You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Julian Hyde <jh...@apache.org> on 2014/10/09 21:51:24 UTC
[VOTE] Release Apache Calcite 0.9.1 (incubating)
Hi all,
The Calcite community has voted on and approved a proposal to release
Apache Calcite 0.9.1 (incubating).
This will be the second release since the project entered incubation in
May 2014 as Optiq, and the first under the new project name, Calcite.
Pursuant to the Releases section of the Incubation Policy and with
the endorsement of 2 of our mentors we would now like to request
the permission of the Incubator PMC to publish the release. The vote
is open for 72 hours, or until the necessary number of votes (3 +1)
is reached.
[ ] +1 Release this package as Apache Calcite 0.9.1 incubating
[ ] -1 Do not release this package because ...
Apache Calcite PPMC
Proposal:
http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeL%2Bgcf1yamWqRicpUJxU2tkyqGEzojd9nNXKmdEE3QwQQ%40mail.gmail.com%3E
Vote result:
5 binding +1 votes
3 non-binding +1 votes
No -1 votes
Artifacts:
http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Steven Noels <st...@satisa.be>.
On Thu, Oct 9, 2014, at 12:51 PM, Julian Hyde wrote:
> Hi all,
>
> The Calcite community has voted on and approved a proposal to release
> Apache Calcite 0.9.1 (incubating).
>
> This will be the second release since the project entered incubation in
> May 2014 as Optiq, and the first under the new project name, Calcite.
>
> Pursuant to the Releases section of the Incubation Policy and with
> the endorsement of 2 of our mentors we would now like to request
> the permission of the Incubator PMC to publish the release. The vote
> is open for 72 hours, or until the necessary number of votes (3 +1)
> is reached.
>
> [X] +1 Release this package as Apache Calcite 0.9.1 incubating
Re-reading the thread there might still be issues with RAT compliancy
and signing keys but as most of these release procedure requirements are
underdocumented and left as an exercise for the release manager, I
prefer to go for good intent instead of strict adherence.
So +1.
Steven.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
Sorry here are the missing links from my last email.
1.http://www.hydromatic.net/
2.http://www.hydromatic.net/calcite/team-list.html
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Ted Dunning <te...@gmail.com>.
On Mon, Oct 13, 2014 at 2:05 PM, Marvin Humphrey <ma...@rectangular.com>
wrote:
> > Even if the key is part of a web trust it may not be part of everyone's
> web
> > of trust. I'd see that as a hard requirement to meet.
>
> The last time this came up, Daniel Shahaf suggested an excellent solution:
>
> http://s.apache.org/U57
>
> No one said that a release need have only one signature...
>
> 1) RM prepares tarball, signs, uploads for voting
> 2) voting passes
> 3) mentor appends his signature to the .asc file
> 4) artifacts posted to dist/
>
> That solves the problem for end users until the RM attends a keysigning
> party.
Duh.
Excellent solution.
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Marvin Humphrey <ma...@rectangular.com>.
On Sun, Oct 12, 2014 at 10:28 PM, Justin Mclean
<ju...@classsoftware.com> wrote:
> Even if the key is part of a web trust it may not be part of everyone's web
> of trust. I'd see that as a hard requirement to meet.
The last time this came up, Daniel Shahaf suggested an excellent solution:
http://s.apache.org/U57
No one said that a release need have only one signature...
1) RM prepares tarball, signs, uploads for voting
2) voting passes
3) mentor appends his signature to the .asc file
4) artifacts posted to dist/
That solves the problem for end users until the RM attends a keysigning
party.
Marvin Humphrey
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Ted Dunning <te...@gmail.com>.
On Mon, Oct 13, 2014 at 1:28 AM, Justin Mclean <ju...@classsoftware.com>
wrote:
> > First, the signing key is present in SVN, but has not been uploaded to
> the
> > standard key-servers, nor has it been signed by anyone.
>
> I found it here:
> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
>
> Even if the key is part of a web trust it may not be part of everyone's
> web of trust. I'd see that as a hard requirement to meet.
Better search fu than I had. Kudos.
Connectivity completion in graphs is an example of a critical phenomenon.
Even uniformly selected graphs that have average degree above a relatively
small threshold will be completely connected with high probability. With
power law networks, the threshold also applies. (look up Erdos/Renyi model,
percolation theory and giant components).
The practical effect of this is that having even a handful of signatures on
keys on average will cause a wide-spread web of trust.
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by sebb <se...@gmail.com>.
On 14 October 2014 04:40, Ted Dunning <te...@gmail.com> wrote:
> My search was on the key servers, by using pgp.mit.edu. The issue was that
> you, ironically, can't seem to search by key id.
You need to prefix the (hex) id with 0x, for example:
http://pgp.mit.edu/pks/lookup?search=0x2AD3FAE3&op=index&fingerprint=on
>
>
> On Mon, Oct 13, 2014 at 11:31 PM, Julian Hyde <jh...@apache.org> wrote:
>
>> For the record, I did register my key fingerprint at https://id.apache.org
>> and my key is present at
>> https://people.apache.org/keys/committer/jhyde.asc.
>> And it was before the release was made. So, I am surprised that it did not
>> show up in a search.
>>
>> Julian
>>
>>
>> On Oct 13, 2014, at 12:11 PM, Dennis E. Hamilton <de...@acm.org>
>> wrote:
>>
>> I suggest that the release manager and anyone else in the KEYS file should
>> have added key fingerprints to their Apache profiles at <
>> https://id.apache.org/>.
>>
>> This will have their PGP keys refreshed regularly under their Apache ID at
>> <https://people.apache.org/keys/committer/>.
>>
>> With regard to an identifiable association of the key, presence in this
>> manner connects the PGP key to The Apache ID by demonstration of control
>> over the committer's Apache profile.
>>
>> One can go farther by adding the user-id@apache.org to an User-ID on the
>> key.
>> Verifying that one has control over that e-mail address (and all User-IDs)
>> Is done by registering the public key at the PGP Global Directory service
>> at
>> <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the
>> ceremony specified there. After the ceremony is completed, you can
>> retrieve
>> your counter-signed PGP key from that service and synchronize it to a
>> public
>> PGP key server. The ASF will pick it up on a future refresh.
>>
>> Use of the key from the Apache ID list has certain valuable properties. It
>> is
>> not fixed, as in the key files in the project and in distributions. That
>> means
>> any additional (web-of-trust) certifications of the keys association with a
>> committer are updated automatically. That includes any revocations.
>>
>>
>> -- Dennis E. Hamilton
>> dennis.hamilton@acm.org +1-206-779-9430
>> https://keybase.io/orcmid PGP F96E 89FF D456 628A
>> X.509 certs used and requested for signed e-mail
>>
>>
>>
>> -----Original Message-----
>> From: Justin Mclean [mailto:justin@classsoftware.com]
>> Sent: Sunday, October 12, 2014 22:29
>> To: general@incubator.apache.org
>> Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
>>
>> Hi,
>>
>> First, the signing key is present in SVN, but has not been uploaded to the
>> standard key-servers, nor has it been signed by anyone.
>>
>>
>> I found it here:
>> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
>>
>> Even if the key is part of a web trust it may not be part of everyone's web
>> of trust. I'd see that as a hard requirement to meet.
>>
>> Thanks,
>> Justin
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Ted Dunning <te...@gmail.com>.
My search was on the key servers, by using pgp.mit.edu. The issue was that
you, ironically, can't seem to search by key id.
On Mon, Oct 13, 2014 at 11:31 PM, Julian Hyde <jh...@apache.org> wrote:
> For the record, I did register my key fingerprint at https://id.apache.org
> and my key is present at
> https://people.apache.org/keys/committer/jhyde.asc.
> And it was before the release was made. So, I am surprised that it did not
> show up in a search.
>
> Julian
>
>
> On Oct 13, 2014, at 12:11 PM, Dennis E. Hamilton <de...@acm.org>
> wrote:
>
> I suggest that the release manager and anyone else in the KEYS file should
> have added key fingerprints to their Apache profiles at <
> https://id.apache.org/>.
>
> This will have their PGP keys refreshed regularly under their Apache ID at
> <https://people.apache.org/keys/committer/>.
>
> With regard to an identifiable association of the key, presence in this
> manner connects the PGP key to The Apache ID by demonstration of control
> over the committer's Apache profile.
>
> One can go farther by adding the user-id@apache.org to an User-ID on the
> key.
> Verifying that one has control over that e-mail address (and all User-IDs)
> Is done by registering the public key at the PGP Global Directory service
> at
> <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the
> ceremony specified there. After the ceremony is completed, you can
> retrieve
> your counter-signed PGP key from that service and synchronize it to a
> public
> PGP key server. The ASF will pick it up on a future refresh.
>
> Use of the key from the Apache ID list has certain valuable properties. It
> is
> not fixed, as in the key files in the project and in distributions. That
> means
> any additional (web-of-trust) certifications of the keys association with a
> committer are updated automatically. That includes any revocations.
>
>
> -- Dennis E. Hamilton
> dennis.hamilton@acm.org +1-206-779-9430
> https://keybase.io/orcmid PGP F96E 89FF D456 628A
> X.509 certs used and requested for signed e-mail
>
>
>
> -----Original Message-----
> From: Justin Mclean [mailto:justin@classsoftware.com]
> Sent: Sunday, October 12, 2014 22:29
> To: general@incubator.apache.org
> Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
>
> Hi,
>
> First, the signing key is present in SVN, but has not been uploaded to the
> standard key-servers, nor has it been signed by anyone.
>
>
> I found it here:
> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
>
> Even if the key is part of a web trust it may not be part of everyone's web
> of trust. I'd see that as a hard requirement to meet.
>
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Julian Hyde <jh...@apache.org>.
For the record, I did register my key fingerprint at https://id.apache.org
and my key is present at https://people.apache.org/keys/committer/jhyde.asc.
And it was before the release was made. So, I am surprised that it did not
show up in a search.
Julian
On Oct 13, 2014, at 12:11 PM, Dennis E. Hamilton <de...@acm.org>
wrote:
I suggest that the release manager and anyone else in the KEYS file should
have added key fingerprints to their Apache profiles at <
https://id.apache.org/>.
This will have their PGP keys refreshed regularly under their Apache ID at
<https://people.apache.org/keys/committer/>.
With regard to an identifiable association of the key, presence in this
manner connects the PGP key to The Apache ID by demonstration of control
over the committer's Apache profile.
One can go farther by adding the user-id@apache.org to an User-ID on the
key.
Verifying that one has control over that e-mail address (and all User-IDs)
Is done by registering the public key at the PGP Global Directory service
at
<https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the
ceremony specified there. After the ceremony is completed, you can retrieve
your counter-signed PGP key from that service and synchronize it to a public
PGP key server. The ASF will pick it up on a future refresh.
Use of the key from the Apache ID list has certain valuable properties. It
is
not fixed, as in the key files in the project and in distributions. That
means
any additional (web-of-trust) certifications of the keys association with a
committer are updated automatically. That includes any revocations.
-- Dennis E. Hamilton
dennis.hamilton@acm.org +1-206-779-9430
https://keybase.io/orcmid PGP F96E 89FF D456 628A
X.509 certs used and requested for signed e-mail
-----Original Message-----
From: Justin Mclean [mailto:justin@classsoftware.com]
Sent: Sunday, October 12, 2014 22:29
To: general@incubator.apache.org
Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Hi,
First, the signing key is present in SVN, but has not been uploaded to the
standard key-servers, nor has it been signed by anyone.
I found it here:
https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
Even if the key is part of a web trust it may not be part of everyone's web
of trust. I'd see that as a hard requirement to meet.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Alan Gates <ga...@hortonworks.com>.
+1, forwarded from the PPMC vote.
Alan.
> Julian Hyde <ma...@apache.org>
> October 17, 2014 at 6:49
> This vote has been open 8 days, and has two +1 votes. There has been a
> lot of discussion, but I don't think any issues have been discovered
> which would stop the release. We seem have reached impasse.
>
> I plan to close this vote in 24 hours. If we get one more +1, the vote
> will pass. If we don't, I will cancel the vote.
>
> Julian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
> sebb <ma...@gmail.com>
> October 14, 2014 at 4:57
> On 13 October 2014 17:11, Dennis E. Hamilton<de...@acm.org> wrote:
>> I suggest that the release manager and anyone else in the KEYS file should
>> have added key fingerprints to their Apache profiles at<https://id.apache.org/>.
>>
>> This will have their PGP keys refreshed regularly under their Apache ID at
>> <https://people.apache.org/keys/committer/>.
>>
>> With regard to an identifiable association of the key, presence in this
>> manner connects the PGP key to The Apache ID by demonstration of control
>> over the committer's Apache profile.
>
> Similar traceability applies if the user adds their key to the KEYS
> file in SVN at
>
> https://dist.apache.org/repos/dist/release/<TLP>/[path/]KEYS
>
> [This file is required for providing the keys to downloaders]
>
> But no harm in adding the key to LDAP as well.
>
>> One can go farther by adding the user-id@apache.org to an User-ID on the key.
>> Verifying that one has control over that e-mail address (and all User-IDs)
>> Is done by registering the public key at the PGP Global Directory service at
>> <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the
>> ceremony specified there. After the ceremony is completed, you can retrieve
>> your counter-signed PGP key from that service and synchronize it to a public
>> PGP key server. The ASF will pick it up on a future refresh.
>>
>> Use of the key from the Apache ID list has certain valuable properties. It is
>> not fixed, as in the key files in the project and in distributions. That means
>> any additional (web-of-trust) certifications of the keys association with a
>> committer are updated automatically. That includes any revocations.
>>
>
> The keys from the ASF ID list also have disadvantages.
> Keys are used to sign artifacts for projects, and need to remain
> available whilst the artifact remains available.
> That includes archived artifacts.
>
>> -- Dennis E. Hamilton
>> dennis.hamilton@acm.org +1-206-779-9430
>> https://keybase.io/orcmid PGP F96E 89FF D456 628A
>> X.509 certs used and requested for signed e-mail
>>
>>
>>
>> -----Original Message-----
>> From: Justin Mclean [mailto:justin@classsoftware.com]
>> Sent: Sunday, October 12, 2014 22:29
>> To: general@incubator.apache.org
>> Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
>>
>> Hi,
>>
>>> First, the signing key is present in SVN, but has not been uploaded to the
>>> standard key-servers, nor has it been signed by anyone.
>> I found it here:
>> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
>>
>> Even if the key is part of a web trust it may not be part of everyone's web of trust. I'd see that as a hard requirement to meet.
>>
>> Thanks,
>> Justin
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
> Dennis E. Hamilton <ma...@acm.org>
> October 13, 2014 at 9:11
> I suggest that the release manager and anyone else in the KEYS file
> should
> have added key fingerprints to their Apache profiles at
> <https://id.apache.org/>.
>
> This will have their PGP keys refreshed regularly under their Apache
> ID at
> <https://people.apache.org/keys/committer/>.
>
> With regard to an identifiable association of the key, presence in this
> manner connects the PGP key to The Apache ID by demonstration of control
> over the committer's Apache profile.
>
> One can go farther by adding the user-id@apache.org to an User-ID on
> the key.
> Verifying that one has control over that e-mail address (and all User-IDs)
> Is done by registering the public key at the PGP Global Directory
> service at
> <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the
> ceremony specified there. After the ceremony is completed, you can
> retrieve
> your counter-signed PGP key from that service and synchronize it to a
> public
> PGP key server. The ASF will pick it up on a future refresh.
>
> Use of the key from the Apache ID list has certain valuable
> properties. It is
> not fixed, as in the key files in the project and in distributions.
> That means
> any additional (web-of-trust) certifications of the keys association
> with a
> committer are updated automatically. That includes any revocations.
>
>
> -- Dennis E. Hamilton
> dennis.hamilton@acm.org +1-206-779-9430
> https://keybase.io/orcmid PGP F96E 89FF D456 628A
> X.509 certs used and requested for signed e-mail
>
>
>
> -----Original Message-----
> From: Justin Mclean [mailto:justin@classsoftware.com]
> Sent: Sunday, October 12, 2014 22:29
> To: general@incubator.apache.org
> Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
>
> Hi,
>
>
> I found it here:
> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
>
> Even if the key is part of a web trust it may not be part of
> everyone's web of trust. I'd see that as a hard requirement to meet.
>
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
> Justin Mclean <ma...@classsoftware.com>
> October 12, 2014 at 22:28
> Hi,
>
>
> I found it here:
> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
>
> Even if the key is part of a web trust it may not be part of
> everyone's web of trust. I'd see that as a hard requirement to meet.
>
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
> Ted Dunning <ma...@gmail.com>
> October 12, 2014 at 19:39
> I just looked a bit a this release and I have a few questions. I am
> uncertain about how these issues should lead to a vote, but would tend
> toward saying that this is OK for a first incubator release on condition
> that these issues should be rectified in subsequent releases.
>
> I would appreciate guidance from Marvin or other folk experienced in these
> matters about this.
>
> First, the signing key is present in SVN, but has not been uploaded to the
> standard key-servers, nor has it been signed by anyone. I don't think that
> this has been made a failing criterion for releases yet, but it does
> appear
> that Apache is moving towards requiring a web of trust around public keys
> used for signing. It would be good to rectify this by uploading a signed
> key.
>
> Then, there is a DEPENDENCIES file which contains licensing
> information for
> dependencies that are not included in the distribution. That DEPENDENCIES
> file contains information on many of the dependencies, but not all. I
> think that this file be deleted or made whole.
>
> Also, I ran [mvn rat:check] and noted that it failed. The reason for the
> failure is relatively benign in that the objections are for files such as
> git.properties, some mark-down files and a file containing the textual
> name
> of a class which do not have a recognizable license. Adding the following
> to the top-level pom will suppress these messages and allow rat to
> complete
> successfully:
>
> <plugin>
> <groupId>org.apache.rat</groupId>
> <artifactId>apache-rat-plugin</artifactId>
> <executions>
> <execution>
> <id>rat-checks</id>
> <phase>validate</phase>
> <goals>
> <goal>check</goal>
> </goals>
> </execution>
> </executions>
> <configuration>
> <excludeSubProjects>false</excludeSubProjects>
> <excludes>
> <exclude>**/*.md</exclude>
> <exclude>**/*.json</exclude>
> <exclude>**/*.parquet</exclude>
> <exclude>**/META-INF/services/java.sql.Driver</exclude>
> <exclude>**/git.properties</exclude>
> <exclude>**/target/rat.txt</exclude>
> </excludes>
> </configuration>
> </plugin>
>
> On a more positive note, I reviewed the NOTICE and LICENSE and they are in
> order for a pure apache source release that embeds no externally licensed
> code. These would have to be different in a binary release, of course, if
> convenience jars are included, but there is no binary release at this time
> so that is not yet an issue.
>
>
>
>
>
--
Sent with Postbox <http://www.getpostbox.com>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Julian Hyde <jh...@apache.org>.
This vote has been open 8 days, and has two +1 votes. There has been a
lot of discussion, but I don't think any issues have been discovered
which would stop the release. We seem have reached impasse.
I plan to close this vote in 24 hours. If we get one more +1, the vote
will pass. If we don't, I will cancel the vote.
Julian
On Tue, Oct 14, 2014 at 7:57 AM, sebb <se...@gmail.com> wrote:
> On 13 October 2014 17:11, Dennis E. Hamilton <de...@acm.org> wrote:
>> I suggest that the release manager and anyone else in the KEYS file should
>> have added key fingerprints to their Apache profiles at <https://id.apache.org/>.
>>
>> This will have their PGP keys refreshed regularly under their Apache ID at
>> <https://people.apache.org/keys/committer/>.
>>
>> With regard to an identifiable association of the key, presence in this
>> manner connects the PGP key to The Apache ID by demonstration of control
>> over the committer's Apache profile.
>
> Similar traceability applies if the user adds their key to the KEYS
> file in SVN at
>
> https://dist.apache.org/repos/dist/release/<TLP>/[path/]KEYS
>
> [This file is required for providing the keys to downloaders]
>
> But no harm in adding the key to LDAP as well.
>
>> One can go farther by adding the user-id@apache.org to an User-ID on the key.
>> Verifying that one has control over that e-mail address (and all User-IDs)
>> Is done by registering the public key at the PGP Global Directory service at
>> <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the
>> ceremony specified there. After the ceremony is completed, you can retrieve
>> your counter-signed PGP key from that service and synchronize it to a public
>> PGP key server. The ASF will pick it up on a future refresh.
>>
>> Use of the key from the Apache ID list has certain valuable properties. It is
>> not fixed, as in the key files in the project and in distributions. That means
>> any additional (web-of-trust) certifications of the keys association with a
>> committer are updated automatically. That includes any revocations.
>>
>
> The keys from the ASF ID list also have disadvantages.
> Keys are used to sign artifacts for projects, and need to remain
> available whilst the artifact remains available.
> That includes archived artifacts.
>
>>
>> -- Dennis E. Hamilton
>> dennis.hamilton@acm.org +1-206-779-9430
>> https://keybase.io/orcmid PGP F96E 89FF D456 628A
>> X.509 certs used and requested for signed e-mail
>>
>>
>>
>> -----Original Message-----
>> From: Justin Mclean [mailto:justin@classsoftware.com]
>> Sent: Sunday, October 12, 2014 22:29
>> To: general@incubator.apache.org
>> Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
>>
>> Hi,
>>
>>> First, the signing key is present in SVN, but has not been uploaded to the
>>> standard key-servers, nor has it been signed by anyone.
>>
>> I found it here:
>> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
>>
>> Even if the key is part of a web trust it may not be part of everyone's web of trust. I'd see that as a hard requirement to meet.
>>
>> Thanks,
>> Justin
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by sebb <se...@gmail.com>.
On 13 October 2014 17:11, Dennis E. Hamilton <de...@acm.org> wrote:
> I suggest that the release manager and anyone else in the KEYS file should
> have added key fingerprints to their Apache profiles at <https://id.apache.org/>.
>
> This will have their PGP keys refreshed regularly under their Apache ID at
> <https://people.apache.org/keys/committer/>.
>
> With regard to an identifiable association of the key, presence in this
> manner connects the PGP key to The Apache ID by demonstration of control
> over the committer's Apache profile.
Similar traceability applies if the user adds their key to the KEYS
file in SVN at
https://dist.apache.org/repos/dist/release/<TLP>/[path/]KEYS
[This file is required for providing the keys to downloaders]
But no harm in adding the key to LDAP as well.
> One can go farther by adding the user-id@apache.org to an User-ID on the key.
> Verifying that one has control over that e-mail address (and all User-IDs)
> Is done by registering the public key at the PGP Global Directory service at
> <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the
> ceremony specified there. After the ceremony is completed, you can retrieve
> your counter-signed PGP key from that service and synchronize it to a public
> PGP key server. The ASF will pick it up on a future refresh.
>
> Use of the key from the Apache ID list has certain valuable properties. It is
> not fixed, as in the key files in the project and in distributions. That means
> any additional (web-of-trust) certifications of the keys association with a
> committer are updated automatically. That includes any revocations.
>
The keys from the ASF ID list also have disadvantages.
Keys are used to sign artifacts for projects, and need to remain
available whilst the artifact remains available.
That includes archived artifacts.
>
> -- Dennis E. Hamilton
> dennis.hamilton@acm.org +1-206-779-9430
> https://keybase.io/orcmid PGP F96E 89FF D456 628A
> X.509 certs used and requested for signed e-mail
>
>
>
> -----Original Message-----
> From: Justin Mclean [mailto:justin@classsoftware.com]
> Sent: Sunday, October 12, 2014 22:29
> To: general@incubator.apache.org
> Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
>
> Hi,
>
>> First, the signing key is present in SVN, but has not been uploaded to the
>> standard key-servers, nor has it been signed by anyone.
>
> I found it here:
> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
>
> Even if the key is part of a web trust it may not be part of everyone's web of trust. I'd see that as a hard requirement to meet.
>
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
RE: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by "Dennis E. Hamilton" <de...@acm.org>.
I suggest that the release manager and anyone else in the KEYS file should
have added key fingerprints to their Apache profiles at <https://id.apache.org/>.
This will have their PGP keys refreshed regularly under their Apache ID at
<https://people.apache.org/keys/committer/>.
With regard to an identifiable association of the key, presence in this
manner connects the PGP key to The Apache ID by demonstration of control
over the committer's Apache profile.
One can go farther by adding the user-id@apache.org to an User-ID on the key.
Verifying that one has control over that e-mail address (and all User-IDs)
Is done by registering the public key at the PGP Global Directory service at
<https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the
ceremony specified there. After the ceremony is completed, you can retrieve
your counter-signed PGP key from that service and synchronize it to a public
PGP key server. The ASF will pick it up on a future refresh.
Use of the key from the Apache ID list has certain valuable properties. It is
not fixed, as in the key files in the project and in distributions. That means
any additional (web-of-trust) certifications of the keys association with a
committer are updated automatically. That includes any revocations.
-- Dennis E. Hamilton
dennis.hamilton@acm.org +1-206-779-9430
https://keybase.io/orcmid PGP F96E 89FF D456 628A
X.509 certs used and requested for signed e-mail
-----Original Message-----
From: Justin Mclean [mailto:justin@classsoftware.com]
Sent: Sunday, October 12, 2014 22:29
To: general@incubator.apache.org
Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Hi,
> First, the signing key is present in SVN, but has not been uploaded to the
> standard key-servers, nor has it been signed by anyone.
I found it here:
https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
Even if the key is part of a web trust it may not be part of everyone's web of trust. I'd see that as a hard requirement to meet.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> First, the signing key is present in SVN, but has not been uploaded to the
> standard key-servers, nor has it been signed by anyone.
I found it here:
https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index
Even if the key is part of a web trust it may not be part of everyone's web of trust. I'd see that as a hard requirement to meet.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Julian Hyde <ju...@gmail.com>.
Regarding Apache RAT. I think we have that covered already. RAT is run if you specify the apache-release maven profile, and therefore is run automatically when we make a release. You can run it standalone using
mvn -Papache-release verify
As Ted notes, a few exclusions are needed. The top-level pom.xml contains those exclusions, and RAT passes.
Julian
On Oct 12, 2014, at 10:39 PM, Ted Dunning <te...@gmail.com> wrote:
> I just looked a bit a this release and I have a few questions. I am
> uncertain about how these issues should lead to a vote, but would tend
> toward saying that this is OK for a first incubator release on condition
> that these issues should be rectified in subsequent releases.
>
> I would appreciate guidance from Marvin or other folk experienced in these
> matters about this.
>
> First, the signing key is present in SVN, but has not been uploaded to the
> standard key-servers, nor has it been signed by anyone. I don't think that
> this has been made a failing criterion for releases yet, but it does appear
> that Apache is moving towards requiring a web of trust around public keys
> used for signing. It would be good to rectify this by uploading a signed
> key.
>
> Then, there is a DEPENDENCIES file which contains licensing information for
> dependencies that are not included in the distribution. That DEPENDENCIES
> file contains information on many of the dependencies, but not all. I
> think that this file be deleted or made whole.
>
> Also, I ran [mvn rat:check] and noted that it failed. The reason for the
> failure is relatively benign in that the objections are for files such as
> git.properties, some mark-down files and a file containing the textual name
> of a class which do not have a recognizable license. Adding the following
> to the top-level pom will suppress these messages and allow rat to complete
> successfully:
>
> <plugin>
> <groupId>org.apache.rat</groupId>
> <artifactId>apache-rat-plugin</artifactId>
> <executions>
> <execution>
> <id>rat-checks</id>
> <phase>validate</phase>
> <goals>
> <goal>check</goal>
> </goals>
> </execution>
> </executions>
> <configuration>
> <excludeSubProjects>false</excludeSubProjects>
> <excludes>
> <exclude>**/*.md</exclude>
> <exclude>**/*.json</exclude>
> <exclude>**/*.parquet</exclude>
> <exclude>**/META-INF/services/java.sql.Driver</exclude>
> <exclude>**/git.properties</exclude>
> <exclude>**/target/rat.txt</exclude>
> </excludes>
> </configuration>
> </plugin>
>
> On a more positive note, I reviewed the NOTICE and LICENSE and they are in
> order for a pure apache source release that embeds no externally licensed
> code. These would have to be different in a binary release, of course, if
> convenience jars are included, but there is no binary release at this time
> so that is not yet an issue.
>
>
>
>
> On Sat, Oct 11, 2014 at 7:17 PM, Julian Hyde <ju...@gmail.com> wrote:
>
>> On Oct 11, 2014, at 2:01 PM, Justin Mclean <ju...@classsoftware.com>
>> wrote:
>>
>>> Hi,
>>>
>>> +0 (binding) Will change to +1 once PPMC vote is clarified.
>>>
>>> I checked:
>>> - vote may need another +1 (see below)
>>> - hashes and signatures correct
>>> - artefacts have incubating in name
>>> - DISCLAIMER exists
>>> - LICENSE and NOTICE correct
>>> - all source files have Apache headers
>>> - no binary files in source package
>>> - can compile from source
>>> - tests pass
>>>
>>> Looking at the vote thread there is:
>>> +2 binding
>>> +3 unknown
>>> +3 non binding
>>>
>>> So I'm not 100% sure if the release has the 3 required +1 votes from the
>> PPMC. Can you confirm that this is the case. For next release could you
>> summarise the vote result via a [VOTE][RESULT] email.
>>
>> Here is a link to the [VOTE] [RESULT] email. I sent the email very soon
>> after the close of the PPMC vote but I did not include a link in the IPMC
>> vote because after 2 hours it had still not appeared on
>> mail-archives.apache.org and I ran out of patience.
>>
>>
>> http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeLhG5Wbc%2BxGjaZouM39_OLEUJF3Jz%3D4fq_bEG0DcsLpuQ%40mail.gmail.com%3E
>>
>>> Also any reason why the project seem to be hosted outside of Apache? [1]
>>
>> Is that link in the release, or did you find it via google? I don't think
>> we still link to that site from the source code. Correct me if I'm wrong. I
>> haven't taken the old site down because the new site still doesn't have
>> necessary stuff like javadoc.
>>
>>> The team page list no members. [2]
>>
>> We're not trying to keep the old site up to date. The effort to create a
>> new site https://issues.apache.org/jira/browse/OPTIQ-355 is blocked
>> because we want to transition from CMS to svnpubsub when we rename the site
>> from optiq.incubator.apache.org to calcite.incubator.apache.org
>> https://issues.apache.org/jira/browse/INFRA-8418.
>>
>> Julian
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Ted Dunning <te...@gmail.com>.
I just looked a bit a this release and I have a few questions. I am
uncertain about how these issues should lead to a vote, but would tend
toward saying that this is OK for a first incubator release on condition
that these issues should be rectified in subsequent releases.
I would appreciate guidance from Marvin or other folk experienced in these
matters about this.
First, the signing key is present in SVN, but has not been uploaded to the
standard key-servers, nor has it been signed by anyone. I don't think that
this has been made a failing criterion for releases yet, but it does appear
that Apache is moving towards requiring a web of trust around public keys
used for signing. It would be good to rectify this by uploading a signed
key.
Then, there is a DEPENDENCIES file which contains licensing information for
dependencies that are not included in the distribution. That DEPENDENCIES
file contains information on many of the dependencies, but not all. I
think that this file be deleted or made whole.
Also, I ran [mvn rat:check] and noted that it failed. The reason for the
failure is relatively benign in that the objections are for files such as
git.properties, some mark-down files and a file containing the textual name
of a class which do not have a recognizable license. Adding the following
to the top-level pom will suppress these messages and allow rat to complete
successfully:
<plugin>
<groupId>org.apache.rat</groupId>
<artifactId>apache-rat-plugin</artifactId>
<executions>
<execution>
<id>rat-checks</id>
<phase>validate</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<excludeSubProjects>false</excludeSubProjects>
<excludes>
<exclude>**/*.md</exclude>
<exclude>**/*.json</exclude>
<exclude>**/*.parquet</exclude>
<exclude>**/META-INF/services/java.sql.Driver</exclude>
<exclude>**/git.properties</exclude>
<exclude>**/target/rat.txt</exclude>
</excludes>
</configuration>
</plugin>
On a more positive note, I reviewed the NOTICE and LICENSE and they are in
order for a pure apache source release that embeds no externally licensed
code. These would have to be different in a binary release, of course, if
convenience jars are included, but there is no binary release at this time
so that is not yet an issue.
On Sat, Oct 11, 2014 at 7:17 PM, Julian Hyde <ju...@gmail.com> wrote:
> On Oct 11, 2014, at 2:01 PM, Justin Mclean <ju...@classsoftware.com>
> wrote:
>
> > Hi,
> >
> > +0 (binding) Will change to +1 once PPMC vote is clarified.
> >
> > I checked:
> > - vote may need another +1 (see below)
> > - hashes and signatures correct
> > - artefacts have incubating in name
> > - DISCLAIMER exists
> > - LICENSE and NOTICE correct
> > - all source files have Apache headers
> > - no binary files in source package
> > - can compile from source
> > - tests pass
> >
> > Looking at the vote thread there is:
> > +2 binding
> > +3 unknown
> > +3 non binding
> >
> > So I'm not 100% sure if the release has the 3 required +1 votes from the
> PPMC. Can you confirm that this is the case. For next release could you
> summarise the vote result via a [VOTE][RESULT] email.
>
> Here is a link to the [VOTE] [RESULT] email. I sent the email very soon
> after the close of the PPMC vote but I did not include a link in the IPMC
> vote because after 2 hours it had still not appeared on
> mail-archives.apache.org and I ran out of patience.
>
>
> http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeLhG5Wbc%2BxGjaZouM39_OLEUJF3Jz%3D4fq_bEG0DcsLpuQ%40mail.gmail.com%3E
>
> > Also any reason why the project seem to be hosted outside of Apache? [1]
>
> Is that link in the release, or did you find it via google? I don't think
> we still link to that site from the source code. Correct me if I'm wrong. I
> haven't taken the old site down because the new site still doesn't have
> necessary stuff like javadoc.
>
> > The team page list no members. [2]
>
> We're not trying to keep the old site up to date. The effort to create a
> new site https://issues.apache.org/jira/browse/OPTIQ-355 is blocked
> because we want to transition from CMS to svnpubsub when we rename the site
> from optiq.incubator.apache.org to calcite.incubator.apache.org
> https://issues.apache.org/jira/browse/INFRA-8418.
>
> Julian
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Justin Mclean <ju...@classsoftware.com>.
HI,
Changing my vote to +1 binding.
> Here is a link to the [VOTE] [RESULT] email.
Thanks for that exactly what I needed.
> Is that link in the release, or did you find it via google?
It has copyright Apache on the page so I assume it was the right one, the other at the apache URL needs a bit of work, but I assume that will be sorted out in time before graduation.
Thanks,
Justin
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Julian Hyde <ju...@gmail.com>.
On Oct 11, 2014, at 2:01 PM, Justin Mclean <ju...@classsoftware.com> wrote:
> Hi,
>
> +0 (binding) Will change to +1 once PPMC vote is clarified.
>
> I checked:
> - vote may need another +1 (see below)
> - hashes and signatures correct
> - artefacts have incubating in name
> - DISCLAIMER exists
> - LICENSE and NOTICE correct
> - all source files have Apache headers
> - no binary files in source package
> - can compile from source
> - tests pass
>
> Looking at the vote thread there is:
> +2 binding
> +3 unknown
> +3 non binding
>
> So I'm not 100% sure if the release has the 3 required +1 votes from the PPMC. Can you confirm that this is the case. For next release could you summarise the vote result via a [VOTE][RESULT] email.
Here is a link to the [VOTE] [RESULT] email. I sent the email very soon after the close of the PPMC vote but I did not include a link in the IPMC vote because after 2 hours it had still not appeared on mail-archives.apache.org and I ran out of patience.
http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeLhG5Wbc%2BxGjaZouM39_OLEUJF3Jz%3D4fq_bEG0DcsLpuQ%40mail.gmail.com%3E
> Also any reason why the project seem to be hosted outside of Apache? [1]
Is that link in the release, or did you find it via google? I don't think we still link to that site from the source code. Correct me if I'm wrong. I haven't taken the old site down because the new site still doesn't have necessary stuff like javadoc.
> The team page list no members. [2]
We're not trying to keep the old site up to date. The effort to create a new site https://issues.apache.org/jira/browse/OPTIQ-355 is blocked because we want to transition from CMS to svnpubsub when we rename the site from optiq.incubator.apache.org to calcite.incubator.apache.org https://issues.apache.org/jira/browse/INFRA-8418.
Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
+0 (binding) Will change to +1 once PPMC vote is clarified.
I checked:
- vote may need another +1 (see below)
- hashes and signatures correct
- artefacts have incubating in name
- DISCLAIMER exists
- LICENSE and NOTICE correct
- all source files have Apache headers
- no binary files in source package
- can compile from source
- tests pass
Looking at the vote thread there is:
+2 binding
+3 unknown
+3 non binding
So I'm not 100% sure if the release has the 3 required +1 votes from the PPMC. Can you confirm that this is the case. For next release could you summarise the vote result via a [VOTE][RESULT] email.
Also any reason why the project seem to be hosted outside of Apache? [1] The team page list no members. [2]
As noted in discussion, release needs to be put in correct location.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by sebb <se...@gmail.com>.
On 10 October 2014 18:59, Julian Hyde <jh...@apache.org> wrote:
> OK, let me clarify as sebb has asked so that the vote can proceed.
Thanks very much, the new text is very good.
> The git commit to be voted upon:
> http://git-wip-us.apache.org/repos/asf/incubator-optiq/commit/6801257324d7515f91c61877a0edd0863c0433f5
>
> Its hash is 6801257324d7515f91c61877a0edd0863c0433f5.
>
> The artifacts to be voted on are located here:
> http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/
>
> The hashes of the artifacts are as follows:
> src.tar.gz.md5 f7c1a0fa488e061f6812bb0014561738
> src.tar.gz.sha1 bf3fc81fb911a33be9e6d9afb0e5d2b34a25fb4c
> src.zip.md5 e0326c9463075df3c6f8f9a1324f9512
> src.zip.sha1 5943eed6532b3c6edeb208a605a1f5ee6532a0c2
>
> A staged Maven repository is available for review at:
> https://repository.apache.org/content/repositories/orgapachecalcite-1000
>
> Release artifacts are signed with the following key:
> https://dist.apache.org/repos/dist/release/incubator/optiq/KEYS
>
> (Note that the directory still bears the old project name, pending
> https://issues.apache.org/jira/browse/INFRA-8418.)
>
> Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Julian Hyde <jh...@apache.org>.
OK, let me clarify as sebb has asked so that the vote can proceed.
The git commit to be voted upon:
http://git-wip-us.apache.org/repos/asf/incubator-optiq/commit/6801257324d7515f91c61877a0edd0863c0433f5
Its hash is 6801257324d7515f91c61877a0edd0863c0433f5.
The artifacts to be voted on are located here:
http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/
The hashes of the artifacts are as follows:
src.tar.gz.md5 f7c1a0fa488e061f6812bb0014561738
src.tar.gz.sha1 bf3fc81fb911a33be9e6d9afb0e5d2b34a25fb4c
src.zip.md5 e0326c9463075df3c6f8f9a1324f9512
src.zip.sha1 5943eed6532b3c6edeb208a605a1f5ee6532a0c2
A staged Maven repository is available for review at:
https://repository.apache.org/content/repositories/orgapachecalcite-1000
Release artifacts are signed with the following key:
https://dist.apache.org/repos/dist/release/incubator/optiq/KEYS
(Note that the directory still bears the old project name, pending
https://issues.apache.org/jira/browse/INFRA-8418.)
Julian
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by sebb <se...@gmail.com>.
On 10 October 2014 00:54, Julian Hyde <ju...@gmail.com> wrote:
>
> On Oct 9, 2014, at 4:41 PM, sebb <se...@gmail.com> wrote:
>
>> On 9 October 2014 21:14, Julian Hyde <ju...@gmail.com> wrote:
>>> That information is all in the vote proposal: http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeL%2Bgcf1yamWqRicpUJxU2tkyqGEzojd9nNXKmdEE3QwQQ%40mail.gmail.com%3E
>>>
>>> I’ll repeat it here:
>>>
>>> The commit to be voted upon:
>>> http://git-wip-us.apache.org/repos/asf/incubator-optiq/commit/6801257324d7515f91c61877a0edd0863c0433f5
>>>
>>> The artifacts to be voted on are located here:
>>> http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/
>>
>> What about the hashes please?
>
> I don’t understand. http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/ contains two tar balls (.tar.gz and .zip) and each has a corresponding .asc, .md5, .sha1 file. What other hashes are needed?
Those hashes need to be quoted in the vote e-mail.
Otherwise it is not possible to prove that the vote was was performed
on the same artifacts as the ones that are published.
The URL (and files) are transient and mutable.
But if the SHA1 of the tarballs are shown in the vote e-mail, then
this should be sufficient to show that the vote took place on the same
artifacts that were eventually published.
> If you mean the git commit hash, that is simply the commit id: 6801257324d7515f91c61877a0edd0863c0433f5.
>
>>
>>> A staged Maven repository is available for review at:
>>> https://repository.apache.org/content/repositories/orgapachecalcite-1000
>>>
>>> Release artifacts are signed with the following key:
>>> https://people.apache.org/keys/committer/jhyde.asc
>>
>> Ideally please show the URL that will be included on the download page, e.g.
>>
>> http://www.apache.org/dist/incubator/amber/KEYS
>>
>> There was no calcite directory, so I created it.
>>
>> It should be sufficient to add the KEYS file to
>>
>> https://dist.apache.org/repos/dist/release/incubator/calcite/
>>
>> By the magic of svnpubsub it will then appear at
>>
>> http://www.apache.org/dist/incubator/calcite/
>>
>> Note: I also created
>> https://dist.apache.org/repos/dist/dev/incubator/calcite
>> which can be used for future release candidates.
>
> Yes, I would have populated those locations but I am still waiting on https://issues.apache.org/jira/browse/INFRA-8418.
I see. Oops. I have removed the empty release directory as it may
interfere with the Infra issue.
I will leave the dev directory as there was no optiq one
> Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Julian Hyde <ju...@gmail.com>.
On Oct 9, 2014, at 4:41 PM, sebb <se...@gmail.com> wrote:
> On 9 October 2014 21:14, Julian Hyde <ju...@gmail.com> wrote:
>> That information is all in the vote proposal: http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeL%2Bgcf1yamWqRicpUJxU2tkyqGEzojd9nNXKmdEE3QwQQ%40mail.gmail.com%3E
>>
>> I’ll repeat it here:
>>
>> The commit to be voted upon:
>> http://git-wip-us.apache.org/repos/asf/incubator-optiq/commit/6801257324d7515f91c61877a0edd0863c0433f5
>>
>> The artifacts to be voted on are located here:
>> http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/
>
> What about the hashes please?
I don’t understand. http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/ contains two tar balls (.tar.gz and .zip) and each has a corresponding .asc, .md5, .sha1 file. What other hashes are needed?
If you mean the git commit hash, that is simply the commit id: 6801257324d7515f91c61877a0edd0863c0433f5.
>
>> A staged Maven repository is available for review at:
>> https://repository.apache.org/content/repositories/orgapachecalcite-1000
>>
>> Release artifacts are signed with the following key:
>> https://people.apache.org/keys/committer/jhyde.asc
>
> Ideally please show the URL that will be included on the download page, e.g.
>
> http://www.apache.org/dist/incubator/amber/KEYS
>
> There was no calcite directory, so I created it.
>
> It should be sufficient to add the KEYS file to
>
> https://dist.apache.org/repos/dist/release/incubator/calcite/
>
> By the magic of svnpubsub it will then appear at
>
> http://www.apache.org/dist/incubator/calcite/
>
> Note: I also created
> https://dist.apache.org/repos/dist/dev/incubator/calcite
> which can be used for future release candidates.
Yes, I would have populated those locations but I am still waiting on https://issues.apache.org/jira/browse/INFRA-8418.
Julian
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by sebb <se...@gmail.com>.
On 9 October 2014 21:14, Julian Hyde <ju...@gmail.com> wrote:
> That information is all in the vote proposal: http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeL%2Bgcf1yamWqRicpUJxU2tkyqGEzojd9nNXKmdEE3QwQQ%40mail.gmail.com%3E
>
> I’ll repeat it here:
>
> The commit to be voted upon:
> http://git-wip-us.apache.org/repos/asf/incubator-optiq/commit/6801257324d7515f91c61877a0edd0863c0433f5
>
> The artifacts to be voted on are located here:
> http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/
What about the hashes please?
> A staged Maven repository is available for review at:
> https://repository.apache.org/content/repositories/orgapachecalcite-1000
>
> Release artifacts are signed with the following key:
> https://people.apache.org/keys/committer/jhyde.asc
Ideally please show the URL that will be included on the download page, e.g.
http://www.apache.org/dist/incubator/amber/KEYS
There was no calcite directory, so I created it.
It should be sufficient to add the KEYS file to
https://dist.apache.org/repos/dist/release/incubator/calcite/
By the magic of svnpubsub it will then appear at
http://www.apache.org/dist/incubator/calcite/
Note: I also created
https://dist.apache.org/repos/dist/dev/incubator/calcite
which can be used for future release candidates.
> Julian
>
>
>
> On Oct 9, 2014, at 1:00 PM, sebb <se...@gmail.com> wrote:
>
>> On 9 October 2014 20:51, Julian Hyde <jh...@apache.org> wrote:
>>> Hi all,
>>>
>>> The Calcite community has voted on and approved a proposal to release
>>> Apache Calcite 0.9.1 (incubating).
>>>
>>> This will be the second release since the project entered incubation in
>>> May 2014 as Optiq, and the first under the new project name, Calcite.
>>>
>>> Pursuant to the Releases section of the Incubation Policy and with
>>> the endorsement of 2 of our mentors we would now like to request
>>> the permission of the Incubator PMC to publish the release. The vote
>>> is open for 72 hours, or until the necessary number of votes (3 +1)
>>> is reached.
>>>
>>> [ ] +1 Release this package as Apache Calcite 0.9.1 incubating
>>> [ ] -1 Do not release this package because ...
>>>
>>> Apache Calcite PPMC
>>>
>>>
>>> Proposal:
>>> http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeL%2Bgcf1yamWqRicpUJxU2tkyqGEzojd9nNXKmdEE3QwQQ%40mail.gmail.com%3E
>>>
>>> Vote result:
>>> 5 binding +1 votes
>>> 3 non-binding +1 votes
>>> No -1 votes
>>>
>>> Artifacts:
>>> http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/
>>
>> Where is the KEYS file?
>> What is the SVN/GIT tag (with revision/hash)?
>>
>> Both of these are needed to check the release.
>> Also, the hashes of the release artifacts should be included in the
>> vote mail so that the released artifacts can be traced back to the
>> vote if necessary.
>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>>> For additional commands, e-mail: general-help@incubator.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by Julian Hyde <ju...@gmail.com>.
That information is all in the vote proposal: http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeL%2Bgcf1yamWqRicpUJxU2tkyqGEzojd9nNXKmdEE3QwQQ%40mail.gmail.com%3E
I’ll repeat it here:
The commit to be voted upon:
http://git-wip-us.apache.org/repos/asf/incubator-optiq/commit/6801257324d7515f91c61877a0edd0863c0433f5
The artifacts to be voted on are located here:
http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/
A staged Maven repository is available for review at:
https://repository.apache.org/content/repositories/orgapachecalcite-1000
Release artifacts are signed with the following key:
https://people.apache.org/keys/committer/jhyde.asc
Julian
On Oct 9, 2014, at 1:00 PM, sebb <se...@gmail.com> wrote:
> On 9 October 2014 20:51, Julian Hyde <jh...@apache.org> wrote:
>> Hi all,
>>
>> The Calcite community has voted on and approved a proposal to release
>> Apache Calcite 0.9.1 (incubating).
>>
>> This will be the second release since the project entered incubation in
>> May 2014 as Optiq, and the first under the new project name, Calcite.
>>
>> Pursuant to the Releases section of the Incubation Policy and with
>> the endorsement of 2 of our mentors we would now like to request
>> the permission of the Incubator PMC to publish the release. The vote
>> is open for 72 hours, or until the necessary number of votes (3 +1)
>> is reached.
>>
>> [ ] +1 Release this package as Apache Calcite 0.9.1 incubating
>> [ ] -1 Do not release this package because ...
>>
>> Apache Calcite PPMC
>>
>>
>> Proposal:
>> http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeL%2Bgcf1yamWqRicpUJxU2tkyqGEzojd9nNXKmdEE3QwQQ%40mail.gmail.com%3E
>>
>> Vote result:
>> 5 binding +1 votes
>> 3 non-binding +1 votes
>> No -1 votes
>>
>> Artifacts:
>> http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/
>
> Where is the KEYS file?
> What is the SVN/GIT tag (with revision/hash)?
>
> Both of these are needed to check the release.
> Also, the hashes of the release artifacts should be included in the
> vote mail so that the released artifacts can be traced back to the
> vote if necessary.
>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Calcite 0.9.1 (incubating)
Posted by sebb <se...@gmail.com>.
On 9 October 2014 20:51, Julian Hyde <jh...@apache.org> wrote:
> Hi all,
>
> The Calcite community has voted on and approved a proposal to release
> Apache Calcite 0.9.1 (incubating).
>
> This will be the second release since the project entered incubation in
> May 2014 as Optiq, and the first under the new project name, Calcite.
>
> Pursuant to the Releases section of the Incubation Policy and with
> the endorsement of 2 of our mentors we would now like to request
> the permission of the Incubator PMC to publish the release. The vote
> is open for 72 hours, or until the necessary number of votes (3 +1)
> is reached.
>
> [ ] +1 Release this package as Apache Calcite 0.9.1 incubating
> [ ] -1 Do not release this package because ...
>
> Apache Calcite PPMC
>
>
> Proposal:
> http://mail-archives.apache.org/mod_mbox/incubator-optiq-dev/201410.mbox/%3CCAMCtmeL%2Bgcf1yamWqRicpUJxU2tkyqGEzojd9nNXKmdEE3QwQQ%40mail.gmail.com%3E
>
> Vote result:
> 5 binding +1 votes
> 3 non-binding +1 votes
> No -1 votes
>
> Artifacts:
> http://people.apache.org/~jhyde/apache-calcite-0.9.1-incubating-rc1/
Where is the KEYS file?
What is the SVN/GIT tag (with revision/hash)?
Both of these are needed to check the release.
Also, the hashes of the release artifacts should be included in the
vote mail so that the released artifacts can be traced back to the
vote if necessary.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org