Thank you all very much for helping with the review and vote! I will conclude the voting for Hadoop-thirdparty-1.2.0-RC0 and open the voting for Hadoop-thirdparty-1.2.0-RC1.
Thank you for the feedback on the code diff, Ayush. I have already submitted the changes to the Dockerfile and create-release files to the Hadoop-thirdparty trunk branch and backported them to branch-1.2 and branch-1.2.0. The issues you provided feedback on will be addressed in Hadoop-thirdparty-1.2.0-RC1. Once again, thank you Xiaoqiao He, Ayush Saxena, Takanobu Asanuma, PJ Fanning, Shuyan Zhang for the review and vote. Best Regards, Shilun Fan. On Sun, Feb 4, 2024 at 4:18 PM Shuyan Zhang <zhangshu...@apache.org> wrote: > +1 (non-binding) > > - Verified hashes > - LICENSE and NOTICE are included. > - Rat check is ok. `mvn clean apache-rat:check` > - `mvn clean install` works well > > > slfan1989 <slfan1...@apache.org> 于2024年2月2日周五 11:11写道: > > > Thank you very much for the review! I will avoid the diff. > > > > Best Regards, > > Shilun Fan. > > > > On Fri, Feb 2, 2024 at 9:59 AM Takanobu Asanuma <tasan...@apache.org> > > wrote: > > > > > It also looks good to me, except for the diff. > > > > > > * Verified signatures and hashes > > > * Reviewed the documents > > > * Successfully built from source with `mvn clean install` > > > * Successfully compiled Hadoop trunk and branch-3.4 using the Hadoop > > > thirdparty 1.2.0 > > > > > > Anyway, since hadoop-thirdparty-1.1.1 has some high vulnerabilities, > > > hadoop-thirdparty-1.2.0 would be required for Hadoop-3.4.0. > > > > > > Thanks, > > > - Takanobu > > > > > > 2024年2月2日(金) 4:45 slfan1989 <slfan1...@apache.org>: > > > > > > > Thank you for helping to review Hadoop-Thirdparty-1.2.0-RC0 and > > providing > > > > feedback! > > > > > > > > I followed the "how to release" documentation and tried to package it > > > using > > > > create-release and Dockerfile, but I couldn't successfully package it > > > > directly. Some modifications are required before compilation. I > should > > > > submit a pull request to fix this issue before > > > > Hadoop-Thirdparty-1.2.0-RC0 compile. > > > > > > > > This is an area that needs improvement. We should ensure that the > code > > of > > > > src is consistent with the tag. > > > > > > > > On Fri, Feb 2, 2024 at 2:25 AM Ayush Saxena <ayush...@gmail.com> > > wrote: > > > > > > > > > > > > > > There is some diff b/w the git tag & the src tar, the Dockerfile & > > the > > > > > create-release are different, Why? > > > > > > > > > > Files hadoop-thirdparty/dev-support/bin/create-release and > > > > > hadoop-thirdparty-1.2.0-src/dev-support/bin/create-release differ > > > > > > > > > > Files hadoop-thirdparty/dev-support/docker/Dockerfile and > > > > > hadoop-thirdparty-1.2.0-src/dev-support/docker/Dockerfile differ > > > > > > > > > > > > > > > ayushsaxena@ayushsaxena hadoop-thirdparty-1.2.0-RC0 % diff > > > > > hadoop-thirdparty/dev-support/bin/create-release > > > > > hadoop-thirdparty-1.2.0-src/dev-support/bin/create-release > > > > > > > > > > 444,446c444,446 > > > > > > > > > > < echo "RUN groupadd --non-unique -g ${group_id} ${user_name}" > > > > > > > > > > < echo "RUN useradd -g ${group_id} -u ${user_id} -m > ${user_name}" > > > > > > > > > > < echo "RUN chown -R ${user_name} /home/${user_name}" > > > > > > > > > > --- > > > > > > > > > > > echo "RUN groupadd --non-unique -g ${group_id} ${user_name}; > > exit > > > > > 0;" > > > > > > > > > > > echo "RUN useradd -g ${group_id} -u ${user_id} -m > ${user_name}; > > > > > exit 0;" > > > > > > > > > > > echo "RUN chown -R ${user_name} /home/${user_name}; exit 0;" > > > > > > > > > > ayushsaxena@ayushsaxena hadoop-thirdparty-1.2.0-RC0 % diff > > > > > hadoop-thirdparty/dev-support/docker/Dockerfile > > > > > hadoop-thirdparty-1.2.0-src/dev-support/docker/Dockerfile > > > > > > > > > > 103a104,105 > > > > > > > > > > > RUN rm -f /etc/maven/settings.xml && ln -s > > > /home/root/.m2/settings.xml > > > > > /etc/maven/settings.xml > > > > > > > > > > > > > > > > > > > > > 126a129,130 > > > > > > > > > > > RUN pip2 install setuptools-scm==5.0.2 > > > > > > > > > > > RUN pip2 install lazy-object-proxy==1.5.0 > > > > > > > > > > 159d162 > > > > > > > > > > < > > > > > > > > > > > > > > > > > > > > > > > > > Other things look Ok, > > > > > * Built from source > > > > > * Verified Checksums > > > > > * Verified Signatures > > > > > * Validated files have ASF header > > > > > > > > > > Not sure if having diff b/w the git tag & src tar is ok, this > doesn't > > > > look > > > > > like core code change though, can anybody check & confirm? > > > > > > > > > > -Ayush > > > > > > > > > > > > > > > On Thu, 1 Feb 2024 at 13:39, Xiaoqiao He <hexiaoq...@apache.org> > > > wrote: > > > > > > > > > >> Gentle ping. @Ayush Saxena <ayush...@gmail.com> @Steve Loughran > > > > >> <ste...@cloudera.com> @inigo...@apache.org <inigo...@apache.org> > > > > >> @Masatake > > > > >> Iwasaki <iwasak...@apache.org> and some other folks. > > > > >> > > > > >> On Wed, Jan 31, 2024 at 10:17 AM slfan1989 <slfan1...@apache.org> > > > > wrote: > > > > >> > > > > >> > Thank you for the review and vote! Looking forward to other > forks > > > > >> helping > > > > >> > with voting and verification. > > > > >> > > > > > >> > Best Regards, > > > > >> > Shilun Fan. > > > > >> > > > > > >> > On Tue, Jan 30, 2024 at 6:20 PM Xiaoqiao He < > > hexiaoq...@apache.org> > > > > >> wrote: > > > > >> > > > > > >> > > Thanks Shilun for driving it and making it happen. > > > > >> > > > > > > >> > > +1(binding). > > > > >> > > > > > > >> > > [x] Checksums and PGP signatures are valid. > > > > >> > > [x] LICENSE files exist. > > > > >> > > [x] NOTICE is included. > > > > >> > > [x] Rat check is ok. `mvn clean apache-rat:check` > > > > >> > > [x] Built from source works well: `mvn clean install` > > > > >> > > [x] Built Hadoop trunk with updated thirdparty successfully > > > (include > > > > >> > update > > > > >> > > protobuf shaded path). > > > > >> > > > > > > >> > > BTW, hadoop-thirdparty-1.2.0 will be included in > release-3.4.0, > > > hope > > > > >> we > > > > >> > > could finish this vote before 2024/02/06(UTC) if there are no > > > > >> concerns. > > > > >> > > Thanks all. > > > > >> > > > > > > >> > > Best Regards, > > > > >> > > - He Xiaoqiao > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > On Mon, Jan 29, 2024 at 10:42 PM slfan1989 < > > slfan1...@apache.org> > > > > >> wrote: > > > > >> > > > > > > >> > > > Hi folks, > > > > >> > > > > > > > >> > > > Xiaoqiao He and I have put together a release candidate > (RC0) > > > for > > > > >> > Hadoop > > > > >> > > > Thirdparty 1.2.0. > > > > >> > > > > > > > >> > > > The RC is available at: > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > > > > > > https://dist.apache.org/repos/dist/dev/hadoop/hadoop-thirdparty-1.2.0-RC0 > > > > >> > > > > > > > >> > > > The RC tag is > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > > > > > > https://github.com/apache/hadoop-thirdparty/releases/tag/release-1.2.0-RC0 > > > > >> > > > > > > > >> > > > The maven artifacts are staged at > > > > >> > > > > > > > >> > > > > > > > https://repository.apache.org/content/repositories/orgapachehadoop-1398 > > > > >> > > > > > > > >> > > > Comparing to 1.1.1, there are three additional fixes: > > > > >> > > > > > > > >> > > > HADOOP-18197. Upgrade Protobuf-Java to 3.21.12 > > > > >> > > > https://github.com/apache/hadoop-thirdparty/pull/26 > > > > >> > > > > > > > >> > > > HADOOP-18921. Upgrade to avro 1.11.3 > > > > >> > > > https://github.com/apache/hadoop-thirdparty/pull/24 > > > > >> > > > > > > > >> > > > HADOOP-18843. Guava version 32.0.1 bump to fix CVE-2023-2976 > > > > >> > > > https://github.com/apache/hadoop-thirdparty/pull/23 > > > > >> > > > > > > > >> > > > You can find my public key at : > > > > >> > > > > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS > > > > >> > > > > > > > >> > > > Best Regards, > > > > >> > > > Shilun Fan. > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > > > > > > > > > > >