tue, Mar 6, 2018 at 6:56 PM, Yi JIN <y...@apache.org> wrote:

Hi IPMC members,

The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has passed.
So I request IPMC now to vote on this release candidate. Thank you!

The release page is here:
https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0-

incubating+Release


The PPMC vote thread is located here:
https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54

156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E


The artifacts can be downloaded here:
https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.

0-incubating.RC2/

The artifacts have been signed with Key : CE60F90D1333092A

All JIRAs completed for this release are tagged with 'FixVersion
=2.3.0.0-incubating'
https://issues.apache.org/jira/secure/ReleaseNote.jspa?

version=12340262=Html=12318826


Please vote accordingly:
[ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release
[ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating

release

because...

The vote will run for at least 72 hours.

Best regards,
Yi Jin (yjin)


---

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Alan Gates]

​I can't find a KEYS file anywhere in HAWQ to check the key against.  There
is also no name associated with the key, so I'm not clear how to check the
signature.

Other than that release looks fine.​

On Mon, Mar 12, 2018 at 7:56 PM, Roman Shaposhnik 
wrote:

> +1 (binding)
>
> * checked sigs and checksums
> * checked licenses
> * checked for archive matching git tag
>
> Thanks,
> Roman.
>
>
> On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik 
> wrote:
> > +1 [biding]
> >
> > - signature check [ok]
> > - checksum check [ok]
> > - licenses check (RAT) [ok]
> >
> > I haven't tried to build it because of the complexity of the build
> > process and multiplicity of the environment configurations. To lower
> > the entry barrier, I would recommend the community to think how to
> > wrap these steps into the build system. You can go as far as to
> > provide an "official" toolchain for the project. In Bigtop, we even
> > provide official Docker containers were people can start working with
> > the project in under 2 minutes and without any need for additional
> > error prone configuration steps.
> > --
> >   With regards,
> > Konstantin (Cos) Boudnik
> > 2CAC 8312 4870 D885 8616  6115 220F 6980 1F27 E622
> >
> > Disclaimer: Opinions expressed in this email are those of the author,
> > and do not necessarily represent the views of any company the author
> > might be affiliated with at the moment of writing.
> >
> >
> > On Tue, Mar 6, 2018 at 6:56 PM, Yi JIN  wrote:
> >> Hi IPMC members,
> >>
> >> The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has passed.
> >> So I request IPMC now to vote on this release candidate. Thank you!
> >>
> >> The release page is here:
> >> https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0-
> incubating+Release
> >>
> >> The PPMC vote thread is located here:
> >> https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54
> 156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E
> >>
> >> The artifacts can be downloaded here:
> >> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.
> 0-incubating.RC2/
> >> The artifacts have been signed with Key : CE60F90D1333092A
> >>
> >> All JIRAs completed for this release are tagged with 'FixVersion
> >> =2.3.0.0-incubating'
> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> version=12340262=Html=12318826
> >>
> >> Please vote accordingly:
> >> [ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release
> >> [ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating
> release
> >> because...
> >>
> >> The vote will run for at least 72 hours.
> >>
> >> Best regards,
> >> Yi Jin (yjin)
> >
> > -
> > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> > For additional commands, e-mail: general-h...@incubator.apache.org
> >
>
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>
>

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Roman Shaposhnik]

+1 (binding)

* checked sigs and checksums
* checked licenses
* checked for archive matching git tag

Thanks,
Roman.


