You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sedona.apache.org by Jia Yu <ji...@apache.org> on 2021/01/07 10:16:11 UTC
[VOTE] Release Apache Sedona (incubating) 1.0.0
Hi All,
After a fruitful discussion about our first Apache Sedona release
1.0.0-incubator, the release has been created. This is a call for vote to
release Apache Sedona (incubating) 1.0.0.
Note that: the current sha1 and checksum verification of Sedona will
require us to manually download artifact jars, sha1, asc from
repository.apache.org 12 times each. It is very annoying. Please let me
know if you have any suggestions to speed up the process.
Release note:
https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100
Build instructions:
https://sedona.staged.apache.org/download/compile/
Git tag:
https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator
Maven staging repository (search for "sedona", 12 artifacts in total):
https://repository.apache.org/#stagingRepositories
Release Commit ID:
https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6
GPG public key to verify the Release:
https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
The vote will be open for at least 72 hours or until a majority of at least
3 +1 PMC votes are cast
Please vote accordingly:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove with the reason
Checklist for reference (because of DISCLAIMER-WIP, other checklist items
are not blockers):
[ ] Download links are valid.
[ ] Checksums and PGP signatures are valid.
[ ] DISCLAIMER is included.
[ ] Source code artifacts have correct names matching the current release.
For a detailed checklist please refer to:
https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
To verify the checksum,
1. open https://repository.apache.org
2 (1) click each release jar (12 in total) to see its current SHA1 (under
Artifact tab) (2) download .jar.sha1 to see the content of the uploaded
sha1. This two should match
To verify the GPG key (12 in total),
gpg --import the-key-file
gpg --verify xxx.jar.asc xxx.jar
You should see something like "gpg: Good signature from "Jia Yu (Arizona
State University Data Systems Lab) <ji...@asu.edu>" gpg: WARNING: This
key is not certified with a trusted signature!"
Thanks,
Jia
Re: [VOTE] Release Apache Sedona (incubating) 1.0.0
Posted by Jia Yu <ji...@apache.org>.
Dear all,
Just a reminder, please cast your vote at your earliest convenience.
To make it easier for you, I just wrote a script to verify the GPG
signature and SHA1 checksum for all 12 release jars. This script has been
tested on Mac OS Catalina and Ubuntu 18.04.
All you need to do is three steps:
1. gpg --import the-key-file You can get my public key here:
https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
2. chmod 777 verify-sedona-release.sh to make the script runnable
3. Run the script
You will find three variables in the script if you open it. It will create
a "TMP" folder to store "1.0.0-incuabtor" jars from Sedona staging repo
"1006"
Please let me know if you have any questions.
Thanks,
Jia
On Thu, Jan 7, 2021 at 2:16 AM Jia Yu <ji...@apache.org> wrote:
> Hi All,
>
> After a fruitful discussion about our first Apache Sedona release
> 1.0.0-incubator, the release has been created. This is a call for vote to
> release Apache Sedona (incubating) 1.0.0.
>
> Note that: the current sha1 and checksum verification of Sedona will
> require us to manually download artifact jars, sha1, asc from
> repository.apache.org 12 times each. It is very annoying. Please let me
> know if you have any suggestions to speed up the process.
>
> Release note:
>
> https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100
>
> Build instructions:
> https://sedona.staged.apache.org/download/compile/
>
> Git tag:
>
> https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator
>
> Maven staging repository (search for "sedona", 12 artifacts in total):
> https://repository.apache.org/#stagingRepositories
>
> Release Commit ID:
>
> https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6
>
> GPG public key to verify the Release:
>
> https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
>
> The vote will be open for at least 72 hours or until a majority of at
> least 3 +1 PMC votes are cast
>
> Please vote accordingly:
>
> [ ] +1 approve
>
> [ ] +0 no opinion
>
> [ ] -1 disapprove with the reason
>
> Checklist for reference (because of DISCLAIMER-WIP, other checklist items
> are not blockers):
>
> [ ] Download links are valid.
>
> [ ] Checksums and PGP signatures are valid.
>
> [ ] DISCLAIMER is included.
>
> [ ] Source code artifacts have correct names matching the current release.
>
> For a detailed checklist please refer to:
>
> https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
>
> To verify the checksum,
> 1. open https://repository.apache.org
> 2 (1) click each release jar (12 in total) to see its current SHA1 (under
> Artifact tab) (2) download .jar.sha1 to see the content of the uploaded
> sha1. This two should match
>
> To verify the GPG key (12 in total),
> gpg --import the-key-file
> gpg --verify xxx.jar.asc xxx.jar
>
> You should see something like "gpg: Good signature from "Jia Yu (Arizona
> State University Data Systems Lab) <ji...@asu.edu>" gpg: WARNING: This
> key is not certified with a trusted signature!"
>
> Thanks,
> Jia
>
>
Re: [VOTE] Release Apache Sedona (incubating) 1.0.0
Posted by Jia Yu <ji...@apache.org>.
Hi Von and Felix,
Thank you very much for your comments. I am actually working on fixing the
issue. It will be done in one or two days. I will keep you posted.
Jia
On Tue, Jan 19, 2021 at 5:22 PM vongosling <fe...@gmail.com> wrote:
> Thanks for your clarification. I wonder how things are going, looking
> forward to the rc1 discussion.
>
> Felix Cheung <fe...@apache.org> 于2021年1月14日周四 上午9:46写道:
>
> > To clarify, what on
> >
> > Maven staging repository (search for "sedona", 12 artifacts in total):
> > https://repository.apache.org/#stagingRepositories
> >
> > Is not source distribution. It’s the Maven Java repository of artifacts
> > (binaries)
> >
> > Again the office ASF vote is on src.
> >
> >
> > On Wed, Jan 13, 2021 at 12:12 AM vongosling <fe...@gmail.com> wrote:
> >
> > > Hi,
> > >
> > > I also checked the source code, the name of the decompressed file is
> > > incubator-sedona-sedona-1.0.0-incubator... It's confusing.
> > >
> > > And I see that the size of files reaches almost 600 MB +. There are a
> lot
> > > of HDF files. I just wonder do we have a plan to optimize here :-)
> > >
> > > Here's a list of the Apache Incubation Project releases[1] memo, which
> > > could solve some of my words. Remember, this is just a reference. For
> the
> > > initial release in apache, I generally recommend that we could solve
> some
> > > of the key issues at the beginning.
> > >
> > > [1] https://issues.apache.org/jira/browse/LEGAL-469
> > >
> > > vongosling <fe...@gmail.com> 于2021年1月13日周三 下午3:43写道:
> > >
> > > >
> > > > I would like to make some more comments since the broken message as
> > Felix
> > > > said.
> > > >
> > > > 4. It is recommended that the final package name be
> > > > sedona-core_2.11-incubating instead of [2](the source code is too
> > large).
> > > > You must have at least src distribution(That's ok now, but do we only
> > > > distribute source code?). Use the sha512 signature.
> > > >
> > > > 5. I have not checked the copyright-related issues and the
> compilation
> > is
> > > > not passed. I hope that the compilation can pass in rc2. At the same
> > > time,
> > > > I also call on our committer to help verify it carefully and
> carefully.
> > > We
> > > > are more strict in the first release. If careful enough, I'm sure
> we'll
> > > be
> > > > able to publish it before rc3.
> > > >
> > > > If you have any questions, refer to the voting results of other items
> > in
> > > > the incubation list. Of course, you are welcome to discuss it in your
> > > email.
> > > >
> > > > [1] https://dist.apache.org/repos/dist/dev/incubator/
> > > > [1] https://repository.apache.org/#nexus-search;quick-sedona
> > > >
> > > > Felix Cheung <fe...@apache.org> 于2021年1月13日周三 下午1:59写道:
> > > >
> > > >> We should definitely have the source release on
> > > >> https://dist.apache.org/repos/dist/dev/incubator/
> > > >>
> > > >> We are voting for source release (and the git tag) - binaries are
> for
> > > >> convenience.
> > > >>
> > > >> Von, can you clarify the final package name inline? I think you are
> > > >> looking
> > > >> at the artifact ID not a package name?
> > > >>
> > > >>
> > > >> On Tue, Jan 12, 2021 at 6:09 PM vongosling <fe...@gmail.com>
> > wrote:
> > > >>
> > > >> > I'd love to vote +1, but after I've looked at this release, I'm
> > > sorry, I
> > > >> > have to vote -1. This is just the early stage of release, and I
> > think
> > > >> we
> > > >> > have the ability to smooth the release standardization process for
> > > >> apache.
> > > >> > Here, I'll point out some of the issues I've identified:
> > > >> >
> > > >> > 1. The recommended name of the GitHub tag is 1.0.0-rc1(rc2,
> rc3...).
> > > >> This
> > > >> > allows you to trace the number of times before a successful
> release.
> > > >> > 2. The source code tarball needs to be uploaded to the Apache dist
> > > >> > repository [1] instead of the Stage repository.
> > > >> > 3. You are advised to use the Apache email address instead of
> > > >> > jayu2@asu.edu
> > > >> > for GPG signatures.
> > > >> > 4. It is recommended that the final package name be
> > > >> > sedona-core_2.11-incubing instead of [1]. You must have at least
> src
> > > >> > distribution. Use the sha512 signature.
> > > >>
> > > >>
> > > >> Can you clarify? The link below is broken, and I’m not sure which
> you
> > > are
> > > >> referencing.
> > > >>
> > > >>
> > > >>
> > > >> >
> > > >> > 5. I have not checked the copyright-related issues and the
> > compilation
> > > >> is
> > > >> > not passed. I hope that the compilation can pass in rc2. At the
> same
> > > >> time,
> > > >> > I also call on our committer to help verify it carefully and
> > > carefully.
> > > >> We
> > > >> > are more strict in the first release. If careful enough, I'm sure
> > > we'll
> > > >> be
> > > >> > able to publish it before rc3.
> > > >> >
> > > >> > If you have any questions, refer to the voting results of other
> > items
> > > in
> > > >> > the incubation list. Of course, you are welcome to discuss it in
> > your
> > > >> > email.
> > > >> >
> > > >> > [1] https://dist.apache.org/repos/dist/dev/incubator/
> > > >> > [1] https://repository.apache.org/#nexus-search;quick-sedona
> > > >> >
> > > >> > Netanel Malka <ma...@apache.org> 于2021年1月12日周二 下午2:13写道:
> > > >> >
> > > >> > > