[VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[Clint Wylie <cw...@apache.org>]

Hi all,

I have created a build for Apache Druid (incubating) 0.16.0, release
candidate 3.

Thanks for everyone who has helped contribute to the release! You can read
the proposed release notes here:
https://github.com/apache/incubator-druid/issues/8369

The release candidate has been tagged in GitHub as
druid-0.16.0-incubating-rc3 (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
available here:
https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3

The artifacts to be voted on are located here:
https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/

Staged druid.apache.org website documentation is available here:
https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html

A Docker image containing the binary of the release candidate can be
retrieved via:
docker pull apache/incubator-druid:0.16.0-incubating-rc3

Release artifacts are signed with the following key:
https://people.apache.org/keys/committer/cwylie.asc

This key and the key of other committers can also be found in the project's
KEYS file here:
https://dist.apache.org/repos/dist/release/incubator/druid/KEYS

(If you are a committer, please feel free to add your own key to that file
by following the instructions in the file's header.)


Verify checksums:
diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
cut -d ' ' -f1) \
<(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)

diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
cut -d ' ' -f1) \
<(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)

Verify signatures:
gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
apache-druid-0.16.0-incubating-src.tar.gz

gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
apache-druid-0.16.0-incubating-bin.tar.gz

Please review the proposed artifacts and vote. Note that Apache has
specific requirements that must be met before +1 binding votes can be cast
by PMC members. Please refer to the policy at
http://www.apache.org/legal/release-policy.html#policy for more details.

As part of the validation process, the release artifacts can be generated
from source by running:
mvn clean install -Papache-release,dist -Dgpg.skip

The RAT license check can be run from source by:
mvn apache-rat:check -Prat

This vote will be open for at least 72 hours. The vote will pass if a
majority of at least three +1 PMC votes are cast.

Once the vote has passed, the second stage vote will be called on the
Apache Incubator mailing list to get approval from the Incubator PMC.

[ ] +1 Release this package as Apache Druid (incubating) 0.16.0
[ ] 0 I don't feel strongly about it, but I'm okay with the release
[ ] -1 Do not release this package because...

Thanks!

Apache Druid (incubating) is an effort undergoing incubation at The Apache
Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is
required of all newly accepted projects until a further review indicates
that the infrastructure, communications, and decision making process have
stabilized in a manner consistent with other successful ASF projects. While
incubation status is not necessarily a reflection of the completeness or
stability of the code, it does indicate that the project has yet to be
fully endorsed by the ASF.

Re: [VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[Clint Wylie <cw...@apache.org>]

Thanks for the votes everyone! We've got enough binding +1 so I'm going to
close this vote soon and prepare for the IPMC vote thread.

On Mon, Sep 16, 2019 at 9:38 PM Surekha Saharan <su...@imply.io>
wrote:

> +1 (non-binding)
>
> src package:
> - verified signature and hash
> - compiled source and ran unit tests
> - ran integration tests
> - ran RAT check
> - checked LICENSE, NOTICE, DISCLAIMER
>
>
> bin package:
> - verified signature and hash
> - ran quickstart batch and kafka ingestion tutorial
> - checked LICENSE, NOTICE, DISCLAIMER
>
>
> On Mon, Sep 16, 2019 at 9:07 PM David Lim <da...@apache.org> wrote:
>
> >  +1 (binding)
> >
> > src package:
> > - verified signature/hash
> > - compared source distribution contents against git tag (54d29e4)
> > - LICENSE, NOTICE, and DISCLAIMER are present
> > - unit tests passed
> > - licenses checked
> > - built binary distribution
> > - ran quickstart
> >
> > bin package:
> > - verified signature/hash
> > - verified META-INF/MANIFEST.MF:Build-Revision tag in JAR files matches
> > source distribution git.version:Build-Revision (54d29e4)
> > - LICENSE, NOTICE, and DISCLAIMER are present
> > - ran quickstart
> >
> > On Mon, Sep 16, 2019 at 1:29 PM Julian Hyde <jh...@apache.org> wrote:
> >
> > > Full checksum. An attacker can easily generate a binary that matches a
> > > given 32 bit bit (8 digit) hash. That’s why we use SHA-256 or SHA-512.
> > >
> > > If it helps, here is a typical Calcite vote email:
> > >
> > >
> > >
> >
> http://mail-archives.apache.org/mod_mbox/calcite-dev/201906.mbox/%3cCA+EpF8vwOceAeUjv+DJU=zqRKOQu3dwcKwsyPqhrJ6CrW9eQ8g@mail.gmail.com%3e
> > > <
> > >
> >
> http://mail-archives.apache.org/mod_mbox/calcite-dev/201906.mbox/%3CCA+EpF8vwOceAeUjv+DJU=zqRKOQu3dwcKwsyPqhrJ6CrW9eQ8g@mail.gmail.com%3E
> > >
> > >
> > >
> > >
> > >
> > >
> > > > On Sep 16, 2019, at 1:43 AM, Clint Wylie <cw...@apache.org> wrote:
> > > >
> > > > Ah, oops, yes indeed they are reversed, my bad! I certainly agree
> with
> > > all
> > > > your points on why it is a good idea, and will update our template
> > after
> > > > the release to make sure we do it in the future. Is it better
> practice
> > to
> > > > include the full checksum, or would truncated to the first 8 or so
> > > > characters be preferable to play nice with email?
> > > >
> > > > On Sun, Sep 15, 2019 at 8:34 PM Julian Hyde <jh...@apache.org>
> wrote:
> > > >
> > > >> Sorry for my rather terse -1 vote. I had assumed that we had been
> > > >> following the policy for a while, so when I noticed that we were
> not I
> > > >> assumed it was a mistake by the release manager.
> > > >>
> > > >> Actually I am not sure whether it is policy, but there's definitely
> a
> > > >> strong case for including hashes. The point is this: we are voting
> on
> > > >> artifacts, principally apache-druid-0.16.0-incubating-src.tar.gz.
> > > >>
> > > >> Suppose we all vote on the current
> > > >> apache-druid-0.16.0-incubating-src.tar.gz, the vote passes, and then
> > > >> someone replaces it with a similar file that contains some bad
> stuff.
> > > >> How are we to know whether that is the file we voted on?
> > > >>
> > > >> Putting the file hash in the vote email guarantees that we are all
> > > >> voting on the same set of artifacts, and that set of artifacts is
> > > >> recorded.
> > > >>
> > > >> I think you reversed the hashes (I got 0c4b71f0 for bin, 1f25c55e
> for
> > > >> src), but that's close enough, so let's proceed.
> > > >>
> > > >>
> > > >> +1 (binding)
> > > >>
> > > >> Checked hashes, LICENSE, NOTICE, DISCLAIMER; ran RAT; compiled
> > > >> (skipping tests) using JDK 8 on Ubuntu. Checked that src.tar.gz
> > > >> matches git commit.
> > > >>
> > > >> Julian
> > > >>
> > > >>
> > > >> Julian
> > > >>
> > > >> On Sun, Sep 15, 2019 at 7:24 PM Clint Wylie <cw...@apache.org>
> > wrote:
> > > >>>
> > > >>>> The vote email must contain the checksums of the artifacts we are
> > > >> voting
> > > >>> on.
> > > >>>
> > > >>> Apologies, I wasn't aware of this requirement since we haven't put
> > them
> > > >> in
> > > >>> our prior incubating release vote threads and I was just copying
> the
> > > same
> > > >>> basic template I and others have previously used. Out of curiosity
> is
> > > >> this
> > > >>> a new-ish requirement that I missed, or one we just didn't notice
> or
> > > have
> > > >>> just been turning a blind eye to? Regardless, since we are now
> > > >> maintaining
> > > >>> a 'how to ASF release' guide in the github repo that includes
> > templates
> > > >> for
> > > >>> voting threads,
> > > >>>
> > > >>
> > >
> >
> https://github.com/apache/incubator-druid/blob/master/distribution/asf-release-process-guide.md#body
> > > >> ,
> > > >>> I'll
> > > >>> be sure to update it, thanks!
> > > >>>
> > > >>>> No need for a new RC; I change my vote if the release manager
> sends
> > an
> > > >>>> email with the checksums.
> > > >>>
> > > >>> If this thread is ok, here they are:
> > > >>>
> > > >>> artifact checksums
> > > >>> src:
> > > >>>
> > > >>
> > >
> >
> 0c4b71f077e28d2f4d3bc3f072543374570b98ec6a1918a5e1828e1da7e3871b5efb04070a8bcdbc172a817e43254640ce28a99757984be7d8dd3d607f1d870e
> > > >>> bin:
> > > >>>
> > > >>
> > >
> >
> 1f25c55e83069cf7071a97c1e0d56732437dbac4ef373ed1ed72b5b618021b74c107269642226e80081354c8da2e92dc26f1541b01072a4720fd6cfe8dc161a8
> > > >>> docker:
> > > df9b900d3726ce123a5c054768da1ea08eba6efe635ced5abc3ad72d6c835e2c
> > > >>>
> > > >>> Thanks!
> > > >>> Clint
> > > >>>
> > > >>> On Sun, Sep 15, 2019 at 6:22 PM Julian Hyde <jh...@apache.org>
> > wrote:
> > > >>>
> > > >>>> -1
> > > >>>>
> > > >>>> The vote email must contain the checksums of the artifacts we are
> > > >> voting
> > > >>>> on.
> > > >>>>
> > > >>>> No need for a new RC; I change my vote if the release manager
> sends
> > an
> > > >>>> email with the checksums.
> > > >>>>
> > > >>>> Julian
> > > >>>>
> > > >>>> On Fri, Sep 13, 2019 at 11:57 PM Clint Wylie <cw...@apache.org>
> > > >> wrote:
> > > >>>>>
> > > >>>>> Hi all,
> > > >>>>>
> > > >>>>> I have created a build for Apache Druid (incubating) 0.16.0,
> > release
> > > >>>>> candidate 3.
> > > >>>>>
> > > >>>>> Thanks for everyone who has helped contribute to the release! You
> > can
> > > >>>> read
> > > >>>>> the proposed release notes here:
> > > >>>>> https://github.com/apache/incubator-druid/issues/8369
> > > >>>>>
> > > >>>>> The release candidate has been tagged in GitHub as
> > > >>>>> druid-0.16.0-incubating-rc3
> > > >> (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
> > > >>>>> available here:
> > > >>>>>
> > > >>>>
> > > >>
> > >
> >
> https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3
> > > >>>>>
> > > >>>>> The artifacts to be voted on are located here:
> > > >>>>>
> > > >>>>
> > > >>
> > >
> >
> https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/
> > > >>>>>
> > > >>>>> Staged druid.apache.org website documentation is available here:
> > > >>>>>
> > > >>
> > >
> https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html
> > > >>>>>
> > > >>>>> A Docker image containing the binary of the release candidate can
> > be
> > > >>>>> retrieved via:
> > > >>>>> docker pull apache/incubator-druid:0.16.0-incubating-rc3
> > > >>>>>
> > > >>>>> Release artifacts are signed with the following key:
> > > >>>>> https://people.apache.org/keys/committer/cwylie.asc
> > > >>>>>
> > > >>>>> This key and the key of other committers can also be found in the
> > > >>>> project's
> > > >>>>> KEYS file here:
> > > >>>>> https://dist.apache.org/repos/dist/release/incubator/druid/KEYS
> > > >>>>>
> > > >>>>> (If you are a committer, please feel free to add your own key to
> > that
> > > >>>> file
> > > >>>>> by following the instructions in the file's header.)
> > > >>>>>
> > > >>>>>
> > > >>>>> Verify checksums:
> > > >>>>> diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
> > > >>>>> cut -d ' ' -f1) \
> > > >>>>> <(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)
> > > >>>>>
> > > >>>>> diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
> > > >>>>> cut -d ' ' -f1) \
> > > >>>>> <(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)
> > > >>>>>
> > > >>>>> Verify signatures:
> > > >>>>> gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
> > > >>>>> apache-druid-0.16.0-incubating-src.tar.gz
> > > >>>>>
> > > >>>>> gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
> > > >>>>> apache-druid-0.16.0-incubating-bin.tar.gz
> > > >>>>>
> > > >>>>> Please review the proposed artifacts and vote. Note that Apache
> has
> > > >>>>> specific requirements that must be met before +1 binding votes
> can
> > be
> > > >>>> cast
> > > >>>>> by PMC members. Please refer to the policy at
> > > >>>>> http://www.apache.org/legal/release-policy.html#policy for more
> > > >> details.
> > > >>>>>
> > > >>>>> As part of the validation process, the release artifacts can be
> > > >> generated
> > > >>>>> from source by running:
> > > >>>>> mvn clean install -Papache-release,dist -Dgpg.skip
> > > >>>>>
> > > >>>>> The RAT license check can be run from source by:
> > > >>>>> mvn apache-rat:check -Prat
> > > >>>>>
> > > >>>>> This vote will be open for at least 72 hours. The vote will pass
> > if a
> > > >>>>> majority of at least three +1 PMC votes are cast.
> > > >>>>>
> > > >>>>> Once the vote has passed, the second stage vote will be called on
> > the
> > > >>>>> Apache Incubator mailing list to get approval from the Incubator
> > PMC.
> > > >>>>>
> > > >>>>> [ ] +1 Release this package as Apache Druid (incubating) 0.16.0
> > > >>>>> [ ] 0 I don't feel strongly about it, but I'm okay with the
> release
> > > >>>>> [ ] -1 Do not release this package because...
> > > >>>>>
> > > >>>>> Thanks!
> > > >>>>>
> > > >>>>> Apache Druid (incubating) is an effort undergoing incubation at
> The
> > > >>>> Apache
> > > >>>>> Software Foundation (ASF), sponsored by the Apache Incubator.
> > > >> Incubation
> > > >>>> is
> > > >>>>> required of all newly accepted projects until a further review
> > > >> indicates
> > > >>>>> that the infrastructure, communications, and decision making
> > process
> > > >> have
> > > >>>>> stabilized in a manner consistent with other successful ASF
> > projects.
> > > >>>> While
> > > >>>>> incubation status is not necessarily a reflection of the
> > > >> completeness or
> > > >>>>> stability of the code, it does indicate that the project has yet
> to
> > > >> be
> > > >>>>> fully endorsed by the ASF.
> > > >>>>
> > > >>>>
> > ---------------------------------------------------------------------
> > > >>>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > >>>> For additional commands, e-mail: dev-help@druid.apache.org
> > > >>>>
> > > >>>>
> > > >>
> > > >>
> ---------------------------------------------------------------------
> > > >> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > >> For additional commands, e-mail: dev-help@druid.apache.org
> > > >>
> > > >>
> > >
> > >
> >
>

Re: [VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[Surekha Saharan <su...@imply.io>]

+1 (non-binding)

src package:
- verified signature and hash
- compiled source and ran unit tests
- ran integration tests
- ran RAT check
- checked LICENSE, NOTICE, DISCLAIMER


bin package:
- verified signature and hash
- ran quickstart batch and kafka ingestion tutorial
- checked LICENSE, NOTICE, DISCLAIMER


On Mon, Sep 16, 2019 at 9:07 PM David Lim <da...@apache.org> wrote:

>  +1 (binding)
>
> src package:
> - verified signature/hash
> - compared source distribution contents against git tag (54d29e4)
> - LICENSE, NOTICE, and DISCLAIMER are present
> - unit tests passed
> - licenses checked
> - built binary distribution
> - ran quickstart
>
> bin package:
> - verified signature/hash
> - verified META-INF/MANIFEST.MF:Build-Revision tag in JAR files matches
> source distribution git.version:Build-Revision (54d29e4)
> - LICENSE, NOTICE, and DISCLAIMER are present
> - ran quickstart
>
> On Mon, Sep 16, 2019 at 1:29 PM Julian Hyde <jh...@apache.org> wrote:
>
> > Full checksum. An attacker can easily generate a binary that matches a
> > given 32 bit bit (8 digit) hash. That’s why we use SHA-256 or SHA-512.
> >
> > If it helps, here is a typical Calcite vote email:
> >
> >
> >
> http://mail-archives.apache.org/mod_mbox/calcite-dev/201906.mbox/%3cCA+EpF8vwOceAeUjv+DJU=zqRKOQu3dwcKwsyPqhrJ6CrW9eQ8g@mail.gmail.com%3e
> > <
> >
> http://mail-archives.apache.org/mod_mbox/calcite-dev/201906.mbox/%3CCA+EpF8vwOceAeUjv+DJU=zqRKOQu3dwcKwsyPqhrJ6CrW9eQ8g@mail.gmail.com%3E
> >
> >
> >
> >
> >
> >
> > > On Sep 16, 2019, at 1:43 AM, Clint Wylie <cw...@apache.org> wrote:
> > >
> > > Ah, oops, yes indeed they are reversed, my bad! I certainly agree with
> > all
> > > your points on why it is a good idea, and will update our template
> after
> > > the release to make sure we do it in the future. Is it better practice
> to
> > > include the full checksum, or would truncated to the first 8 or so
> > > characters be preferable to play nice with email?
> > >
> > > On Sun, Sep 15, 2019 at 8:34 PM Julian Hyde <jh...@apache.org> wrote:
> > >
> > >> Sorry for my rather terse -1 vote. I had assumed that we had been
> > >> following the policy for a while, so when I noticed that we were not I
> > >> assumed it was a mistake by the release manager.
> > >>
> > >> Actually I am not sure whether it is policy, but there's definitely a
> > >> strong case for including hashes. The point is this: we are voting on
> > >> artifacts, principally apache-druid-0.16.0-incubating-src.tar.gz.
> > >>
> > >> Suppose we all vote on the current
> > >> apache-druid-0.16.0-incubating-src.tar.gz, the vote passes, and then
> > >> someone replaces it with a similar file that contains some bad stuff.
> > >> How are we to know whether that is the file we voted on?
> > >>
> > >> Putting the file hash in the vote email guarantees that we are all
> > >> voting on the same set of artifacts, and that set of artifacts is
> > >> recorded.
> > >>
> > >> I think you reversed the hashes (I got 0c4b71f0 for bin, 1f25c55e for
> > >> src), but that's close enough, so let's proceed.
> > >>
> > >>
> > >> +1 (binding)
> > >>
> > >> Checked hashes, LICENSE, NOTICE, DISCLAIMER; ran RAT; compiled
> > >> (skipping tests) using JDK 8 on Ubuntu. Checked that src.tar.gz
> > >> matches git commit.
> > >>
> > >> Julian
> > >>
> > >>
> > >> Julian
> > >>
> > >> On Sun, Sep 15, 2019 at 7:24 PM Clint Wylie <cw...@apache.org>
> wrote:
> > >>>
> > >>>> The vote email must contain the checksums of the artifacts we are
> > >> voting
> > >>> on.
> > >>>
> > >>> Apologies, I wasn't aware of this requirement since we haven't put
> them
> > >> in
> > >>> our prior incubating release vote threads and I was just copying the
> > same
> > >>> basic template I and others have previously used. Out of curiosity is
> > >> this
> > >>> a new-ish requirement that I missed, or one we just didn't notice or
> > have
> > >>> just been turning a blind eye to? Regardless, since we are now
> > >> maintaining
> > >>> a 'how to ASF release' guide in the github repo that includes
> templates
> > >> for
> > >>> voting threads,
> > >>>
> > >>
> >
> https://github.com/apache/incubator-druid/blob/master/distribution/asf-release-process-guide.md#body
> > >> ,
> > >>> I'll
> > >>> be sure to update it, thanks!
> > >>>
> > >>>> No need for a new RC; I change my vote if the release manager sends
> an
> > >>>> email with the checksums.
> > >>>
> > >>> If this thread is ok, here they are:
> > >>>
> > >>> artifact checksums
> > >>> src:
> > >>>
> > >>
> >
> 0c4b71f077e28d2f4d3bc3f072543374570b98ec6a1918a5e1828e1da7e3871b5efb04070a8bcdbc172a817e43254640ce28a99757984be7d8dd3d607f1d870e
> > >>> bin:
> > >>>
> > >>
> >
> 1f25c55e83069cf7071a97c1e0d56732437dbac4ef373ed1ed72b5b618021b74c107269642226e80081354c8da2e92dc26f1541b01072a4720fd6cfe8dc161a8
> > >>> docker:
> > df9b900d3726ce123a5c054768da1ea08eba6efe635ced5abc3ad72d6c835e2c
> > >>>
> > >>> Thanks!
> > >>> Clint
> > >>>
> > >>> On Sun, Sep 15, 2019 at 6:22 PM Julian Hyde <jh...@apache.org>
> wrote:
> > >>>
> > >>>> -1
> > >>>>
> > >>>> The vote email must contain the checksums of the artifacts we are
> > >> voting
> > >>>> on.
> > >>>>
> > >>>> No need for a new RC; I change my vote if the release manager sends
> an
> > >>>> email with the checksums.
> > >>>>
> > >>>> Julian
> > >>>>
> > >>>> On Fri, Sep 13, 2019 at 11:57 PM Clint Wylie <cw...@apache.org>
> > >> wrote:
> > >>>>>
> > >>>>> Hi all,
> > >>>>>
> > >>>>> I have created a build for Apache Druid (incubating) 0.16.0,
> release
> > >>>>> candidate 3.
> > >>>>>
> > >>>>> Thanks for everyone who has helped contribute to the release! You
> can
> > >>>> read
> > >>>>> the proposed release notes here:
> > >>>>> https://github.com/apache/incubator-druid/issues/8369
> > >>>>>
> > >>>>> The release candidate has been tagged in GitHub as
> > >>>>> druid-0.16.0-incubating-rc3
> > >> (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
> > >>>>> available here:
> > >>>>>
> > >>>>
> > >>
> >
> https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3
> > >>>>>
> > >>>>> The artifacts to be voted on are located here:
> > >>>>>
> > >>>>
> > >>
> >
> https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/
> > >>>>>
> > >>>>> Staged druid.apache.org website documentation is available here:
> > >>>>>
> > >>
> > https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html
> > >>>>>
> > >>>>> A Docker image containing the binary of the release candidate can
> be
> > >>>>> retrieved via:
> > >>>>> docker pull apache/incubator-druid:0.16.0-incubating-rc3
> > >>>>>
> > >>>>> Release artifacts are signed with the following key:
> > >>>>> https://people.apache.org/keys/committer/cwylie.asc
> > >>>>>
> > >>>>> This key and the key of other committers can also be found in the
> > >>>> project's
> > >>>>> KEYS file here:
> > >>>>> https://dist.apache.org/repos/dist/release/incubator/druid/KEYS
> > >>>>>
> > >>>>> (If you are a committer, please feel free to add your own key to
> that
> > >>>> file
> > >>>>> by following the instructions in the file's header.)
> > >>>>>
> > >>>>>
> > >>>>> Verify checksums:
> > >>>>> diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
> > >>>>> cut -d ' ' -f1) \
> > >>>>> <(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)
> > >>>>>
> > >>>>> diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
> > >>>>> cut -d ' ' -f1) \
> > >>>>> <(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)
> > >>>>>
> > >>>>> Verify signatures:
> > >>>>> gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
> > >>>>> apache-druid-0.16.0-incubating-src.tar.gz
> > >>>>>
> > >>>>> gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
> > >>>>> apache-druid-0.16.0-incubating-bin.tar.gz
> > >>>>>
> > >>>>> Please review the proposed artifacts and vote. Note that Apache has
> > >>>>> specific requirements that must be met before +1 binding votes can
> be
> > >>>> cast
> > >>>>> by PMC members. Please refer to the policy at
> > >>>>> http://www.apache.org/legal/release-policy.html#policy for more
> > >> details.
> > >>>>>
> > >>>>> As part of the validation process, the release artifacts can be
> > >> generated
> > >>>>> from source by running:
> > >>>>> mvn clean install -Papache-release,dist -Dgpg.skip
> > >>>>>
> > >>>>> The RAT license check can be run from source by:
> > >>>>> mvn apache-rat:check -Prat
> > >>>>>
> > >>>>> This vote will be open for at least 72 hours. The vote will pass
> if a
> > >>>>> majority of at least three +1 PMC votes are cast.
> > >>>>>
> > >>>>> Once the vote has passed, the second stage vote will be called on
> the
> > >>>>> Apache Incubator mailing list to get approval from the Incubator
> PMC.
> > >>>>>
> > >>>>> [ ] +1 Release this package as Apache Druid (incubating) 0.16.0
> > >>>>> [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > >>>>> [ ] -1 Do not release this package because...
> > >>>>>
> > >>>>> Thanks!
> > >>>>>
> > >>>>> Apache Druid (incubating) is an effort undergoing incubation at The
> > >>>> Apache
> > >>>>> Software Foundation (ASF), sponsored by the Apache Incubator.
> > >> Incubation
> > >>>> is
> > >>>>> required of all newly accepted projects until a further review
> > >> indicates
> > >>>>> that the infrastructure, communications, and decision making
> process
> > >> have
> > >>>>> stabilized in a manner consistent with other successful ASF
> projects.
> > >>>> While
> > >>>>> incubation status is not necessarily a reflection of the
> > >> completeness or
> > >>>>> stability of the code, it does indicate that the project has yet to
> > >> be
> > >>>>> fully endorsed by the ASF.
> > >>>>
> > >>>>
> ---------------------------------------------------------------------
> > >>>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > >>>> For additional commands, e-mail: dev-help@druid.apache.org
> > >>>>
> > >>>>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > >> For additional commands, e-mail: dev-help@druid.apache.org
> > >>
> > >>
> >
> >
>

Re: [VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[David Lim <da...@apache.org>]

 +1 (binding)

src package:
- verified signature/hash
- compared source distribution contents against git tag (54d29e4)
- LICENSE, NOTICE, and DISCLAIMER are present
- unit tests passed
- licenses checked
- built binary distribution
- ran quickstart

bin package:
- verified signature/hash
- verified META-INF/MANIFEST.MF:Build-Revision tag in JAR files matches
source distribution git.version:Build-Revision (54d29e4)
- LICENSE, NOTICE, and DISCLAIMER are present
- ran quickstart

On Mon, Sep 16, 2019 at 1:29 PM Julian Hyde <jh...@apache.org> wrote:

> Full checksum. An attacker can easily generate a binary that matches a
> given 32 bit bit (8 digit) hash. That’s why we use SHA-256 or SHA-512.
>
> If it helps, here is a typical Calcite vote email:
>
>
> http://mail-archives.apache.org/mod_mbox/calcite-dev/201906.mbox/%3cCA+EpF8vwOceAeUjv+DJU=zqRKOQu3dwcKwsyPqhrJ6CrW9eQ8g@mail.gmail.com%3e
> <
> http://mail-archives.apache.org/mod_mbox/calcite-dev/201906.mbox/%3CCA+EpF8vwOceAeUjv+DJU=zqRKOQu3dwcKwsyPqhrJ6CrW9eQ8g@mail.gmail.com%3E>
>
>
>
>
>
> > On Sep 16, 2019, at 1:43 AM, Clint Wylie <cw...@apache.org> wrote:
> >
> > Ah, oops, yes indeed they are reversed, my bad! I certainly agree with
> all
> > your points on why it is a good idea, and will update our template after
> > the release to make sure we do it in the future. Is it better practice to
> > include the full checksum, or would truncated to the first 8 or so
> > characters be preferable to play nice with email?
> >
> > On Sun, Sep 15, 2019 at 8:34 PM Julian Hyde <jh...@apache.org> wrote:
> >
> >> Sorry for my rather terse -1 vote. I had assumed that we had been
> >> following the policy for a while, so when I noticed that we were not I
> >> assumed it was a mistake by the release manager.
> >>
> >> Actually I am not sure whether it is policy, but there's definitely a
> >> strong case for including hashes. The point is this: we are voting on
> >> artifacts, principally apache-druid-0.16.0-incubating-src.tar.gz.
> >>
> >> Suppose we all vote on the current
> >> apache-druid-0.16.0-incubating-src.tar.gz, the vote passes, and then
> >> someone replaces it with a similar file that contains some bad stuff.
> >> How are we to know whether that is the file we voted on?
> >>
> >> Putting the file hash in the vote email guarantees that we are all
> >> voting on the same set of artifacts, and that set of artifacts is
> >> recorded.
> >>
> >> I think you reversed the hashes (I got 0c4b71f0 for bin, 1f25c55e for
> >> src), but that's close enough, so let's proceed.
> >>
> >>
> >> +1 (binding)
> >>
> >> Checked hashes, LICENSE, NOTICE, DISCLAIMER; ran RAT; compiled
> >> (skipping tests) using JDK 8 on Ubuntu. Checked that src.tar.gz
> >> matches git commit.
> >>
> >> Julian
> >>
> >>
> >> Julian
> >>
> >> On Sun, Sep 15, 2019 at 7:24 PM Clint Wylie <cw...@apache.org> wrote:
> >>>
> >>>> The vote email must contain the checksums of the artifacts we are
> >> voting
> >>> on.
> >>>
> >>> Apologies, I wasn't aware of this requirement since we haven't put them
> >> in
> >>> our prior incubating release vote threads and I was just copying the
> same
> >>> basic template I and others have previously used. Out of curiosity is
> >> this
> >>> a new-ish requirement that I missed, or one we just didn't notice or
> have
> >>> just been turning a blind eye to? Regardless, since we are now
> >> maintaining
> >>> a 'how to ASF release' guide in the github repo that includes templates
> >> for
> >>> voting threads,
> >>>
> >>
> https://github.com/apache/incubator-druid/blob/master/distribution/asf-release-process-guide.md#body
> >> ,
> >>> I'll
> >>> be sure to update it, thanks!
> >>>
> >>>> No need for a new RC; I change my vote if the release manager sends an
> >>>> email with the checksums.
> >>>
> >>> If this thread is ok, here they are:
> >>>
> >>> artifact checksums
> >>> src:
> >>>
> >>
> 0c4b71f077e28d2f4d3bc3f072543374570b98ec6a1918a5e1828e1da7e3871b5efb04070a8bcdbc172a817e43254640ce28a99757984be7d8dd3d607f1d870e
> >>> bin:
> >>>
> >>
> 1f25c55e83069cf7071a97c1e0d56732437dbac4ef373ed1ed72b5b618021b74c107269642226e80081354c8da2e92dc26f1541b01072a4720fd6cfe8dc161a8
> >>> docker:
> df9b900d3726ce123a5c054768da1ea08eba6efe635ced5abc3ad72d6c835e2c
> >>>
> >>> Thanks!
> >>> Clint
> >>>
> >>> On Sun, Sep 15, 2019 at 6:22 PM Julian Hyde <jh...@apache.org> wrote:
> >>>
> >>>> -1
> >>>>
> >>>> The vote email must contain the checksums of the artifacts we are
> >> voting
> >>>> on.
> >>>>
> >>>> No need for a new RC; I change my vote if the release manager sends an
> >>>> email with the checksums.
> >>>>
> >>>> Julian
> >>>>
> >>>> On Fri, Sep 13, 2019 at 11:57 PM Clint Wylie <cw...@apache.org>
> >> wrote:
> >>>>>
> >>>>> Hi all,
> >>>>>
> >>>>> I have created a build for Apache Druid (incubating) 0.16.0, release
> >>>>> candidate 3.
> >>>>>
> >>>>> Thanks for everyone who has helped contribute to the release! You can
> >>>> read
> >>>>> the proposed release notes here:
> >>>>> https://github.com/apache/incubator-druid/issues/8369
> >>>>>
> >>>>> The release candidate has been tagged in GitHub as
> >>>>> druid-0.16.0-incubating-rc3
> >> (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
> >>>>> available here:
> >>>>>
> >>>>
> >>
> https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3
> >>>>>
> >>>>> The artifacts to be voted on are located here:
> >>>>>
> >>>>
> >>
> https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/
> >>>>>
> >>>>> Staged druid.apache.org website documentation is available here:
> >>>>>
> >>
> https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html
> >>>>>
> >>>>> A Docker image containing the binary of the release candidate can be
> >>>>> retrieved via:
> >>>>> docker pull apache/incubator-druid:0.16.0-incubating-rc3
> >>>>>
> >>>>> Release artifacts are signed with the following key:
> >>>>> https://people.apache.org/keys/committer/cwylie.asc
> >>>>>
> >>>>> This key and the key of other committers can also be found in the
> >>>> project's
> >>>>> KEYS file here:
> >>>>> https://dist.apache.org/repos/dist/release/incubator/druid/KEYS
> >>>>>
> >>>>> (If you are a committer, please feel free to add your own key to that
> >>>> file
> >>>>> by following the instructions in the file's header.)
> >>>>>
> >>>>>
> >>>>> Verify checksums:
> >>>>> diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
> >>>>> cut -d ' ' -f1) \
> >>>>> <(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)
> >>>>>
> >>>>> diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
> >>>>> cut -d ' ' -f1) \
> >>>>> <(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)
> >>>>>
> >>>>> Verify signatures:
> >>>>> gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
> >>>>> apache-druid-0.16.0-incubating-src.tar.gz
> >>>>>
> >>>>> gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
> >>>>> apache-druid-0.16.0-incubating-bin.tar.gz
> >>>>>
> >>>>> Please review the proposed artifacts and vote. Note that Apache has
> >>>>> specific requirements that must be met before +1 binding votes can be
> >>>> cast
> >>>>> by PMC members. Please refer to the policy at
> >>>>> http://www.apache.org/legal/release-policy.html#policy for more
> >> details.
> >>>>>
> >>>>> As part of the validation process, the release artifacts can be
> >> generated
> >>>>> from source by running:
> >>>>> mvn clean install -Papache-release,dist -Dgpg.skip
> >>>>>
> >>>>> The RAT license check can be run from source by:
> >>>>> mvn apache-rat:check -Prat
> >>>>>
> >>>>> This vote will be open for at least 72 hours. The vote will pass if a
> >>>>> majority of at least three +1 PMC votes are cast.
> >>>>>
> >>>>> Once the vote has passed, the second stage vote will be called on the
> >>>>> Apache Incubator mailing list to get approval from the Incubator PMC.
> >>>>>
> >>>>> [ ] +1 Release this package as Apache Druid (incubating) 0.16.0
> >>>>> [ ] 0 I don't feel strongly about it, but I'm okay with the release
> >>>>> [ ] -1 Do not release this package because...
> >>>>>
> >>>>> Thanks!
> >>>>>
> >>>>> Apache Druid (incubating) is an effort undergoing incubation at The
> >>>> Apache
> >>>>> Software Foundation (ASF), sponsored by the Apache Incubator.
> >> Incubation
> >>>> is
> >>>>> required of all newly accepted projects until a further review
> >> indicates
> >>>>> that the infrastructure, communications, and decision making process
> >> have
> >>>>> stabilized in a manner consistent with other successful ASF projects.
> >>>> While
> >>>>> incubation status is not necessarily a reflection of the
> >> completeness or
> >>>>> stability of the code, it does indicate that the project has yet to
> >> be
> >>>>> fully endorsed by the ASF.
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> >>>> For additional commands, e-mail: dev-help@druid.apache.org
> >>>>
> >>>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> >> For additional commands, e-mail: dev-help@druid.apache.org
> >>
> >>
>
>

Re: [VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[Julian Hyde <jh...@apache.org>]

Full checksum. An attacker can easily generate a binary that matches a given 32 bit bit (8 digit) hash. That’s why we use SHA-256 or SHA-512.

If it helps, here is a typical Calcite vote email:

http://mail-archives.apache.org/mod_mbox/calcite-dev/201906.mbox/%3cCA+EpF8vwOceAeUjv+DJU=zqRKOQu3dwcKwsyPqhrJ6CrW9eQ8g@mail.gmail.com%3e <http://mail-archives.apache.org/mod_mbox/calcite-dev/201906.mbox/%3CCA+EpF8vwOceAeUjv+DJU=zqRKOQu3dwcKwsyPqhrJ6CrW9eQ8g@mail.gmail.com%3E> 




> On Sep 16, 2019, at 1:43 AM, Clint Wylie <cw...@apache.org> wrote:
> 
> Ah, oops, yes indeed they are reversed, my bad! I certainly agree with all
> your points on why it is a good idea, and will update our template after
> the release to make sure we do it in the future. Is it better practice to
> include the full checksum, or would truncated to the first 8 or so
> characters be preferable to play nice with email?
> 
> On Sun, Sep 15, 2019 at 8:34 PM Julian Hyde <jh...@apache.org> wrote:
> 
>> Sorry for my rather terse -1 vote. I had assumed that we had been
>> following the policy for a while, so when I noticed that we were not I
>> assumed it was a mistake by the release manager.
>> 
>> Actually I am not sure whether it is policy, but there's definitely a
>> strong case for including hashes. The point is this: we are voting on
>> artifacts, principally apache-druid-0.16.0-incubating-src.tar.gz.
>> 
>> Suppose we all vote on the current
>> apache-druid-0.16.0-incubating-src.tar.gz, the vote passes, and then
>> someone replaces it with a similar file that contains some bad stuff.
>> How are we to know whether that is the file we voted on?
>> 
>> Putting the file hash in the vote email guarantees that we are all
>> voting on the same set of artifacts, and that set of artifacts is
>> recorded.
>> 
>> I think you reversed the hashes (I got 0c4b71f0 for bin, 1f25c55e for
>> src), but that's close enough, so let's proceed.
>> 
>> 
>> +1 (binding)
>> 
>> Checked hashes, LICENSE, NOTICE, DISCLAIMER; ran RAT; compiled
>> (skipping tests) using JDK 8 on Ubuntu. Checked that src.tar.gz
>> matches git commit.
>> 
>> Julian
>> 
>> 
>> Julian
>> 
>> On Sun, Sep 15, 2019 at 7:24 PM Clint Wylie <cw...@apache.org> wrote:
>>> 
>>>> The vote email must contain the checksums of the artifacts we are
>> voting
>>> on.
>>> 
>>> Apologies, I wasn't aware of this requirement since we haven't put them
>> in
>>> our prior incubating release vote threads and I was just copying the same
>>> basic template I and others have previously used. Out of curiosity is
>> this
>>> a new-ish requirement that I missed, or one we just didn't notice or have
>>> just been turning a blind eye to? Regardless, since we are now
>> maintaining
>>> a 'how to ASF release' guide in the github repo that includes templates
>> for
>>> voting threads,
>>> 
>> https://github.com/apache/incubator-druid/blob/master/distribution/asf-release-process-guide.md#body
>> ,
>>> I'll
>>> be sure to update it, thanks!
>>> 
>>>> No need for a new RC; I change my vote if the release manager sends an
>>>> email with the checksums.
>>> 
>>> If this thread is ok, here they are:
>>> 
>>> artifact checksums
>>> src:
>>> 
>> 0c4b71f077e28d2f4d3bc3f072543374570b98ec6a1918a5e1828e1da7e3871b5efb04070a8bcdbc172a817e43254640ce28a99757984be7d8dd3d607f1d870e
>>> bin:
>>> 
>> 1f25c55e83069cf7071a97c1e0d56732437dbac4ef373ed1ed72b5b618021b74c107269642226e80081354c8da2e92dc26f1541b01072a4720fd6cfe8dc161a8
>>> docker: df9b900d3726ce123a5c054768da1ea08eba6efe635ced5abc3ad72d6c835e2c
>>> 
>>> Thanks!
>>> Clint
>>> 
>>> On Sun, Sep 15, 2019 at 6:22 PM Julian Hyde <jh...@apache.org> wrote:
>>> 
>>>> -1
>>>> 
>>>> The vote email must contain the checksums of the artifacts we are
>> voting
>>>> on.
>>>> 
>>>> No need for a new RC; I change my vote if the release manager sends an
>>>> email with the checksums.
>>>> 
>>>> Julian
>>>> 
>>>> On Fri, Sep 13, 2019 at 11:57 PM Clint Wylie <cw...@apache.org>
>> wrote:
>>>>> 
>>>>> Hi all,
>>>>> 
>>>>> I have created a build for Apache Druid (incubating) 0.16.0, release
>>>>> candidate 3.
>>>>> 
>>>>> Thanks for everyone who has helped contribute to the release! You can
>>>> read
>>>>> the proposed release notes here:
>>>>> https://github.com/apache/incubator-druid/issues/8369
>>>>> 
>>>>> The release candidate has been tagged in GitHub as
>>>>> druid-0.16.0-incubating-rc3
>> (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
>>>>> available here:
>>>>> 
>>>> 
>> https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3
>>>>> 
>>>>> The artifacts to be voted on are located here:
>>>>> 
>>>> 
>> https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/
>>>>> 
>>>>> Staged druid.apache.org website documentation is available here:
>>>>> 
>> https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html
>>>>> 
>>>>> A Docker image containing the binary of the release candidate can be
>>>>> retrieved via:
>>>>> docker pull apache/incubator-druid:0.16.0-incubating-rc3
>>>>> 
>>>>> Release artifacts are signed with the following key:
>>>>> https://people.apache.org/keys/committer/cwylie.asc
>>>>> 
>>>>> This key and the key of other committers can also be found in the
>>>> project's
>>>>> KEYS file here:
>>>>> https://dist.apache.org/repos/dist/release/incubator/druid/KEYS
>>>>> 
>>>>> (If you are a committer, please feel free to add your own key to that
>>>> file
>>>>> by following the instructions in the file's header.)
>>>>> 
>>>>> 
>>>>> Verify checksums:
>>>>> diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
>>>>> cut -d ' ' -f1) \
>>>>> <(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)
>>>>> 
>>>>> diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
>>>>> cut -d ' ' -f1) \
>>>>> <(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)
>>>>> 
>>>>> Verify signatures:
>>>>> gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
>>>>> apache-druid-0.16.0-incubating-src.tar.gz
>>>>> 
>>>>> gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
>>>>> apache-druid-0.16.0-incubating-bin.tar.gz
>>>>> 
>>>>> Please review the proposed artifacts and vote. Note that Apache has
>>>>> specific requirements that must be met before +1 binding votes can be
>>>> cast
>>>>> by PMC members. Please refer to the policy at
>>>>> http://www.apache.org/legal/release-policy.html#policy for more
>> details.
>>>>> 
>>>>> As part of the validation process, the release artifacts can be
>> generated
>>>>> from source by running:
>>>>> mvn clean install -Papache-release,dist -Dgpg.skip
>>>>> 
>>>>> The RAT license check can be run from source by:
>>>>> mvn apache-rat:check -Prat
>>>>> 
>>>>> This vote will be open for at least 72 hours. The vote will pass if a
>>>>> majority of at least three +1 PMC votes are cast.
>>>>> 
>>>>> Once the vote has passed, the second stage vote will be called on the
>>>>> Apache Incubator mailing list to get approval from the Incubator PMC.
>>>>> 
>>>>> [ ] +1 Release this package as Apache Druid (incubating) 0.16.0
>>>>> [ ] 0 I don't feel strongly about it, but I'm okay with the release
>>>>> [ ] -1 Do not release this package because...
>>>>> 
>>>>> Thanks!
>>>>> 
>>>>> Apache Druid (incubating) is an effort undergoing incubation at The
>>>> Apache
>>>>> Software Foundation (ASF), sponsored by the Apache Incubator.
>> Incubation
>>>> is
>>>>> required of all newly accepted projects until a further review
>> indicates
>>>>> that the infrastructure, communications, and decision making process
>> have
>>>>> stabilized in a manner consistent with other successful ASF projects.
>>>> While
>>>>> incubation status is not necessarily a reflection of the
>> completeness or
>>>>> stability of the code, it does indicate that the project has yet to
>> be
>>>>> fully endorsed by the ASF.
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
>>>> For additional commands, e-mail: dev-help@druid.apache.org
>>>> 
>>>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
>> For additional commands, e-mail: dev-help@druid.apache.org
>> 
>> 

Re: [VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[Clint Wylie <cw...@apache.org>]

Ah, oops, yes indeed they are reversed, my bad! I certainly agree with all
your points on why it is a good idea, and will update our template after
the release to make sure we do it in the future. Is it better practice to
include the full checksum, or would truncated to the first 8 or so
characters be preferable to play nice with email?

On Sun, Sep 15, 2019 at 8:34 PM Julian Hyde <jh...@apache.org> wrote:

> Sorry for my rather terse -1 vote. I had assumed that we had been
> following the policy for a while, so when I noticed that we were not I
> assumed it was a mistake by the release manager.
>
> Actually I am not sure whether it is policy, but there's definitely a
> strong case for including hashes. The point is this: we are voting on
> artifacts, principally apache-druid-0.16.0-incubating-src.tar.gz.
>
> Suppose we all vote on the current
> apache-druid-0.16.0-incubating-src.tar.gz, the vote passes, and then
> someone replaces it with a similar file that contains some bad stuff.
> How are we to know whether that is the file we voted on?
>
> Putting the file hash in the vote email guarantees that we are all
> voting on the same set of artifacts, and that set of artifacts is
> recorded.
>
> I think you reversed the hashes (I got 0c4b71f0 for bin, 1f25c55e for
> src), but that's close enough, so let's proceed.
>
>
> +1 (binding)
>
> Checked hashes, LICENSE, NOTICE, DISCLAIMER; ran RAT; compiled
> (skipping tests) using JDK 8 on Ubuntu. Checked that src.tar.gz
> matches git commit.
>
> Julian
>
>
> Julian
>
> On Sun, Sep 15, 2019 at 7:24 PM Clint Wylie <cw...@apache.org> wrote:
> >
> > > The vote email must contain the checksums of the artifacts we are
> voting
> > on.
> >
> > Apologies, I wasn't aware of this requirement since we haven't put them
> in
> > our prior incubating release vote threads and I was just copying the same
> > basic template I and others have previously used. Out of curiosity is
> this
> > a new-ish requirement that I missed, or one we just didn't notice or have
> > just been turning a blind eye to? Regardless, since we are now
> maintaining
> > a 'how to ASF release' guide in the github repo that includes templates
> for
> > voting threads,
> >
> https://github.com/apache/incubator-druid/blob/master/distribution/asf-release-process-guide.md#body
> ,
> > I'll
> > be sure to update it, thanks!
> >
> > > No need for a new RC; I change my vote if the release manager sends an
> > > email with the checksums.
> >
> > If this thread is ok, here they are:
> >
> > artifact checksums
> > src:
> >
> 0c4b71f077e28d2f4d3bc3f072543374570b98ec6a1918a5e1828e1da7e3871b5efb04070a8bcdbc172a817e43254640ce28a99757984be7d8dd3d607f1d870e
> > bin:
> >
> 1f25c55e83069cf7071a97c1e0d56732437dbac4ef373ed1ed72b5b618021b74c107269642226e80081354c8da2e92dc26f1541b01072a4720fd6cfe8dc161a8
> > docker: df9b900d3726ce123a5c054768da1ea08eba6efe635ced5abc3ad72d6c835e2c
> >
> > Thanks!
> > Clint
> >
> > On Sun, Sep 15, 2019 at 6:22 PM Julian Hyde <jh...@apache.org> wrote:
> >
> > > -1
> > >
> > > The vote email must contain the checksums of the artifacts we are
> voting
> > > on.
> > >
> > > No need for a new RC; I change my vote if the release manager sends an
> > > email with the checksums.
> > >
> > > Julian
> > >
> > > On Fri, Sep 13, 2019 at 11:57 PM Clint Wylie <cw...@apache.org>
> wrote:
> > > >
> > > > Hi all,
> > > >
> > > > I have created a build for Apache Druid (incubating) 0.16.0, release
> > > > candidate 3.
> > > >
> > > > Thanks for everyone who has helped contribute to the release! You can
> > > read
> > > > the proposed release notes here:
> > > > https://github.com/apache/incubator-druid/issues/8369
> > > >
> > > > The release candidate has been tagged in GitHub as
> > > > druid-0.16.0-incubating-rc3
> (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
> > > > available here:
> > > >
> > >
> https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3
> > > >
> > > > The artifacts to be voted on are located here:
> > > >
> > >
> https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/
> > > >
> > > > Staged druid.apache.org website documentation is available here:
> > > >
> https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html
> > > >
> > > > A Docker image containing the binary of the release candidate can be
> > > > retrieved via:
> > > > docker pull apache/incubator-druid:0.16.0-incubating-rc3
> > > >
> > > > Release artifacts are signed with the following key:
> > > > https://people.apache.org/keys/committer/cwylie.asc
> > > >
> > > > This key and the key of other committers can also be found in the
> > > project's
> > > > KEYS file here:
> > > > https://dist.apache.org/repos/dist/release/incubator/druid/KEYS
> > > >
> > > > (If you are a committer, please feel free to add your own key to that
> > > file
> > > > by following the instructions in the file's header.)
> > > >
> > > >
> > > > Verify checksums:
> > > > diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
> > > > cut -d ' ' -f1) \
> > > > <(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)
> > > >
> > > > diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
> > > > cut -d ' ' -f1) \
> > > > <(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)
> > > >
> > > > Verify signatures:
> > > > gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
> > > > apache-druid-0.16.0-incubating-src.tar.gz
> > > >
> > > > gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
> > > > apache-druid-0.16.0-incubating-bin.tar.gz
> > > >
> > > > Please review the proposed artifacts and vote. Note that Apache has
> > > > specific requirements that must be met before +1 binding votes can be
> > > cast
> > > > by PMC members. Please refer to the policy at
> > > > http://www.apache.org/legal/release-policy.html#policy for more
> details.
> > > >
> > > > As part of the validation process, the release artifacts can be
> generated
> > > > from source by running:
> > > > mvn clean install -Papache-release,dist -Dgpg.skip
> > > >
> > > > The RAT license check can be run from source by:
> > > > mvn apache-rat:check -Prat
> > > >
> > > > This vote will be open for at least 72 hours. The vote will pass if a
> > > > majority of at least three +1 PMC votes are cast.
> > > >
> > > > Once the vote has passed, the second stage vote will be called on the
> > > > Apache Incubator mailing list to get approval from the Incubator PMC.
> > > >
> > > > [ ] +1 Release this package as Apache Druid (incubating) 0.16.0
> > > > [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > > > [ ] -1 Do not release this package because...
> > > >
> > > > Thanks!
> > > >
> > > > Apache Druid (incubating) is an effort undergoing incubation at The
> > > Apache
> > > > Software Foundation (ASF), sponsored by the Apache Incubator.
> Incubation
> > > is
> > > > required of all newly accepted projects until a further review
> indicates
> > > > that the infrastructure, communications, and decision making process
> have
> > > > stabilized in a manner consistent with other successful ASF projects.
> > > While
> > > > incubation status is not necessarily a reflection of the
> completeness or
> > > > stability of the code, it does indicate that the project has yet to
> be
> > > > fully endorsed by the ASF.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > For additional commands, e-mail: dev-help@druid.apache.org
> > >
> > >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> For additional commands, e-mail: dev-help@druid.apache.org
>
>

Re: [VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[Julian Hyde <jh...@apache.org>]

Sorry for my rather terse -1 vote. I had assumed that we had been
following the policy for a while, so when I noticed that we were not I
assumed it was a mistake by the release manager.

Actually I am not sure whether it is policy, but there's definitely a
strong case for including hashes. The point is this: we are voting on
artifacts, principally apache-druid-0.16.0-incubating-src.tar.gz.

Suppose we all vote on the current
apache-druid-0.16.0-incubating-src.tar.gz, the vote passes, and then
someone replaces it with a similar file that contains some bad stuff.
How are we to know whether that is the file we voted on?

Putting the file hash in the vote email guarantees that we are all
voting on the same set of artifacts, and that set of artifacts is
recorded.

I think you reversed the hashes (I got 0c4b71f0 for bin, 1f25c55e for
src), but that's close enough, so let's proceed.


+1 (binding)

Checked hashes, LICENSE, NOTICE, DISCLAIMER; ran RAT; compiled
(skipping tests) using JDK 8 on Ubuntu. Checked that src.tar.gz
matches git commit.

Julian


Julian

On Sun, Sep 15, 2019 at 7:24 PM Clint Wylie <cw...@apache.org> wrote:
>
> > The vote email must contain the checksums of the artifacts we are voting
> on.
>
> Apologies, I wasn't aware of this requirement since we haven't put them in
> our prior incubating release vote threads and I was just copying the same
> basic template I and others have previously used. Out of curiosity is this
> a new-ish requirement that I missed, or one we just didn't notice or have
> just been turning a blind eye to? Regardless, since we are now maintaining
> a 'how to ASF release' guide in the github repo that includes templates for
> voting threads,
> https://github.com/apache/incubator-druid/blob/master/distribution/asf-release-process-guide.md#body,
> I'll
> be sure to update it, thanks!
>
> > No need for a new RC; I change my vote if the release manager sends an
> > email with the checksums.
>
> If this thread is ok, here they are:
>
> artifact checksums
> src:
> 0c4b71f077e28d2f4d3bc3f072543374570b98ec6a1918a5e1828e1da7e3871b5efb04070a8bcdbc172a817e43254640ce28a99757984be7d8dd3d607f1d870e
> bin:
> 1f25c55e83069cf7071a97c1e0d56732437dbac4ef373ed1ed72b5b618021b74c107269642226e80081354c8da2e92dc26f1541b01072a4720fd6cfe8dc161a8
> docker: df9b900d3726ce123a5c054768da1ea08eba6efe635ced5abc3ad72d6c835e2c
>
> Thanks!
> Clint
>
> On Sun, Sep 15, 2019 at 6:22 PM Julian Hyde <jh...@apache.org> wrote:
>
> > -1
> >
> > The vote email must contain the checksums of the artifacts we are voting
> > on.
> >
> > No need for a new RC; I change my vote if the release manager sends an
> > email with the checksums.
> >
> > Julian
> >
> > On Fri, Sep 13, 2019 at 11:57 PM Clint Wylie <cw...@apache.org> wrote:
> > >
> > > Hi all,
> > >
> > > I have created a build for Apache Druid (incubating) 0.16.0, release
> > > candidate 3.
> > >
> > > Thanks for everyone who has helped contribute to the release! You can
> > read
> > > the proposed release notes here:
> > > https://github.com/apache/incubator-druid/issues/8369
> > >
> > > The release candidate has been tagged in GitHub as
> > > druid-0.16.0-incubating-rc3 (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
> > > available here:
> > >
> > https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3
> > >
> > > The artifacts to be voted on are located here:
> > >
> > https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/
> > >
> > > Staged druid.apache.org website documentation is available here:
> > > https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html
> > >
> > > A Docker image containing the binary of the release candidate can be
> > > retrieved via:
> > > docker pull apache/incubator-druid:0.16.0-incubating-rc3
> > >
> > > Release artifacts are signed with the following key:
> > > https://people.apache.org/keys/committer/cwylie.asc
> > >
> > > This key and the key of other committers can also be found in the
> > project's
> > > KEYS file here:
> > > https://dist.apache.org/repos/dist/release/incubator/druid/KEYS
> > >
> > > (If you are a committer, please feel free to add your own key to that
> > file
> > > by following the instructions in the file's header.)
> > >
> > >
> > > Verify checksums:
> > > diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
> > > cut -d ' ' -f1) \
> > > <(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)
> > >
> > > diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
> > > cut -d ' ' -f1) \
> > > <(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)
> > >
> > > Verify signatures:
> > > gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
> > > apache-druid-0.16.0-incubating-src.tar.gz
> > >
> > > gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
> > > apache-druid-0.16.0-incubating-bin.tar.gz
> > >
> > > Please review the proposed artifacts and vote. Note that Apache has
> > > specific requirements that must be met before +1 binding votes can be
> > cast
> > > by PMC members. Please refer to the policy at
> > > http://www.apache.org/legal/release-policy.html#policy for more details.
> > >
> > > As part of the validation process, the release artifacts can be generated
> > > from source by running:
> > > mvn clean install -Papache-release,dist -Dgpg.skip
> > >
> > > The RAT license check can be run from source by:
> > > mvn apache-rat:check -Prat
> > >
> > > This vote will be open for at least 72 hours. The vote will pass if a
> > > majority of at least three +1 PMC votes are cast.
> > >
> > > Once the vote has passed, the second stage vote will be called on the
> > > Apache Incubator mailing list to get approval from the Incubator PMC.
> > >
> > > [ ] +1 Release this package as Apache Druid (incubating) 0.16.0
> > > [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > > [ ] -1 Do not release this package because...
> > >
> > > Thanks!
> > >
> > > Apache Druid (incubating) is an effort undergoing incubation at The
> > Apache
> > > Software Foundation (ASF), sponsored by the Apache Incubator. Incubation
> > is
> > > required of all newly accepted projects until a further review indicates
> > > that the infrastructure, communications, and decision making process have
> > > stabilized in a manner consistent with other successful ASF projects.
> > While
> > > incubation status is not necessarily a reflection of the completeness or
> > > stability of the code, it does indicate that the project has yet to be
> > > fully endorsed by the ASF.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > For additional commands, e-mail: dev-help@druid.apache.org
> >
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
For additional commands, e-mail: dev-help@druid.apache.org

Re: [VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[Clint Wylie <cw...@apache.org>]

> The vote email must contain the checksums of the artifacts we are voting
on.

Apologies, I wasn't aware of this requirement since we haven't put them in
our prior incubating release vote threads and I was just copying the same
basic template I and others have previously used. Out of curiosity is this
a new-ish requirement that I missed, or one we just didn't notice or have
just been turning a blind eye to? Regardless, since we are now maintaining
a 'how to ASF release' guide in the github repo that includes templates for
voting threads,
https://github.com/apache/incubator-druid/blob/master/distribution/asf-release-process-guide.md#body,
I'll
be sure to update it, thanks!

> No need for a new RC; I change my vote if the release manager sends an
> email with the checksums.

If this thread is ok, here they are:

artifact checksums
src:
0c4b71f077e28d2f4d3bc3f072543374570b98ec6a1918a5e1828e1da7e3871b5efb04070a8bcdbc172a817e43254640ce28a99757984be7d8dd3d607f1d870e
bin:
1f25c55e83069cf7071a97c1e0d56732437dbac4ef373ed1ed72b5b618021b74c107269642226e80081354c8da2e92dc26f1541b01072a4720fd6cfe8dc161a8
docker: df9b900d3726ce123a5c054768da1ea08eba6efe635ced5abc3ad72d6c835e2c

Thanks!
Clint

On Sun, Sep 15, 2019 at 6:22 PM Julian Hyde <jh...@apache.org> wrote:

> -1
>
> The vote email must contain the checksums of the artifacts we are voting
> on.
>
> No need for a new RC; I change my vote if the release manager sends an
> email with the checksums.
>
> Julian
>
> On Fri, Sep 13, 2019 at 11:57 PM Clint Wylie <cw...@apache.org> wrote:
> >
> > Hi all,
> >
> > I have created a build for Apache Druid (incubating) 0.16.0, release
> > candidate 3.
> >
> > Thanks for everyone who has helped contribute to the release! You can
> read
> > the proposed release notes here:
> > https://github.com/apache/incubator-druid/issues/8369
> >
> > The release candidate has been tagged in GitHub as
> > druid-0.16.0-incubating-rc3 (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
> > available here:
> >
> https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3
> >
> > The artifacts to be voted on are located here:
> >
> https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/
> >
> > Staged druid.apache.org website documentation is available here:
> > https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html
> >
> > A Docker image containing the binary of the release candidate can be
> > retrieved via:
> > docker pull apache/incubator-druid:0.16.0-incubating-rc3
> >
> > Release artifacts are signed with the following key:
> > https://people.apache.org/keys/committer/cwylie.asc
> >
> > This key and the key of other committers can also be found in the
> project's
> > KEYS file here:
> > https://dist.apache.org/repos/dist/release/incubator/druid/KEYS
> >
> > (If you are a committer, please feel free to add your own key to that
> file
> > by following the instructions in the file's header.)
> >
> >
> > Verify checksums:
> > diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
> > cut -d ' ' -f1) \
> > <(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)
> >
> > diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
> > cut -d ' ' -f1) \
> > <(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)
> >
> > Verify signatures:
> > gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
> > apache-druid-0.16.0-incubating-src.tar.gz
> >
> > gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
> > apache-druid-0.16.0-incubating-bin.tar.gz
> >
> > Please review the proposed artifacts and vote. Note that Apache has
> > specific requirements that must be met before +1 binding votes can be
> cast
> > by PMC members. Please refer to the policy at
> > http://www.apache.org/legal/release-policy.html#policy for more details.
> >
> > As part of the validation process, the release artifacts can be generated
> > from source by running:
> > mvn clean install -Papache-release,dist -Dgpg.skip
> >
> > The RAT license check can be run from source by:
> > mvn apache-rat:check -Prat
> >
> > This vote will be open for at least 72 hours. The vote will pass if a
> > majority of at least three +1 PMC votes are cast.
> >
> > Once the vote has passed, the second stage vote will be called on the
> > Apache Incubator mailing list to get approval from the Incubator PMC.
> >
> > [ ] +1 Release this package as Apache Druid (incubating) 0.16.0
> > [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > [ ] -1 Do not release this package because...
> >
> > Thanks!
> >
> > Apache Druid (incubating) is an effort undergoing incubation at The
> Apache
> > Software Foundation (ASF), sponsored by the Apache Incubator. Incubation
> is
> > required of all newly accepted projects until a further review indicates
> > that the infrastructure, communications, and decision making process have
> > stabilized in a manner consistent with other successful ASF projects.
> While
> > incubation status is not necessarily a reflection of the completeness or
> > stability of the code, it does indicate that the project has yet to be
> > fully endorsed by the ASF.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> For additional commands, e-mail: dev-help@druid.apache.org
>
>

Re: [VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[Julian Hyde <jh...@apache.org>]

-1

The vote email must contain the checksums of the artifacts we are voting on.

No need for a new RC; I change my vote if the release manager sends an
email with the checksums.

Julian

On Fri, Sep 13, 2019 at 11:57 PM Clint Wylie <cw...@apache.org> wrote:
>
> Hi all,
>
> I have created a build for Apache Druid (incubating) 0.16.0, release
> candidate 3.
>
> Thanks for everyone who has helped contribute to the release! You can read
> the proposed release notes here:
> https://github.com/apache/incubator-druid/issues/8369
>
> The release candidate has been tagged in GitHub as
> druid-0.16.0-incubating-rc3 (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
> available here:
> https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3
>
> The artifacts to be voted on are located here:
> https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/
>
> Staged druid.apache.org website documentation is available here:
> https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html
>
> A Docker image containing the binary of the release candidate can be
> retrieved via:
> docker pull apache/incubator-druid:0.16.0-incubating-rc3
>
> Release artifacts are signed with the following key:
> https://people.apache.org/keys/committer/cwylie.asc
>
> This key and the key of other committers can also be found in the project's
> KEYS file here:
> https://dist.apache.org/repos/dist/release/incubator/druid/KEYS
>
> (If you are a committer, please feel free to add your own key to that file
> by following the instructions in the file's header.)
>
>
> Verify checksums:
> diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
> cut -d ' ' -f1) \
> <(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)
>
> diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
> cut -d ' ' -f1) \
> <(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)
>
> Verify signatures:
> gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
> apache-druid-0.16.0-incubating-src.tar.gz
>
> gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
> apache-druid-0.16.0-incubating-bin.tar.gz
>
> Please review the proposed artifacts and vote. Note that Apache has
> specific requirements that must be met before +1 binding votes can be cast
> by PMC members. Please refer to the policy at
> http://www.apache.org/legal/release-policy.html#policy for more details.
>
> As part of the validation process, the release artifacts can be generated
> from source by running:
> mvn clean install -Papache-release,dist -Dgpg.skip
>
> The RAT license check can be run from source by:
> mvn apache-rat:check -Prat
>
> This vote will be open for at least 72 hours. The vote will pass if a
> majority of at least three +1 PMC votes are cast.
>
> Once the vote has passed, the second stage vote will be called on the
> Apache Incubator mailing list to get approval from the Incubator PMC.
>
> [ ] +1 Release this package as Apache Druid (incubating) 0.16.0
> [ ] 0 I don't feel strongly about it, but I'm okay with the release
> [ ] -1 Do not release this package because...
>
> Thanks!
>
> Apache Druid (incubating) is an effort undergoing incubation at The Apache
> Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is
> required of all newly accepted projects until a further review indicates
> that the infrastructure, communications, and decision making process have
> stabilized in a manner consistent with other successful ASF projects. While
> incubation status is not necessarily a reflection of the completeness or
> stability of the code, it does indicate that the project has yet to be
> fully endorsed by the ASF.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
For additional commands, e-mail: dev-help@druid.apache.org

Re: [VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[Furkan KAMACI <fu...@gmail.com>]

Hi,

+1 from me (non-binding).

I checked:
- Incubating in name
- DISCLAIMER exists
- LICENSE and NOTICE are fine
- No unexpected binary files
- Checked PGP signatures
- Checked Checksums
- Code compiles and tests successfully run

Kind Regards,
Furkan KAMACI

On Sun, Sep 15, 2019 at 10:31 AM Jihoon Son <ji...@apache.org> wrote:

> +1 (binding)
>
> src package:
> - verified signature/hash
> - LICENSE, NOTICE, and DISCLAIMER are present
> - unit tests passed
> - licenses checked
> - built binary distribution
>
> bin package:
> - verified signature/hash
> - LICENSE, NOTICE, and DISCLAIMER are present
> - ran native parallel indexing and kafka ingestion quickstart
>
> docker:
> - ran docker cluster locally
>
> On Sat, Sep 14, 2019 at 3:57 PM Clint Wylie <cw...@apache.org> wrote:
>
> > Hi all,
> >
> > I have created a build for Apache Druid (incubating) 0.16.0, release
> > candidate 3.
> >
> > Thanks for everyone who has helped contribute to the release! You can
> read
> > the proposed release notes here:
> > https://github.com/apache/incubator-druid/issues/8369
> >
> > The release candidate has been tagged in GitHub as
> > druid-0.16.0-incubating-rc3 (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
> > available here:
> >
> >
> https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3
> >
> > The artifacts to be voted on are located here:
> >
> >
> https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/
> >
> > Staged druid.apache.org website documentation is available here:
> > https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html
> >
> > A Docker image containing the binary of the release candidate can be
> > retrieved via:
> > docker pull apache/incubator-druid:0.16.0-incubating-rc3
> >
> > Release artifacts are signed with the following key:
> > https://people.apache.org/keys/committer/cwylie.asc
> >
> > This key and the key of other committers can also be found in the
> project's
> > KEYS file here:
> > https://dist.apache.org/repos/dist/release/incubator/druid/KEYS
> >
> > (If you are a committer, please feel free to add your own key to that
> file
> > by following the instructions in the file's header.)
> >
> >
> > Verify checksums:
> > diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
> > cut -d ' ' -f1) \
> > <(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)
> >
> > diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
> > cut -d ' ' -f1) \
> > <(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)
> >
> > Verify signatures:
> > gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
> > apache-druid-0.16.0-incubating-src.tar.gz
> >
> > gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
> > apache-druid-0.16.0-incubating-bin.tar.gz
> >
> > Please review the proposed artifacts and vote. Note that Apache has
> > specific requirements that must be met before +1 binding votes can be
> cast
> > by PMC members. Please refer to the policy at
> > http://www.apache.org/legal/release-policy.html#policy for more details.
> >
> > As part of the validation process, the release artifacts can be generated
> > from source by running:
> > mvn clean install -Papache-release,dist -Dgpg.skip
> >
> > The RAT license check can be run from source by:
> > mvn apache-rat:check -Prat
> >
> > This vote will be open for at least 72 hours. The vote will pass if a
> > majority of at least three +1 PMC votes are cast.
> >
> > Once the vote has passed, the second stage vote will be called on the
> > Apache Incubator mailing list to get approval from the Incubator PMC.
> >
> > [ ] +1 Release this package as Apache Druid (incubating) 0.16.0
> > [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > [ ] -1 Do not release this package because...
> >
> > Thanks!
> >
> > Apache Druid (incubating) is an effort undergoing incubation at The
> Apache
> > Software Foundation (ASF), sponsored by the Apache Incubator. Incubation
> is
> > required of all newly accepted projects until a further review indicates
> > that the infrastructure, communications, and decision making process have
> > stabilized in a manner consistent with other successful ASF projects.
> While
> > incubation status is not necessarily a reflection of the completeness or
> > stability of the code, it does indicate that the project has yet to be
> > fully endorsed by the ASF.
> >
>

Re: [VOTE] Release Apache Druid (incubating) 0.16.0 [RC3]

[Jihoon Son <ji...@apache.org>]

+1 (binding)

src package:
- verified signature/hash
- LICENSE, NOTICE, and DISCLAIMER are present
- unit tests passed
- licenses checked
- built binary distribution

bin package:
- verified signature/hash
- LICENSE, NOTICE, and DISCLAIMER are present
- ran native parallel indexing and kafka ingestion quickstart

docker:
- ran docker cluster locally

On Sat, Sep 14, 2019 at 3:57 PM Clint Wylie <cw...@apache.org> wrote:

> Hi all,
>
> I have created a build for Apache Druid (incubating) 0.16.0, release
> candidate 3.
>
> Thanks for everyone who has helped contribute to the release! You can read
> the proposed release notes here:
> https://github.com/apache/incubator-druid/issues/8369
>
> The release candidate has been tagged in GitHub as
> druid-0.16.0-incubating-rc3 (54d29e438a4df34d75e2385af6cefd1092c4ebb3),
> available here:
>
> https://github.com/apache/incubator-druid/releases/tag/druid-0.16.0-incubating-rc3
>
> The artifacts to be voted on are located here:
>
> https://dist.apache.org/repos/dist/dev/incubator/druid/0.16.0-incubating-rc3/
>
> Staged druid.apache.org website documentation is available here:
> https://druid.staged.apache.org/docs/0.16.0-incubating/design/index.html
>
> A Docker image containing the binary of the release candidate can be
> retrieved via:
> docker pull apache/incubator-druid:0.16.0-incubating-rc3
>
> Release artifacts are signed with the following key:
> https://people.apache.org/keys/committer/cwylie.asc
>
> This key and the key of other committers can also be found in the project's
> KEYS file here:
> https://dist.apache.org/repos/dist/release/incubator/druid/KEYS
>
> (If you are a committer, please feel free to add your own key to that file
> by following the instructions in the file's header.)
>
>
> Verify checksums:
> diff <(shasum -a512 apache-druid-0.16.0-incubating-src.tar.gz | \
> cut -d ' ' -f1) \
> <(cat apache-druid-0.16.0-incubating-src.tar.gz.sha512 ; echo)
>
> diff <(shasum -a512 apache-druid-0.16.0-incubating-bin.tar.gz | \
> cut -d ' ' -f1) \
> <(cat apache-druid-0.16.0-incubating-bin.tar.gz.sha512 ; echo)
>
> Verify signatures:
> gpg --verify apache-druid-0.16.0-incubating-src.tar.gz.asc \
> apache-druid-0.16.0-incubating-src.tar.gz
>
> gpg --verify apache-druid-0.16.0-incubating-bin.tar.gz.asc \
> apache-druid-0.16.0-incubating-bin.tar.gz
>
> Please review the proposed artifacts and vote. Note that Apache has
> specific requirements that must be met before +1 binding votes can be cast
> by PMC members. Please refer to the policy at
> http://www.apache.org/legal/release-policy.html#policy for more details.
>
> As part of the validation process, the release artifacts can be generated
> from source by running:
> mvn clean install -Papache-release,dist -Dgpg.skip
>
> The RAT license check can be run from source by:
> mvn apache-rat:check -Prat
>
> This vote will be open for at least 72 hours. The vote will pass if a
> majority of at least three +1 PMC votes are cast.
>
> Once the vote has passed, the second stage vote will be called on the
> Apache Incubator mailing list to get approval from the Incubator PMC.
>
> [ ] +1 Release this package as Apache Druid (incubating) 0.16.0
> [ ] 0 I don't feel strongly about it, but I'm okay with the release
> [ ] -1 Do not release this package because...
>
> Thanks!
>
> Apache Druid (incubating) is an effort undergoing incubation at The Apache
> Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is
> required of all newly accepted projects until a further review indicates
> that the infrastructure, communications, and decision making process have
> stabilized in a manner consistent with other successful ASF projects. While
> incubation status is not necessarily a reflection of the completeness or
> stability of the code, it does indicate that the project has yet to be
> fully endorsed by the ASF.
>