On Mon, Mar 12, 2018 at 12:21 PM, Konstantin Boudnik  wrote:
> +1 [biding]
>
> - signature check [ok]
> - checksum check [ok]
> - licenses check (RAT) [ok]
>
> I haven't tried to build it because of the complexity of the build
> process and multiplicity of the environment configurations. To lower
> the entry barrier, I would recommend the community to think how to
> wrap these steps into the build system. You can go as far as to
> provide an "official" toolchain for the project. In Bigtop, we even
> provide official Docker containers were people can start working with
> the project in under 2 minutes and without any need for additional
> error prone configuration steps.
> --
>   With regards,
> Konstantin (Cos) Boudnik
> 2CAC 8312 4870 D885 8616  6115 220F 6980 1F27 E622
>
> Disclaimer: Opinions expressed in this email are those of the author,
> and do not necessarily represent the views of any company the author
> might be affiliated with at the moment of writing.
>
>
> On Tue, Mar 6, 2018 at 6:56 PM, Yi JIN  wrote:
>> Hi IPMC members,
>>
>> The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has passed.
>> So I request IPMC now to vote on this release candidate. Thank you!
>>
>> The release page is here:
>> https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0-incubating+Release
>>
>> The PPMC vote thread is located here:
>> https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E
>>
>> The artifacts can be downloaded here:
>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/
>> The artifacts have been signed with Key : CE60F90D1333092A
>>
>> All JIRAs completed for this release are tagged with 'FixVersion
>> =2.3.0.0-incubating'
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12340262=Html=12318826
>>
>> Please vote accordingly:
>> [ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release
>> [ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating release
>> because...
>>
>> The vote will run for at least 72 hours.
>>
>> Best regards,
>> Yi Jin (yjin)
>
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Konstantin Boudnik]

+1 [biding]

- signature check [ok]
- checksum check [ok]
- licenses check (RAT) [ok]

I haven't tried to build it because of the complexity of the build
process and multiplicity of the environment configurations. To lower
the entry barrier, I would recommend the community to think how to
wrap these steps into the build system. You can go as far as to
provide an "official" toolchain for the project. In Bigtop, we even
provide official Docker containers were people can start working with
the project in under 2 minutes and without any need for additional
error prone configuration steps.
--
  With regards,
Konstantin (Cos) Boudnik
2CAC 8312 4870 D885 8616  6115 220F 6980 1F27 E622

Disclaimer: Opinions expressed in this email are those of the author,
and do not necessarily represent the views of any company the author
might be affiliated with at the moment of writing.


On Tue, Mar 6, 2018 at 6:56 PM, Yi JIN  wrote:
> Hi IPMC members,
>
> The PPMC vote for the Apache HAWQ 2.3.0.0-incubating release has passed.
> So I request IPMC now to vote on this release candidate. Thank you!
>
> The release page is here:
> https://cwiki.apache.org/confluence/display/HAWQ/Apache+HAWQ+2.3.0.0-incubating+Release
>
> The PPMC vote thread is located here:
> https://lists.apache.org/thread.html/fa5b41cd7461bd729146e10d8f7a54156c818f93e5a1160c42e76c79@%3Cdev.hawq.apache.org%3E
>
> The artifacts can be downloaded here:
> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/
> The artifacts have been signed with Key : CE60F90D1333092A
>
> All JIRAs completed for this release are tagged with 'FixVersion
> =2.3.0.0-incubating'
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12340262=Html=12318826
>
> Please vote accordingly:
> [ ] +1, accept as the official Apache HAWQ 2.3.0.0-incubating release
> [ ] -1, do not accept as the official Apache HAWQ 2.3.0.0-incubating release
> because...
>
> The vote will run for at least 72 hours.
>
> Best regards,
> Yi Jin (yjin)

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Yi JIN]

Henk,

Thank you very much!

Best,
Yi (yjin)

On Thu, Mar 8, 2018 at 12:35 PM, Henk P. Penning <penn...@uu.nl> wrote:

> On Thu, 8 Mar 2018, Yi JIN wrote:
>
> Date: Thu, 8 Mar 2018 00:34:02 +0100
>> From: Yi JIN <y...@apache.org>
>> To: general@incubator.apache.org
>> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>>
>> Hi IPMC members,
>>
>> I dropped MD5 checksum files from this candidate following Groeten's
>> comment. I'm not sure if we can continue this vote or I have to move back
>> to PPMC to prepare another candidate. Thanks.
>>
>
>   just continue the vote.
>
> Yi Jin (yjin)
>>
>
>   Regards,
>
>   Henk Penning
>
>
> On Thu, Mar 8, 2018 at 9:41 AM, Yi JIN <y...@apache.org> wrote:
>>
>> Hi IPMC members,
>>>
>>> I dropped MD5 checksum files from this candidate following Groeten's
>>> comment. I'm now sure if we can continue this vote or I have to move back
>>> to PPMC to generate another candidate.
>>>
>>> Best,
>>> Yi Jin (yjin)
>>>
>>> On Wed, Mar 7, 2018 at 5:43 PM, Makoto Yui <m...@apache.org> wrote:
>>>
>>> Groeten,
>>>>
>>>> Thanks for clarification.
>>>>
>>>> Makoto
>>>>
>>>> 2018-03-07 15:27 GMT+09:00 Henk P. Penning <penn...@uu.nl>:
>>>>
>>>>> On Wed, 7 Mar 2018, Makoto Yui wrote:
>>>>>
>>>>> Date: Wed, 7 Mar 2018 07:15:15 +0100
>>>>>> From: Makoto Yui <m...@apache.org>
>>>>>> To: general@incubator.apache.org
>>>>>> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>>>>>>
>>>>>> Recently the "release policy" [1] changed ; it (now) says :
>>>>>>>
>>>>>>
>>>>>>
>>>>>> Good to know about it.
>>>>>>
>>>>>> MUST supply at least one (SHA or MD5) checksum file,
>>>>>>> SHOULD NOT supply a MD5 checksum file (because MD5 is too broken).
>>>>>>>
>>>>>>
>>>>>
>>>>> This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?)
>>>>>>
>>>>>
>>>>>
>>>>>   See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt
>>>>>
>>>>>   "MUST", "SHOULD", "SHOULD NOT" etc are technical terms.
>>>>>   RFC 2119 explains what they mean.
>>>>>
>>>>>   Hint :
>>>>>
>>>>> MUST   == obligation ; a strict requirement
>>>>> SHOULD == recommendation ;
>>>>>
>>>>>   Note : the policy can't say "MUST supply SHA checksum",
>>>>>   because many projects have older releases in /dist/
>>>>>   that are MD5-only ; under "new policy", that is
>>>>>   frowned upon, but not forbidden.
>>>>>
>>>>> Makoto
>>>>>>
>>>>>
>>>>>
>>>>>   Groeten,
>>>>>
>>>>>   HPP
>>>>>
>>>>>
>>>>>    _
>>>>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
>>>>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
>>>>> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
>>>>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>>>>>
>>>>> 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>:
>>>>>>
>>>>>>>
>>>>>>> On Wed, 7 Mar 2018, Yi JIN wrote:
>>>>>>>
>>>>>>> Date: Wed, 7 Mar 2018 03:56:54 +0100
>>>>>>>> From: Yi JIN <y...@apache.org>
>>>>>>>> To: general@incubator.apache.org
>>>>>>>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The artifacts can be downloaded here:
>>>>>>>>
>>>>>>>>
>>>>>>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.
>>>>>>>>
>>>>>>> 0-incuba

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Henk P. Penning]

On Thu, 8 Mar 2018, Yi JIN wrote:


Date: Thu, 8 Mar 2018 00:34:02 +0100
From: Yi JIN <y...@apache.org>
To: general@incubator.apache.org
Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

Hi IPMC members,

I dropped MD5 checksum files from this candidate following Groeten's
comment. I'm not sure if we can continue this vote or I have to move back
to PPMC to prepare another candidate. Thanks.


  just continue the vote.


Yi Jin (yjin)


  Regards,

  Henk Penning


On Thu, Mar 8, 2018 at 9:41 AM, Yi JIN <y...@apache.org> wrote:


Hi IPMC members,

I dropped MD5 checksum files from this candidate following Groeten's
comment. I'm now sure if we can continue this vote or I have to move back
to PPMC to generate another candidate.

Best,
Yi Jin (yjin)

On Wed, Mar 7, 2018 at 5:43 PM, Makoto Yui <m...@apache.org> wrote:


Groeten,

Thanks for clarification.

Makoto

2018-03-07 15:27 GMT+09:00 Henk P. Penning <penn...@uu.nl>:

On Wed, 7 Mar 2018, Makoto Yui wrote:


Date: Wed, 7 Mar 2018 07:15:15 +0100
From: Makoto Yui <m...@apache.org>
To: general@incubator.apache.org
Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release


Recently the "release policy" [1] changed ; it (now) says :



Good to know about it.


MUST supply at least one (SHA or MD5) checksum file,
SHOULD NOT supply a MD5 checksum file (because MD5 is too broken).




This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?)



  See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt

  "MUST", "SHOULD", "SHOULD NOT" etc are technical terms.
  RFC 2119 explains what they mean.

  Hint :

MUST   == obligation ; a strict requirement
SHOULD == recommendation ;

  Note : the policy can't say "MUST supply SHA checksum",
  because many projects have older releases in /dist/
  that are MD5-only ; under "new policy", that is
  frowned upon, but not forbidden.


Makoto



  Groeten,

  HPP


   _
Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/


2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>:


On Wed, 7 Mar 2018, Yi JIN wrote:


Date: Wed, 7 Mar 2018 03:56:54 +0100
From: Yi JIN <y...@apache.org>
To: general@incubator.apache.org
Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release





The artifacts can be downloaded here:


https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.

0-incubating.RC2/




  Recently the "release policy" [1] changed ; it (now) says :

...
* SHOULD NOT supply a MD5 checksum file
...

  [1] https://www.apache.org/dev/release-distribution#sigs-and-sums


Yi Jin (yjin)




  Groeten,

  Henk Penning -- apache.org infrastructure ; dist & mirrors

   _
Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org





--
Makoto YUI 
Research Engineer, Treasure Data, Inc.
http://myui.github.io/

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org




-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org





--
Makoto YUI 
Research Engineer, Treasure Data, Inc.
http://myui.github.io/

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org








   _
Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Yi JIN]

Hi IPMC members,

I dropped MD5 checksum files from this candidate following Groeten's
comment. I'm not sure if we can continue this vote or I have to move back
to PPMC to prepare another candidate. Thanks.

Best,
Yi Jin (yjin)


On Thu, Mar 8, 2018 at 9:41 AM, Yi JIN <y...@apache.org> wrote:

> Hi IPMC members,
>
> I dropped MD5 checksum files from this candidate following Groeten's
> comment. I'm now sure if we can continue this vote or I have to move back
> to PPMC to generate another candidate.
>
> Best,
> Yi Jin (yjin)
>
> On Wed, Mar 7, 2018 at 5:43 PM, Makoto Yui <m...@apache.org> wrote:
>
>> Groeten,
>>
>> Thanks for clarification.
>>
>> Makoto
>>
>> 2018-03-07 15:27 GMT+09:00 Henk P. Penning <penn...@uu.nl>:
>> > On Wed, 7 Mar 2018, Makoto Yui wrote:
>> >
>> >> Date: Wed, 7 Mar 2018 07:15:15 +0100
>> >> From: Makoto Yui <m...@apache.org>
>> >> To: general@incubator.apache.org
>> >> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>> >>
>> >>> Recently the "release policy" [1] changed ; it (now) says :
>> >>
>> >>
>> >> Good to know about it.
>> >>
>> >>> MUST supply at least one (SHA or MD5) checksum file,
>> >>> SHOULD NOT supply a MD5 checksum file (because MD5 is too broken).
>> >
>> >
>> >> This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?)
>> >
>> >
>> >   See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt
>> >
>> >   "MUST", "SHOULD", "SHOULD NOT" etc are technical terms.
>> >   RFC 2119 explains what they mean.
>> >
>> >   Hint :
>> >
>> > MUST   == obligation ; a strict requirement
>> > SHOULD == recommendation ;
>> >
>> >   Note : the policy can't say "MUST supply SHA checksum",
>> >   because many projects have older releases in /dist/
>> >   that are MD5-only ; under "new policy", that is
>> >   frowned upon, but not forbidden.
>> >
>> >> Makoto
>> >
>> >
>> >   Groeten,
>> >
>> >   HPP
>> >
>> >
>> >    _
>> > Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
>> > Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
>> > Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
>> > http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>> >
>> >> 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>:
>> >>>
>> >>> On Wed, 7 Mar 2018, Yi JIN wrote:
>> >>>
>> >>>> Date: Wed, 7 Mar 2018 03:56:54 +0100
>> >>>> From: Yi JIN <y...@apache.org>
>> >>>> To: general@incubator.apache.org
>> >>>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>> >>>
>> >>>
>> >>>
>> >>>> The artifacts can be downloaded here:
>> >>>>
>> >>>>
>> >>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.
>> 0-incubating.RC2/
>> >>>
>> >>>
>> >>>
>> >>>   Recently the "release policy" [1] changed ; it (now) says :
>> >>>
>> >>> ...
>> >>> * SHOULD NOT supply a MD5 checksum file
>> >>> ...
>> >>>
>> >>>   [1] https://www.apache.org/dev/release-distribution#sigs-and-sums
>> >>>
>> >>>> Yi Jin (yjin)
>> >>>
>> >>>
>> >>>
>> >>>   Groeten,
>> >>>
>> >>>   Henk Penning -- apache.org infrastructure ; dist & mirrors
>> >>>
>> >>>    _
>> >>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
>> >>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
>> >>> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
>> >>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>> >>>
>> >>> -
>> >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>> >>> For additional commands, e-mail: general-h...@incubator.apache.org
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Makoto YUI 
>> >> Research Engineer, Treasure Data, Inc.
>> >> http://myui.github.io/
>> >>
>> >> -
>> >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>> >> For additional commands, e-mail: general-h...@incubator.apache.org
>> >>
>> >>
>> >
>> > -
>> > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>> > For additional commands, e-mail: general-h...@incubator.apache.org
>> >
>>
>>
>>
>> --
>> Makoto YUI 
>> Research Engineer, Treasure Data, Inc.
>> http://myui.github.io/
>>
>> -
>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>> For additional commands, e-mail: general-h...@incubator.apache.org
>>
>>
>

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Yi JIN]

Hi IPMC members,

I dropped MD5 checksum files from this candidate following Groeten's
comment. I'm now sure if we can continue this vote or I have to move back
to PPMC to generate another candidate.

Best,
Yi Jin (yjin)

On Wed, Mar 7, 2018 at 5:43 PM, Makoto Yui <m...@apache.org> wrote:

> Groeten,
>
> Thanks for clarification.
>
> Makoto
>
> 2018-03-07 15:27 GMT+09:00 Henk P. Penning <penn...@uu.nl>:
> > On Wed, 7 Mar 2018, Makoto Yui wrote:
> >
> >> Date: Wed, 7 Mar 2018 07:15:15 +0100
> >> From: Makoto Yui <m...@apache.org>
> >> To: general@incubator.apache.org
> >> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
> >>
> >>> Recently the "release policy" [1] changed ; it (now) says :
> >>
> >>
> >> Good to know about it.
> >>
> >>> MUST supply at least one (SHA or MD5) checksum file,
> >>> SHOULD NOT supply a MD5 checksum file (because MD5 is too broken).
> >
> >
> >> This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?)
> >
> >
> >   See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt
> >
> >   "MUST", "SHOULD", "SHOULD NOT" etc are technical terms.
> >   RFC 2119 explains what they mean.
> >
> >   Hint :
> >
> > MUST   == obligation ; a strict requirement
> > SHOULD == recommendation ;
> >
> >   Note : the policy can't say "MUST supply SHA checksum",
> >   because many projects have older releases in /dist/
> >   that are MD5-only ; under "new policy", that is
> >   frowned upon, but not forbidden.
> >
> >> Makoto
> >
> >
> >   Groeten,
> >
> >   HPP
> >
> >
> >    _
> > Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
> > Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
> > Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
> > http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
> >
> >> 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>:
> >>>
> >>> On Wed, 7 Mar 2018, Yi JIN wrote:
> >>>
> >>>> Date: Wed, 7 Mar 2018 03:56:54 +0100
> >>>> From: Yi JIN <y...@apache.org>
> >>>> To: general@incubator.apache.org
> >>>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
> >>>
> >>>
> >>>
> >>>> The artifacts can be downloaded here:
> >>>>
> >>>>
> >>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.
> 0-incubating.RC2/
> >>>
> >>>
> >>>
> >>>   Recently the "release policy" [1] changed ; it (now) says :
> >>>
> >>> ...
> >>> * SHOULD NOT supply a MD5 checksum file
> >>> ...
> >>>
> >>>   [1] https://www.apache.org/dev/release-distribution#sigs-and-sums
> >>>
> >>>> Yi Jin (yjin)
> >>>
> >>>
> >>>
> >>>   Groeten,
> >>>
> >>>   Henk Penning -- apache.org infrastructure ; dist & mirrors
> >>>
> >>>    _
> >>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
> >>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
> >>> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
> >>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
> >>>
> >>> -
> >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> >>> For additional commands, e-mail: general-h...@incubator.apache.org
> >>>
> >>
> >>
> >>
> >> --
> >> Makoto YUI 
> >> Research Engineer, Treasure Data, Inc.
> >> http://myui.github.io/
> >>
> >> -
> >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> >> For additional commands, e-mail: general-h...@incubator.apache.org
> >>
> >>
> >
> > -
> > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> > For additional commands, e-mail: general-h...@incubator.apache.org
> >
>
>
>
> --
> Makoto YUI 
> Research Engineer, Treasure Data, Inc.
> http://myui.github.io/
>
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>
>

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Makoto Yui]

Groeten,

Thanks for clarification.

Makoto

2018-03-07 15:27 GMT+09:00 Henk P. Penning <penn...@uu.nl>:
> On Wed, 7 Mar 2018, Makoto Yui wrote:
>
>> Date: Wed, 7 Mar 2018 07:15:15 +0100
>> From: Makoto Yui <m...@apache.org>
>> To: general@incubator.apache.org
>> Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>>
>>> Recently the "release policy" [1] changed ; it (now) says :
>>
>>
>> Good to know about it.
>>
>>> MUST supply at least one (SHA or MD5) checksum file,
>>> SHOULD NOT supply a MD5 checksum file (because MD5 is too broken).
>
>
>> This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?)
>
>
>   See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt
>
>   "MUST", "SHOULD", "SHOULD NOT" etc are technical terms.
>   RFC 2119 explains what they mean.
>
>   Hint :
>
> MUST   == obligation ; a strict requirement
> SHOULD == recommendation ;
>
>   Note : the policy can't say "MUST supply SHA checksum",
>   because many projects have older releases in /dist/
>   that are MD5-only ; under "new policy", that is
>   frowned upon, but not forbidden.
>
>> Makoto
>
>
>   Groeten,
>
>   HPP
>
>
>    _
> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>
>> 2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>:
>>>
>>> On Wed, 7 Mar 2018, Yi JIN wrote:
>>>
>>>> Date: Wed, 7 Mar 2018 03:56:54 +0100
>>>> From: Yi JIN <y...@apache.org>
>>>> To: general@incubator.apache.org
>>>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>>>
>>>
>>>
>>>> The artifacts can be downloaded here:
>>>>
>>>>
>>>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/
>>>
>>>
>>>
>>>   Recently the "release policy" [1] changed ; it (now) says :
>>>
>>> ...
>>> * SHOULD NOT supply a MD5 checksum file
>>> ...
>>>
>>>   [1] https://www.apache.org/dev/release-distribution#sigs-and-sums
>>>
>>>> Yi Jin (yjin)
>>>
>>>
>>>
>>>   Groeten,
>>>
>>>   Henk Penning -- apache.org infrastructure ; dist & mirrors
>>>
>>>    _
>>> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
>>> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
>>> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
>>> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>>>
>>> -
>>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>>> For additional commands, e-mail: general-h...@incubator.apache.org
>>>
>>
>>
>>
>> --
>> Makoto YUI 
>> Research Engineer, Treasure Data, Inc.
>> http://myui.github.io/
>>
>> -
>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
>> For additional commands, e-mail: general-h...@incubator.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>



-- 
Makoto YUI 
Research Engineer, Treasure Data, Inc.
http://myui.github.io/

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Henk P. Penning]

On Wed, 7 Mar 2018, Makoto Yui wrote:


Date: Wed, 7 Mar 2018 07:15:15 +0100
From: Makoto Yui <m...@apache.org>
To: general@incubator.apache.org
Subject: Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release


Recently the "release policy" [1] changed ; it (now) says :


Good to know about it.


MUST supply at least one (SHA or MD5) checksum file,
SHOULD NOT supply a MD5 checksum file (because MD5 is too broken).



This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?)


  See RFC 2119 : https://www.ietf.org/rfc/rfc2119.txt

  "MUST", "SHOULD", "SHOULD NOT" etc are technical terms.
  RFC 2119 explains what they mean.

  Hint :

MUST   == obligation ; a strict requirement
SHOULD == recommendation ;

  Note : the policy can't say "MUST supply SHA checksum",
  because many projects have older releases in /dist/
  that are MD5-only ; under "new policy", that is
  frowned upon, but not forbidden.


Makoto


  Groeten,

  HPP

   _
Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/


2018-03-07 14:58 GMT+09:00 Henk P. Penning <penn...@uu.nl>:

On Wed, 7 Mar 2018, Yi JIN wrote:


Date: Wed, 7 Mar 2018 03:56:54 +0100
From: Yi JIN <y...@apache.org>
To: general@incubator.apache.org
Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release




The artifacts can be downloaded here:

https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/



  Recently the "release policy" [1] changed ; it (now) says :

...
* SHOULD NOT supply a MD5 checksum file
...

  [1] https://www.apache.org/dev/release-distribution#sigs-and-sums


Yi Jin (yjin)



  Groeten,

  Henk Penning -- apache.org infrastructure ; dist & mirrors

   _
Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org





--
Makoto YUI 
Research Engineer, Treasure Data, Inc.
http://myui.github.io/

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org




-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Makoto Yui]

> Recently the "release policy" [1] changed ; it (now) says :

Good to know about it.

> MUST supply at least one (SHA or MD5) checksum file,
> SHOULD NOT supply a MD5 checksum file (because MD5 is too broken).

This sounds confusing. Could be "MUST supply SHA checksum file(s)," (?)

Makoto

2018-03-07 14:58 GMT+09:00 Henk P. Penning :
> On Wed, 7 Mar 2018, Yi JIN wrote:
>
>> Date: Wed, 7 Mar 2018 03:56:54 +0100
>> From: Yi JIN 
>> To: general@incubator.apache.org
>> Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release
>
>
>> The artifacts can be downloaded here:
>>
>> https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/
>
>
>   Recently the "release policy" [1] changed ; it (now) says :
>
> ...
> * SHOULD NOT supply a MD5 checksum file
> ...
>
>   [1] https://www.apache.org/dev/release-distribution#sigs-and-sums
>
>> Yi Jin (yjin)
>
>
>   Groeten,
>
>   Henk Penning -- apache.org infrastructure ; dist & mirrors
>
>    _
> Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
> Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
> Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
> http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
>
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>



-- 
Makoto YUI 
Research Engineer, Treasure Data, Inc.
http://myui.github.io/

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release

[Henk P. Penning]

On Wed, 7 Mar 2018, Yi JIN wrote:


Date: Wed, 7 Mar 2018 03:56:54 +0100
From: Yi JIN 
To: general@incubator.apache.org
Subject: [VOTE]: Apache HAWQ 2.3.0.0-incubating Release



The artifacts can be downloaded here:
https://dist.apache.org/repos/dist/dev/incubator/hawq/2.3.0.0-incubating.RC2/


  Recently the "release policy" [1] changed ; it (now) says :

...
* SHOULD NOT supply a MD5 checksum file
...

  [1] https://www.apache.org/dev/release-distribution#sigs-and-sums


Yi Jin (yjin)


  Groeten,

  Henk Penning -- apache.org infrastructure ; dist & mirrors

   _
Henk P. Penning, ICT-beta R Uithof MG-403_/ \_
Faculty of Science, Utrecht UniversityT +31 30 253 4106 / \_/ \
Leuvenlaan 4, 3584CE Utrecht, NL  F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org