[DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Justin Mclean <ju...@classsoftware.com>]

Hi,

Please put all non vote discussion here, rather than in the vote thread, as it makes it easier to count and review votes.

Thanks,
Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Von Gosling <vo...@apache.org>]

Excellent~

I have checked the update points in RC3. IMO, we could call vote thread again once the ASL2 and EPL license compatible problem is resolved.

> 在 2017年2月10日，21:01，yukon <zh...@xinyu.im> 写道：
> 
> Hi,
> 
> The previous vote has been canceled, and we have resolved the issues
> mentioned by mentors, below are change points:
> 
> 1. Use a 4096 bit key to sign the RC.
> 2. Add license notice for all the dependencies.
> 3. Remove the 3rd party links in README.
> 4. Polish bin/README file.
> 
> The new vote will be called soon.
> At your convenience, would you please check the RC3 and vote it again?
> 
> Thanks,
> yukon
> 
> On Thu, Feb 9, 2017 at 9:00 AM, Xinyu Zhou <zh...@xinyu.im> wrote:
> 
>> Hi Willem,
>> 
>> The public key has been uploaded to key server[1], if it doesn't work in
>> your env, Could you please download the KEYS file and import it? And, next
>> time i will generate a 4096 bit key.
>> 
>> [1]. https://pgp.mit.edu/pks/lookup?op=vindex&search=0x5710EE35C50AC1B1
>> 
>> Regards,
>> yukon
>> On Thu, Feb 09, 2017 at 8:50am, Willem Jiang <wi...@gmail.com>
>> wrote:
>> 
>> Hi,
>> 
>> I just tried to verify the artifact sign, I got these message:
>> 
>> gpg rocketmq-test-4.0.0-incubating-sources.jar.asc
>> gpg: Signature made Tue Feb  7 17:17:14 2017 CST using RSA key ID C50AC1B1
>> gpg: Can't check signature: public key not found
>> 
>> it looks like the public key is not upload the keyserver.
>> You can upload the key to the key server here[1].
>> 
>> BTW the key that yukon uses is less than 2048 bit, it's better to choose a
>> strong one as this suggested[2]
>> 
>> [1]https://pgp.mit.edu/
>> [2]https://www.apache.org/dev/openpgp.html#generate-key
>> 
>> 
>> 
>> 
>> 
>> Willem Jiang
>> 
>> Blog: http://willemjiang.blogspot.com (English)
>>          http://jnn.iteye.com  (Chinese)
>> Twitter: willemjiang
>> Weibo: 姜宁willem
>> 
>> On Tue, Feb 7, 2017 at 7:24 PM, Justin Mclean <ju...@classsoftware.com>
>> wrote:
>> 
>>> Hi,
>>> 
>>> Please put all non vote discussion here, rather than in the vote thread,
>>> as it makes it easier to count and review votes.
>>> 
>>> Thanks,
>>> Justin
>> 
>> 

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[yukon <yu...@apache.org>]

Hi Bruce,

Thanks for your reply.

>  Why do the NOTICE files make note of commons-lang including something
from the Spring Framework?

commons-lang has this in its NOTICE file[1], so we added this to our NOTICE
file.

[1]. https://github.com/apache/commons-lang/blob/master/NOTICE.txt

> What is the policy for pointing users at Stackoverflow and Quora? I don't
think this should be included in the README (In fact, we should create a
users@rocketmq mailing list)

Mainling list is the first place in the section `Learn it & Contact us`,
and if Stackoverflow and Quora shouldn't be here, we will remove it next
release.

> About the file name

The binary file name is a legacy issue, we will unify the source release
and binary release file name in next release.

Regards,
yukon

On Thu, Feb 16, 2017 at 5:46 AM, Justin Mclean <ju...@classsoftware.com>
wrote:

> Hi,
>
> > * It's definitely odd to point to Maven central and Github for
> incubating project releases
>
> It’s more than odd, it’s not in line with policy. You must point to the
> primary source of distribution at Apache, Maven and Github can be mentioned
> as secondary distribution points but should not take prominence over the
> Apache links.
>
> Github releases are misleading as anything that is tagged GitHub assumes
> is a release even though (at that point) it will not have not been voted
> on. For example see [2] Please remove the link to GitHub release form the
> REAME.
>
> > * What is the policy for pointing users at Stackoverflow and Quora? I
> don't
> > think this should be included in the README (In fact, we should create a
> > users@rocketmq mailing list)
>
> Again users should be pointed the mailing lists first, then other places.
> I think the REAMDE is OK here.
>
> > * Why do the NOTICE files make note of commons-lang including something
> > from the Spring Framework?
>
> That’s correct see [1]
>
> > * Shouldn't the release artifact names both be apache-rocketmq-*.zip?
> > ** Also, the binary artifact unzips to a directory named
> > apache-rocketmq-all-* whereas the source artifact unzips to a directory
> > named rocketmq-all-*
>
> There’s no policy on naming, it’s up to the PPMC but having apache in the
> name is good from a branding and legal point of view.
>
> RE the README this is also still an issue with the "Apache RocketMQ
> Community” section. The community is not at https://github.com/rocketmq
> it is here at Apache!
>
> Thanks,
> Justin
>
> 1. http://www.apache.org/dev/licensing-howto.html#alv2-dep
> 2. https://github.com/apache/incubator-rocketmq/releases

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Justin Mclean <ju...@classsoftware.com>]

Hi,

> * It's definitely odd to point to Maven central and Github for incubating project releases

It’s more than odd, it’s not in line with policy. You must point to the primary source of distribution at Apache, Maven and Github can be mentioned as secondary distribution points but should not take prominence over the Apache links.

Github releases are misleading as anything that is tagged GitHub assumes is a release even though (at that point) it will not have not been voted on. For example see [2] Please remove the link to GitHub release form the REAME.

> * What is the policy for pointing users at Stackoverflow and Quora? I don't
> think this should be included in the README (In fact, we should create a
> users@rocketmq mailing list)

Again users should be pointed the mailing lists first, then other places. I think the REAMDE is OK here.

> * Why do the NOTICE files make note of commons-lang including something
> from the Spring Framework?

That’s correct see [1] 

> * Shouldn't the release artifact names both be apache-rocketmq-*.zip?
> ** Also, the binary artifact unzips to a directory named
> apache-rocketmq-all-* whereas the source artifact unzips to a directory
> named rocketmq-all-*

There’s no policy on naming, it’s up to the PPMC but having apache in the name is good from a branding and legal point of view.

RE the README this is also still an issue with the "Apache RocketMQ Community” section. The community is not at https://github.com/rocketmq it is here at Apache!

Thanks,
Justin

1. http://www.apache.org/dev/licensing-howto.html#alv2-dep
2. https://github.com/apache/incubator-rocketmq/releases

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Bruce Snyder <br...@gmail.com>]

Hi All,

None of the items that I've found are showstoppers and I know that these
items have been mentioned before, but I will bring them up since I still
see them:

* It's definitely odd to point to Maven central and Github for incubating
project releases
* Also, the URL https://github.org/apache/rocketmqreleases does not resolve
for me
* What is the policy for pointing users at Stackoverflow and Quora? I don't
think this should be included in the README (In fact, we should create a
users@rocketmq mailing list)
* Why do the NOTICE files make note of commons-lang including something
from the Spring Framework?
* Shouldn't the release artifact names both be apache-rocketmq-*.zip?
** Also, the binary artifact unzips to a directory named
apache-rocketmq-all-* whereas the source artifact unzips to a directory
named rocketmq-all-*

Bruce

On Tue, Feb 14, 2017 at 8:20 PM, Xinyu Zhou <zh...@xinyu.im> wrote:

> Hi Justin,
> Got it, thanks for your reminder.
> Regards, yukon
>
> On Wed, Feb 15, 2017 at 11:16 AM, Justin Mclean <ju...@classsoftware.com>
> wrote:
> Hi,
>
> > Since our new vote has been opened for almost 72 hours and has 4 votes
> from
> > initial committers, can we announce the result and call a vote in IPMC
> now?
>
> It’s best to wait 72 hours and I’d also wait until you have a least one
> vote by a mentor.
>
> Sorry I’ve been a bit busy and not got to it yet.
>
> Thanks,
> Justin
>



-- 
perl -e 'print
unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*" );'

ActiveMQ in Action: http://bit.ly/2je6cQ
Blog: http://bsnyder.org/ <http://bruceblog.org/>
Twitter: http://twitter.com/brucesnyder

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Xinyu Zhou <zh...@xinyu.im>]

Hi Justin,
Got it, thanks for your reminder.
Regards, yukon

On Wed, Feb 15, 2017 at 11:16 AM, Justin Mclean <ju...@classsoftware.com> wrote:
Hi,

> Since our new vote has been opened for almost 72 hours and has 4 votes from
> initial committers, can we announce the result and call a vote in IPMC now?

It’s best to wait 72 hours and I’d also wait until you have a least one vote by a mentor.

Sorry I’ve been a bit busy and not got to it yet.

Thanks,
Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Justin Mclean <ju...@classsoftware.com>]

Hi,

> Since our new vote has been opened for almost 72 hours and has 4 votes from
> initial committers, can we announce the result and call a vote in IPMC now?

It’s best to wait 72 hours and I’d also wait until you have a least one vote by a mentor.

Sorry I’ve been a bit busy and not got to it yet.

Thanks,
Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[yukon <yu...@apache.org>]

Hi,

Since our new vote has been opened for almost 72 hours and has 4 votes from
initial committers, can we announce the result and call a vote in IPMC now?

Regards,
yukon

On Sat, Feb 11, 2017 at 4:36 PM, yukon <yu...@apache.org> wrote:

> Hi,
>
> Please help review the Apache RocketMQ 4.0.0-incubating RC3,
>
> The RC3 artifacts:
> https://dist.apache.org/repos/dist/dev/incubator/rocketmq/4.
> 0.0-incubating-rc3/
>
> Git tag for the release:
> https://github.com/apache/incubator-rocketmq/tree/
> rocketmq-4.0.0-incubating
>
> Hash for the release tag:
> dddc3daa2cbec4c7240d6525d2ce198826d29967
>
> Release Notes:
> http://rocketmq.incubator.apache.org/release_notes/release-notes-4.0.0-
> incubating/
>
> The artifacts have been signed with Key : E9BDDB0E, which can be found in
> the keys file:
> https://dist.apache.org/repos/dist/dev/incubator/rocketmq/KEYS
>
> The maven release artifacts:
> https://repository.apache.org/content/repositories/orgapacherocketmq-1003
>
> The change points compare to RC2:
>
> 1. Add license notice for all the dependencies.
> 2. Remove the 3rd party links in README.
> 3. Polish bin/README file.
> 4. Two PRs have been merged(https://github.com/apache/incubator-rocketmq/
> pull/50, https://github.com/apache/incubator-rocketmq/pull/54)
> 5. Add separate LICENSE and NOTICE files for binary release and source
> release.
>
> If everything is ok, we will call a new vote for RC3 tomorrow.
>
> Regards,
> yukon
>
> On Sat, Feb 11, 2017 at 3:59 PM, yukon <yu...@apache.org> wrote:
>
>> Hi Justin,
>>
>> I got it, thanks. And I will carry out our conclusion soon.
>>
>> Regards,
>> yukon
>>
>> On Sat, Feb 11, 2017 at 2:51 PM, Justin Mclean <ju...@classsoftware.com>
>> wrote:
>>
>>> Hi,
>>>
>>> > So we can use the LICENSE and NOTICE files of `master branch` version
>>> for our bin artifact, while use the LICENSE and NOTICE of a old
>>> version[1][2] for our source artifact. Does it ok?
>>>
>>> That looks right to me.
>>>
>>> Thanks,
>>> Justin
>>
>>
>>
>

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[yukon <yu...@apache.org>]

Hi,

Please help review the Apache RocketMQ 4.0.0-incubating RC3,

The RC3 artifacts:
https://dist.apache.org/repos/dist/dev/incubator/rocketmq/4.0.0-incubating-rc3/

Git tag for the release:
https://github.com/apache/incubator-rocketmq/tree/rocketmq-4.0.0-incubating

Hash for the release tag:
dddc3daa2cbec4c7240d6525d2ce198826d29967

Release Notes:
http://rocketmq.incubator.apache.org/release_notes/release-notes-4.0.0-incubating/

The artifacts have been signed with Key : E9BDDB0E, which can be found in
the keys file:
https://dist.apache.org/repos/dist/dev/incubator/rocketmq/KEYS

The maven release artifacts:
https://repository.apache.org/content/repositories/orgapacherocketmq-1003

The change points compare to RC2:

1. Add license notice for all the dependencies.
2. Remove the 3rd party links in README.
3. Polish bin/README file.
4. Two PRs have been merged(
https://github.com/apache/incubator-rocketmq/pull/50,
https://github.com/apache/incubator-rocketmq/pull/54)
5. Add separate LICENSE and NOTICE files for binary release and source
release.

If everything is ok, we will call a new vote for RC3 tomorrow.

Regards,
yukon

On Sat, Feb 11, 2017 at 3:59 PM, yukon <yu...@apache.org> wrote:

> Hi Justin,
>
> I got it, thanks. And I will carry out our conclusion soon.
>
> Regards,
> yukon
>
> On Sat, Feb 11, 2017 at 2:51 PM, Justin Mclean <ju...@classsoftware.com>
> wrote:
>
>> Hi,
>>
>> > So we can use the LICENSE and NOTICE files of `master branch` version
>> for our bin artifact, while use the LICENSE and NOTICE of a old
>> version[1][2] for our source artifact. Does it ok?
>>
>> That looks right to me.
>>
>> Thanks,
>> Justin
>
>
>

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[yukon <yu...@apache.org>]

Hi Justin,

I got it, thanks. And I will carry out our conclusion soon.

Regards,
yukon

On Sat, Feb 11, 2017 at 2:51 PM, Justin Mclean <ju...@classsoftware.com>
wrote:

> Hi,
>
> > So we can use the LICENSE and NOTICE files of `master branch` version
> for our bin artifact, while use the LICENSE and NOTICE of a old
> version[1][2] for our source artifact. Does it ok?
>
> That looks right to me.
>
> Thanks,
> Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Justin Mclean <ju...@classsoftware.com>]

Hi,

> So we can use the LICENSE and NOTICE files of `master branch` version for our bin artifact, while use the LICENSE and NOTICE of a old version[1][2] for our source artifact. Does it ok?

That looks right to me.

Thanks,
Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Xinyu Zhou <zh...@xinyu.im>]

Hi Justin,

Thanks for the quick reply.

So we can use the LICENSE and NOTICE files of `master branch` version for our bin artifact, while use the LICENSE and NOTICE of a old version[1][2] for our source artifact. Does it ok?

And I will rename "binary dependency" to "bundles".

[1]. https://github.com/apache/incubator-rocketmq/blob/ROCKETMQ-53/NOTICE
[2]. https://github.com/apache/incubator-rocketmq/blob/ROCKETMQ-53/LICENSE

Regards,
yukon



On Sat, Feb 11, 2017 at 1:31pm, Justin Mclean < justin@classsoftware.com [justin@classsoftware.com] > wrote:
Hi,

> I updated the LICENSE file, the non ASF ALv2 licenses has been added to our
> LICENSE file, and I think the mentioned [3],[4],[5] and [9] have been
> resolved.

In LICENSE rather than "binary dependency” I would put “bundles”.

There are dependancies not listed and it the fact that they are bundled not dependancies matters if something goes into LICENSE.

Thanks,
Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Justin Mclean <ju...@classsoftware.com>]

Hi,

> I updated the LICENSE file, the non ASF ALv2 licenses has been added to our
> LICENSE file, and I think the mentioned [3],[4],[5] and [9] have been
> resolved.

In LICENSE rather than "binary dependency” I would put “bundles”.

There are dependancies not listed and it the fact that they are bundled not dependancies matters if something goes into LICENSE.

Thanks,
Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Justin Mclean <ju...@classsoftware.com>]

Hi,

> I am not sure how to seperate LICENSE and NOTICE files for the source and
> binary packages, Do you mean we need add four files at  top level of the
> source tree ? LICENSE and NOTICE for source release, while LICENSE-BIN and
> NOTICE-BIN for binary release.

That look good to me, as long as you can rename the -BIN files  to LICENSE and NOTICE in the binary artifact.

> And what's difference between the four files?

The existing LICENSE and NOTICE files (before the changes) were fine for the source release.

> The binary of RocketMQ has 8 dependencies

The LICENSE and NOTICE contents are based on the contents of the artefact. ie What is bundled inside it not what it depends upon. (see the guiding principle link I posted earlier).

Hope that help, any questions or if it not clear just ask and I’ll do my best to explain.

Thanks,
Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[yukon <yu...@apache.org>]

Hi Justin,

Many thanks for your kind help.

I updated the LICENSE file, the non ASF ALv2 licenses has been added to our
LICENSE file, and I think the mentioned [3],[4],[5] and [9] have been
resolved.

I am not sure how to seperate LICENSE and NOTICE files for the source and
binary packages, Do you mean we need add four files at  top level of the
source tree ? LICENSE and NOTICE for source release, while LICENSE-BIN and
NOTICE-BIN for binary release.

And what's difference between the four files?

IMO,
The binary of RocketMQ has 8 dependencies: netty, commons-cli,
commons-lang, fastjson, javassist, jna, logback, slf4j,
while the source has some extra test scope dependencies like junit,
assertj, mockito, so are these the difference between LICENSE/NOTICE  and
LICENSE-BIN/NOTICE-BIN files?

I would appreciate your help.

Thanks,
yukon

On Sat, Feb 11, 2017 at 12:19 PM, Justin Mclean <ju...@classsoftware.com>
wrote:

> Hi,
>
> > Justin, you are right, I have polished the LICENSE and NOTICE files,
> would
> > you please check help us check it again at your convenience?
> >
> > [1]. https://github.com/apache/incubator-rocketmq/blob/master/LICENSE
> > [2]. https://github.com/apache/incubator-rocketmq/blob/master/NOTICE <
> https://github.com/apache/incubator-rocketmq/blob/master/NOTICE>
> Better (for the binary) but I think it still needs a little work. As I
> said before we need seperate LICENSE and NOTCE files for the source and
> binary packages not one for both. See [1][2] for an explanation.
>
> The binary is also several missing licenses as as I mentioned in my review
> RC2, these should be added to LICENSE.
>
> While not strictly required it probably a good idea to also add the non
> ASF ALv2 licenses to LICENSE as they are misisng NOTICE files and thus it
> may be unclear who the copyright owner is.
>
> From my RC2 review:
> "The binary LICENSE and NOTICE will need some more work as it bundles a
> number of things that are not from the ASF, having multiple license or are
> Apache licensed. See [2] (notice that affects ours), [3] (not ASF apache
> software), [4] (multiple licenses), [5] (multiple licenses), [6] (non
> Apache license), [7] (non Apache license), [8] (notice file)., [9] (non
> Apache license).”
>
> As far as I can see [3], [4], [5] and [9] haven’t been addressed, if you
> are unsure on how to deal with them or the above isn’t clear please ask and
> I’ll help.
>
> Thanks,
> Justin
>
> 1. http://www.apache.org/dev/licensing-howto.html#binary <
> http://www.apache.org/dev/licensing-howto.html#binary>
> 2. http://www.apache.org/dev/licensing-howto.html#guiding-principle <
> http://www.apache.org/dev/licensing-howto.html#guiding-principle>
> 3. https://github.com/alibaba/fastjson <https://github.com/alibaba/
> fastjson>
> 4. https://github.com/jboss-javassist/javassist/blob/master/License.html <
> https://github.com/jboss-javassist/javassist/blob/master/License.html>
> 5. https://github.com/java-native-access/jna <https://github.com/java-
> native-access/jna>
> 9. https://www.slf4j.org/license.html <https://www.slf4j.org/license.html>

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Justin Mclean <ju...@classsoftware.com>]

Hi,

> Justin, you are right, I have polished the LICENSE and NOTICE files, would
> you please check help us check it again at your convenience?
> 
> [1]. https://github.com/apache/incubator-rocketmq/blob/master/LICENSE
> [2]. https://github.com/apache/incubator-rocketmq/blob/master/NOTICE <https://github.com/apache/incubator-rocketmq/blob/master/NOTICE>
Better (for the binary) but I think it still needs a little work. As I said before we need seperate LICENSE and NOTCE files for the source and binary packages not one for both. See [1][2] for an explanation.

The binary is also several missing licenses as as I mentioned in my review RC2, these should be added to LICENSE.

While not strictly required it probably a good idea to also add the non ASF ALv2 licenses to LICENSE as they are misisng NOTICE files and thus it may be unclear who the copyright owner is.

From my RC2 review:
"The binary LICENSE and NOTICE will need some more work as it bundles a number of things that are not from the ASF, having multiple license or are Apache licensed. See [2] (notice that affects ours), [3] (not ASF apache software), [4] (multiple licenses), [5] (multiple licenses), [6] (non Apache license), [7] (non Apache license), [8] (notice file)., [9] (non Apache license).”

As far as I can see [3], [4], [5] and [9] haven’t been addressed, if you are unsure on how to deal with them or the above isn’t clear please ask and I’ll help.

Thanks,
Justin

1. http://www.apache.org/dev/licensing-howto.html#binary <http://www.apache.org/dev/licensing-howto.html#binary>
2. http://www.apache.org/dev/licensing-howto.html#guiding-principle <http://www.apache.org/dev/licensing-howto.html#guiding-principle>
3. https://github.com/alibaba/fastjson <https://github.com/alibaba/fastjson>
4. https://github.com/jboss-javassist/javassist/blob/master/License.html <https://github.com/jboss-javassist/javassist/blob/master/License.html>
5. https://github.com/java-native-access/jna <https://github.com/java-native-access/jna>
9. https://www.slf4j.org/license.html <https://www.slf4j.org/license.html>

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[yukon <yu...@apache.org>]

Hi,

Justin, you are right, I have polished the LICENSE and NOTICE files, would
you please check help us check it again at your convenience?

[1]. https://github.com/apache/incubator-rocketmq/blob/master/LICENSE
[2]. https://github.com/apache/incubator-rocketmq/blob/master/NOTICE

Also please mentors, committers and contributors help us to review the new
change points about the RC3:

1. Add license notice for all the dependencies.
2. Remove the 3rd party links in README.
3. Polish bin/README file.
4. Two PRs have been merged(
https://github.com/apache/incubator-rocketmq/pull/50,
https://github.com/apache/incubator-rocketmq/pull/54)

Tomorrow, we will call the vote for Apache RocketMQ 4.0.0-incubating RC3,
please pay any attention to it.

Regards,
yukon


On Sat, Feb 11, 2017 at 9:51 AM, Justin Mclean <ju...@classsoftware.com>
wrote:

> Hi,
>
> > Can we call the RC3 vote now(RC3 is ready) and leave these change points
> in
> > next release?
>
> Up to the release manager, IMO it's still likely to pass a IPMC vote, so
> it could be done.
>
> However if we know it’s an issue and it’s easy to fix why not fix it now?
>
> I would also wait 24 hours to give people a chance in other time zones to
> review the changes.
>
> Thanks,
> Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Justin Mclean <ju...@classsoftware.com>]

Hi,

> Can we call the RC3 vote now(RC3 is ready) and leave these change points in
> next release?

Up to the release manager, IMO it's still likely to pass a IPMC vote, so it could be done.

However if we know it’s an issue and it’s easy to fix why not fix it now?

I would also wait 24 hours to give people a chance in other time zones to review the changes.

Thanks,
Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[yukon <yu...@apache.org>]

Hi,

Got it.

 > It still needs some work: 1,2,3.....

Can we call the RC3 vote now(RC3 is ready) and leave these change points in
next release?

Regards,
yukon

On Sat, Feb 11, 2017 at 8:50 AM, Justin Mclean <ju...@classsoftware.com>
wrote:

> Hi,
>
> > And there is issue being raised that EPL 1.0 is not compatible with ASL2,
> > but RocketMQ has a dependency on logback which is under the EPL v1.0 and
> > the LGPL 2.1 License[1], Does it ok?
>
> EPL is compatible with ASLv2 it just can’t be included in source form. [1]
>
> > Also could you please help us check the NOTICE file is correct or not?
>
> It still needs some work:
> 1. There’s normally no reason to mention ASLv2 unless they have a NOTICE
> file [2]. IF they have a NOTICE file that need to be looked at and portions
> moved to our NOTICE file.
> 2. When software is available under multiple licenses, pick the most
> friendly license and use that. No need to mention the others [3]
> 3. In general license information needs to go in LICENSE not NOTICE.
> Notice is only reserved for a few things. [4][5]
>
> Thanks,
> Justin
>
> 1. https://www.apache.org/legal/resolved#category-b <
> https://www.apache.org/legal/resolved#category-b>
> 2. http://www.apache.org/dev/licensing-howto.html#alv2-dep <
> http://www.apache.org/dev/licensing-howto.html#alv2-dep>
> 3. https://www.apache.org/legal/resolved#mutually-exclusive <
> https://www.apache.org/legal/resolved#mutually-exclusive>
> 4 .https://www.apache.org/legal/resolved#required-third-party-notices <
> https://www.apache.org/legal/resolved#required-third-party-notices>
> 5. http://www.apache.org/dev/licensing-howto.html#mod-notice <
> http://www.apache.org/dev/licensing-howto.html#mod-notice>
>
>
>

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Justin Mclean <ju...@classsoftware.com>]

Hi,

> And there is issue being raised that EPL 1.0 is not compatible with ASL2,
> but RocketMQ has a dependency on logback which is under the EPL v1.0 and
> the LGPL 2.1 License[1], Does it ok?

EPL is compatible with ASLv2 it just can’t be included in source form. [1]

> Also could you please help us check the NOTICE file is correct or not?

It still needs some work:
1. There’s normally no reason to mention ASLv2 unless they have a NOTICE file [2]. IF they have a NOTICE file that need to be looked at and portions moved to our NOTICE file.
2. When software is available under multiple licenses, pick the most friendly license and use that. No need to mention the others [3]
3. In general license information needs to go in LICENSE not NOTICE. Notice is only reserved for a few things. [4][5]

Thanks,
Justin

1. https://www.apache.org/legal/resolved#category-b <https://www.apache.org/legal/resolved#category-b>
2. http://www.apache.org/dev/licensing-howto.html#alv2-dep <http://www.apache.org/dev/licensing-howto.html#alv2-dep>
3. https://www.apache.org/legal/resolved#mutually-exclusive <https://www.apache.org/legal/resolved#mutually-exclusive>
4 .https://www.apache.org/legal/resolved#required-third-party-notices <https://www.apache.org/legal/resolved#required-third-party-notices>
5. http://www.apache.org/dev/licensing-howto.html#mod-notice <http://www.apache.org/dev/licensing-howto.html#mod-notice>

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[yukon <yu...@apache.org>]

Thanks Justin, we got it.

And there is issue being raised that EPL 1.0 is not compatible with ASL2,
but RocketMQ has a dependency on logback which is under the EPL v1.0 and
the LGPL 2.1 License[1], Does it ok?

Also could you please help us check the NOTICE file is correct or not?

[1]. https://github.com/apache/incubator-rocketmq/blob/master/NOTICE

Regards,
yukon

On Sat, Feb 11, 2017 at 6:16 AM, Justin Mclean <ju...@classsoftware.com>
wrote:

> Hi,
>
> > The previous vote has been canceled, and we have resolved the issues
> > mentioned by mentors, below are change points:
>
> Just reminding people that a -1 on a release vote it not a veto, all you
> need for a  release is 3 +1 binding votes and more +1’s than -1’s.
>
> Also being an incubating project there’s so leeway and less need to get
> things perfect the first time.
>
> Thanks,
> Justin
>
>

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Justin Mclean <ju...@classsoftware.com>]

Hi,

> The previous vote has been canceled, and we have resolved the issues
> mentioned by mentors, below are change points:

Just reminding people that a -1 on a release vote it not a veto, all you need for a  release is 3 +1 binding votes and more +1’s than -1’s.

Also being an incubating project there’s so leeway and less need to get things perfect the first time.

Thanks,
Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[yukon <zh...@xinyu.im>]

Hi,

The previous vote has been canceled, and we have resolved the issues
mentioned by mentors, below are change points:

1. Use a 4096 bit key to sign the RC.
2. Add license notice for all the dependencies.
3. Remove the 3rd party links in README.
4. Polish bin/README file.

The new vote will be called soon.
At your convenience, would you please check the RC3 and vote it again?

