You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@slider.apache.org by Gour Saha <gs...@hortonworks.com> on 2015/03/11 21:43:45 UTC
[VOTE] Release Apache Slider 0.70.0-incubating
Hello,
This is a call for a vote for releasing Apache Slider 0.70.0-incubating.
This is a source+binary release with one .tar file (appdef_1.tar), which is a text file used for -ve testing.
Summary of fixes: http://s.apache.org/AnM
Vote thread: http://s.apache.org/YQx
Results: http://s.apache.org/fFH
Staged artifacts:
https://repository.apache.org/content/repositories/orgapacheslider-1004/org/apache/slider/
Git Source:
https://git-wip-us.apache.org/repos/asf?p=incubator-slider.git;a=commit;h=a8919c847547f0f0db74d76f67f06e1d423a61d3
SHA1: a8919c847547f0f0db74d76f67f06e1d423a61d3
Tag: slider-0.70.0-incubating
PGP key:
http://pgp.mit.edu/pks/lookup?op=vindex&search=gourksaha@apache.org
Basic build/test instructions:
http://slider.incubator.apache.org/developing/building.html
Please vote on releasing this package as Apache Slider 0.70.0-incubating.
This vote will be open for 72 hours.
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Thank You,
The Apache Slider Team
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Josh Elser <el...@apache.org>.
Steve Loughran wrote:
> As gour said, those binaries are just a bit of hadoop-2.6 needed to try to get slider-windows on jenkins to work
>
> Given that for other issues with getting that build up related to the FS, I can just cull these and if/when I get back to getting that build working (which may need changes to Hadoop) I'll stick those native libs up somewhere& have the build D/L them. I've promised to create a set of binaries for the ASF Hadoop releases —probably initially just locally, maybe later serving them up via mvn.
>
> w.r.t rat, I thought we were doing this, though as we've been changing to handing off the build to mvn rather than more manual, it may have unintentionally culled from the process.
I was a little surprised at this as well because I'm rather certain I
explicitly invoked the rat-plugin by hand when I was vetting it.
I don't see any exclusions at a glance, so either I'm not remembering
what I actually checked correctly or something fishy is going on. Either
way, it's a lesson learned to not rely solely on RAT :)
> release cancelled; we'll repeat once the concerns are addressed.
>
> -Steve
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Steve Loughran <st...@hortonworks.com>.
As gour said, those binaries are just a bit of hadoop-2.6 needed to try to get slider-windows on jenkins to work
Given that for other issues with getting that build up related to the FS, I can just cull these and if/when I get back to getting that build working (which may need changes to Hadoop) I'll stick those native libs up somewhere & have the build D/L them. I've promised to create a set of binaries for the ASF Hadoop releases —probably initially just locally, maybe later serving them up via mvn.
w.r.t rat, I thought we were doing this, though as we've been changing to handing off the build to mvn rather than more manual, it may have unintentionally culled from the process.
release cancelled; we'll repeat once the concerns are addressed.
-Steve
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
I notice the binaries in question are in version control as well [1] which is highly unusual. This seem to be related to this [2], I also note it doest't look like vote for Hadoop 2.6 RC0 passed but RC1 did. [3]. Any else have concerns about this?
Thanks,
Justin
1. https://git-wip-us.apache.org/repos/asf?p=incubator-slider.git;a=tree;f=bin/windows/hadoop-2.6.0/bin;h=54bc10b5b49eeba5afdf80ce9234b683bcaef464;hb=refs/heads/develop
2. https://issues.apache.org/jira/browse/SLIDER-640
3. http://mail-archives.apache.org/mod_mbox/hadoop-common-dev/201411.mbox/%3c3A1DDD2D-B4BB-44FC-A8F3-5DAEF6D059F9@hortonworks.com%3e
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Marvin Humphrey <ma...@rectangular.com>.
On Fri, Mar 13, 2015 at 5:22 PM, Justin Mclean <ju...@classsoftware.com> wrote:
> Thanks for that nice detailed explanation. Perhaps it should be aded to
> here? [1] or [2] While I thought it common knowledge it doesn't seem to be
> explicitly written down anywhere in a clear way like that.
Thanks for thinking about this, Justin!
FWIW, the first few sentences are a pastiche drawn from various policies and
Roy emails[1], while the chunk on security is me elaborating on a concern Roy
expressed about trojan horses and can presumably be improved.
For now, I suggest adding a blob to the Incubator's giganto
releasemanagement.html page. That's not the ideal place for it, it's just a
placeholder so that it doesn't get lost.
The thing is, Apache's release policy docs are about to get a significant
streamlining[2]. I think info like this belongs in an official _Release FAQ_,
but that doesn't exist at the moment. The closest thing we have is the
official _Releases Policy_ page at <http://www.apache.org/dev/release>, which
I don't want to mess with right now.
Marvin Humphrey
[1] http://s.apache.org/roy-binary-deps-0
http://s.apache.org/roy-binary-deps-1
http://s.apache.org/roy-binary-deps-2
http://s.apache.org/roy-binary-deps-3
[2] Step 1: A consolidated _Release Distribution Policy_. Draft currently
awaiting approval by VP Infra: http://s.apache.org/VEq
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
Thanks for that nice detailed explanation. Perhaps it should be aded to here? [1] or [2] While I thought it common knowledge it doesn't seem to be explicitly written down anywhere in a clear way like that.
Justin
1. http://www.apache.org/dev/release.html#license
2. http://incubator.apache.org/guides/releasemanagement.html#notes-on-source-only-releases
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Marvin Humphrey <ma...@rectangular.com>.
On Thu, Mar 12, 2015 at 6:36 PM, Gour Saha <gs...@hortonworks.com> wrote:
> Is it okay if we move them to a more appropriate location like
> src/test/resources directory? Or should we just delete them?
Here's the rationale, redux:
The Apache Software Foundation releases open source software. Binary files
cannot be audited by a PMC. Even if they are derived from open source, they
are not open source themselves. They are a potential security hole -- an
attacker who gains control of the machine on which those binaries are
introduced may be able to insert a trojan which then goes along for the ride
with the distribution. Security-conscious consumers who compile from source
distributions rather than use convenience binaries will find it tricky and
laborious to detect and replace embedded mystery binaries.
Does that make sense? Based on that rationale, I hope that you can find a
workaround which allows the official source release to be entirely free of
binaries.
Marvin Humphrey
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Gour Saha <gs...@hortonworks.com>.
Hi Justin,
Thank you for your time.
These files are test resources to make tests work on Jenkins on a windows
machine - https://issues.apache.org/jira/browse/SLIDER-201
The readme.md located below also gives a little info but I just realized
that it is incomplete -
https://git-wip-us.apache.org/repos/asf?p=incubator-slider.git;a=blob;f=bin
/windows/hadoop-2.6.0-SNAPSHOT/readme.md;h=9e4dd5259d1c6e892005b7fa5004aba2
c0a88400;hb=a8919c847547f0f0db74d76f67f06e1d423a61d3
Is it okay if we move them to a more appropriate location like
src/test/resources directory? Or should we just delete them?
Please let me know.
-Gour
On 3/12/15, 5:26 PM, "Justin Mclean" <ju...@classsoftware.com> wrote:
>HI,
>
>It's -1 binding from me as there are binary files (dll's and exe's!) in
>the source release (in both the .zip and tar.gz).
>
>Was rat run over the release? It seems a little strange the release got
>this far without anyone noticing that.
>
>Here are the offending files:
> apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/hadoop.dll
> apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/hadoop.pdb
> apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/hdfs.dll
> apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/hdfs.pdb
> apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/winutils.exe
> apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/winutils.pdb
>
>apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0-SNAPSHOT/bin/hado
>op.dll
>
>apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0-SNAPSHOT/bin/hdfs
>.dll
>
>apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0-SNAPSHOT/bin/winu
>tils.exe
>
>I did check:
>- signatures and hashes correct
>- DISCLAIMER exists
>- LICENSE and NOTICE good
>- Source files have headers
>- Can compile from source
>- minor issues pointed out with the last release have been fixed
>
>So good news is everything else looks OK to me.
>
>Thanks,
>Justin
>---------------------------------------------------------------------
>To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>For additional commands, e-mail: general-help@incubator.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Justin Mclean <ju...@classsoftware.com>.
HI,
It's -1 binding from me as there are binary files (dll's and exe's!) in the source release (in both the .zip and tar.gz).
Was rat run over the release? It seems a little strange the release got this far without anyone noticing that.
Here are the offending files:
apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/hadoop.dll
apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/hadoop.pdb
apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/hdfs.dll
apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/hdfs.pdb
apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/winutils.exe
apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0/bin/winutils.pdb
apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0-SNAPSHOT/bin/hadoop.dll
apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0-SNAPSHOT/bin/hdfs.dll
apache-slider-0.70.0-incubating/bin/windows/hadoop-2.6.0-SNAPSHOT/bin/winutils.exe
I did check:
- signatures and hashes correct
- DISCLAIMER exists
- LICENSE and NOTICE good
- Source files have headers
- Can compile from source
- minor issues pointed out with the last release have been fixed
So good news is everything else looks OK to me.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Billie Rinaldi <bi...@apache.org>.
+1 binding
On Wed, Mar 11, 2015 at 1:43 PM, Gour Saha <gs...@hortonworks.com> wrote:
> Hello,
>
> This is a call for a vote for releasing Apache Slider 0.70.0-incubating.
>
> This is a source+binary release with one .tar file (appdef_1.tar), which
> is a text file used for -ve testing.
>
> Summary of fixes: http://s.apache.org/AnM
> Vote thread: http://s.apache.org/YQx
> Results: http://s.apache.org/fFH
>
> Staged artifacts:
>
> https://repository.apache.org/content/repositories/orgapacheslider-1004/org/apache/slider/
>
> Git Source:
>
> https://git-wip-us.apache.org/repos/asf?p=incubator-slider.git;a=commit;h=a8919c847547f0f0db74d76f67f06e1d423a61d3
> SHA1: a8919c847547f0f0db74d76f67f06e1d423a61d3
> Tag: slider-0.70.0-incubating
>
> PGP key:
> http://pgp.mit.edu/pks/lookup?op=vindex&search=gourksaha@apache.org
>
> Basic build/test instructions:
> http://slider.incubator.apache.org/developing/building.html
>
> Please vote on releasing this package as Apache Slider 0.70.0-incubating.
>
> This vote will be open for 72 hours.
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
> Thank You,
> The Apache Slider Team
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Steve Loughran <st...@hortonworks.com>.
> On 11 Mar 2015, at 13:43, Gour Saha <gs...@hortonworks.com> wrote:
>
> Hello,
>
> This is a call for a vote for releasing Apache Slider 0.70.0-incubating.
>
> This is a source+binary release with one .tar file (appdef_1.tar), which is a text file used for -ve testing.
>
> Summary of fixes: http://s.apache.org/AnM
> Vote thread: http://s.apache.org/YQx
> Results: http://s.apache.org/fFH
>
> Staged artifacts:
> https://repository.apache.org/content/repositories/orgapacheslider-1004/org/apache/slider/
>
> Git Source:
> https://git-wip-us.apache.org/repos/asf?p=incubator-slider.git;a=commit;h=a8919c847547f0f0db74d76f67f06e1d423a61d3
> SHA1: a8919c847547f0f0db74d76f67f06e1d423a61d3
> Tag: slider-0.70.0-incubating
>
> PGP key:
> http://pgp.mit.edu/pks/lookup?op=vindex&search=gourksaha@apache.org
>
> Basic build/test instructions:
> http://slider.incubator.apache.org/developing/building.html
>
> Please vote on releasing this package as Apache Slider 0.70.0-incubating.
>
> This vote will be open for 72 hours.
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
> Thank You,
> The Apache Slider Team
>
+1 (binding).
D/L'd and tested the code
-steve
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Ted Yu <yu...@gmail.com>.
Checked signature
Ran test suite.
+1
On Fri, Mar 13, 2015 at 5:37 AM, 杨浩 <ya...@gmail.com> wrote:
> +1
>
> 2015-03-13 0:48 GMT+08:00 Steve Loughran <st...@hortonworks.com>:
>
> >
> > > On 11 Mar 2015, at 13:43, Gour Saha <gs...@hortonworks.com> wrote:
> > >
> > > Hello,
> > >
> > > This is a call for a vote for releasing Apache Slider
> 0.70.0-incubating.
> > >
> > > This is a source+binary release with one .tar file (appdef_1.tar),
> which
> > is a text file used for -ve testing.
> > >
> > > Summary of fixes: http://s.apache.org/AnM
> > > Vote thread: http://s.apache.org/YQx
> > > Results: http://s.apache.org/fFH
> > >
> > > Staged artifacts:
> > >
> >
> https://repository.apache.org/content/repositories/orgapacheslider-1004/org/apache/slider/
> > >
> > > Git Source:
> > >
> >
> https://git-wip-us.apache.org/repos/asf?p=incubator-slider.git;a=commit;h=a8919c847547f0f0db74d76f67f06e1d423a61d3
> > > SHA1: a8919c847547f0f0db74d76f67f06e1d423a61d3
> > > Tag: slider-0.70.0-incubating
> > >
> > > PGP key:
> > > http://pgp.mit.edu/pks/lookup?op=vindex&search=gourksaha@apache.org
> > >
> > > Basic build/test instructions:
> > > http://slider.incubator.apache.org/developing/building.html
> > >
> > > Please vote on releasing this package as Apache Slider
> 0.70.0-incubating.
> > >
> > > This vote will be open for 72 hours.
> > >
> > > [ ] +1 approve
> > > [ ] +0 no opinion
> > > [ ] -1 disapprove (and reason why)
> > >
> >
> >
> > +1 (binding).
> >
> > D/L'd and tested the code
> >
> >
> >
>
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by 杨浩 <ya...@gmail.com>.
+1
2015-03-13 0:48 GMT+08:00 Steve Loughran <st...@hortonworks.com>:
>
> > On 11 Mar 2015, at 13:43, Gour Saha <gs...@hortonworks.com> wrote:
> >
> > Hello,
> >
> > This is a call for a vote for releasing Apache Slider 0.70.0-incubating.
> >
> > This is a source+binary release with one .tar file (appdef_1.tar), which
> is a text file used for -ve testing.
> >
> > Summary of fixes: http://s.apache.org/AnM
> > Vote thread: http://s.apache.org/YQx
> > Results: http://s.apache.org/fFH
> >
> > Staged artifacts:
> >
> https://repository.apache.org/content/repositories/orgapacheslider-1004/org/apache/slider/
> >
> > Git Source:
> >
> https://git-wip-us.apache.org/repos/asf?p=incubator-slider.git;a=commit;h=a8919c847547f0f0db74d76f67f06e1d423a61d3
> > SHA1: a8919c847547f0f0db74d76f67f06e1d423a61d3
> > Tag: slider-0.70.0-incubating
> >
> > PGP key:
> > http://pgp.mit.edu/pks/lookup?op=vindex&search=gourksaha@apache.org
> >
> > Basic build/test instructions:
> > http://slider.incubator.apache.org/developing/building.html
> >
> > Please vote on releasing this package as Apache Slider 0.70.0-incubating.
> >
> > This vote will be open for 72 hours.
> >
> > [ ] +1 approve
> > [ ] +0 no opinion
> > [ ] -1 disapprove (and reason why)
> >
>
>
> +1 (binding).
>
> D/L'd and tested the code
>
>
>
Re: [VOTE] Release Apache Slider 0.70.0-incubating
Posted by Steve Loughran <st...@hortonworks.com>.
> On 11 Mar 2015, at 13:43, Gour Saha <gs...@hortonworks.com> wrote:
>
> Hello,
>
> This is a call for a vote for releasing Apache Slider 0.70.0-incubating.
>
> This is a source+binary release with one .tar file (appdef_1.tar), which is a text file used for -ve testing.
>
> Summary of fixes: http://s.apache.org/AnM
> Vote thread: http://s.apache.org/YQx
> Results: http://s.apache.org/fFH
>
> Staged artifacts:
> https://repository.apache.org/content/repositories/orgapacheslider-1004/org/apache/slider/
>
> Git Source:
> https://git-wip-us.apache.org/repos/asf?p=incubator-slider.git;a=commit;h=a8919c847547f0f0db74d76f67f06e1d423a61d3
> SHA1: a8919c847547f0f0db74d76f67f06e1d423a61d3
> Tag: slider-0.70.0-incubating
>
> PGP key:
> http://pgp.mit.edu/pks/lookup?op=vindex&search=gourksaha@apache.org
>
> Basic build/test instructions:
> http://slider.incubator.apache.org/developing/building.html
>
> Please vote on releasing this package as Apache Slider 0.70.0-incubating.
>
> This vote will be open for 72 hours.
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
+1 (binding).
D/L'd and tested the code