Thanks,
yukon

On Thu, Feb 9, 2017 at 9:00 AM, Xinyu Zhou <zh...@xinyu.im> wrote:

> Hi Willem,
>
> The public key has been uploaded to key server[1], if it doesn't work in
> your env, Could you please download the KEYS file and import it? And, next
> time i will generate a 4096 bit key.
>
> [1]. https://pgp.mit.edu/pks/lookup?op=vindex&search=0x5710EE35C50AC1B1
>
> Regards,
> yukon
> On Thu, Feb 09, 2017 at 8:50am, Willem Jiang <wi...@gmail.com>
> wrote:
>
> Hi,
>
> I just tried to verify the artifact sign, I got these message:
>
> gpg rocketmq-test-4.0.0-incubating-sources.jar.asc
> gpg: Signature made Tue Feb  7 17:17:14 2017 CST using RSA key ID C50AC1B1
> gpg: Can't check signature: public key not found
>
> it looks like the public key is not upload the keyserver.
> You can upload the key to the key server here[1].
>
> BTW the key that yukon uses is less than 2048 bit, it's better to choose a
> strong one as this suggested[2]
>
> [1]https://pgp.mit.edu/
> [2]https://www.apache.org/dev/openpgp.html#generate-key
>
>
>
>
>
> Willem Jiang
>
> Blog: http://willemjiang.blogspot.com (English)
>           http://jnn.iteye.com  (Chinese)
> Twitter: willemjiang
> Weibo: 姜宁willem
>
> On Tue, Feb 7, 2017 at 7:24 PM, Justin Mclean <ju...@classsoftware.com>
> wrote:
>
> > Hi,
> >
> > Please put all non vote discussion here, rather than in the vote thread,
> > as it makes it easier to count and review votes.
> >
> > Thanks,
> > Justin
>
>

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Xinyu Zhou <zh...@xinyu.im>]

Hi Willem,

The public key has been uploaded to key server[1], if it doesn't work in your env, Could you please download the KEYS file and import it? And, next time i will generate a 4096 bit key.

[1]. https://pgp.mit.edu/pks/lookup?op=vindex&search=0x5710EE35C50AC1B1

Regards,
yukon

On Thu, Feb 09, 2017 at 8:50am, Willem Jiang < willem.jiang@gmail.com [willem.jiang@gmail.com] > wrote:
Hi,

I just tried to verify the artifact sign, I got these message:

gpg rocketmq-test-4.0.0-incubating-sources.jar.asc
gpg: Signature made Tue Feb 7 17:17:14 2017 CST using RSA key ID C50AC1B1
gpg: Can't check signature: public key not found

it looks like the public key is not upload the keyserver.
You can upload the key to the key server here[1].

BTW the key that yukon uses is less than 2048 bit, it's better to choose a
strong one as this suggested[2]

[1]https://pgp.mit.edu/
[2]https://www.apache.org/dev/openpgp.html#generate-key





Willem Jiang

Blog: http://willemjiang.blogspot.com (English)
http://jnn.iteye.com (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem

On Tue, Feb 7, 2017 at 7:24 PM, Justin Mclean <ju...@classsoftware.com>
wrote:

> Hi,
>
> Please put all non vote discussion here, rather than in the vote thread,
> as it makes it easier to count and review votes.
>
> Thanks,
> Justin

Re: [DISCUSS] Release Apache RocketMQ 4.0.0(incubating)

[Willem Jiang <wi...@gmail.com>]

Hi,

I just tried to verify the artifact sign, I got these message:

gpg rocketmq-test-4.0.0-incubating-sources.jar.asc
gpg: Signature made Tue Feb  7 17:17:14 2017 CST using RSA key ID C50AC1B1
gpg: Can't check signature: public key not found

it looks like the public key is not upload the keyserver.
You can upload the key to the key server here[1].

BTW the key that yukon uses is less than 2048 bit, it's better to choose a
strong one as this suggested[2]

[1]https://pgp.mit.edu/
[2]https://www.apache.org/dev/openpgp.html#generate-key





Willem Jiang

Blog: http://willemjiang.blogspot.com (English)
          http://jnn.iteye.com  (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem

On Tue, Feb 7, 2017 at 7:24 PM, Justin Mclean <ju...@classsoftware.com>
wrote:

> Hi,
>
> Please put all non vote discussion here, rather than in the vote thread,
> as it makes it easier to count and review votes.
>
> Thanks,
> Justin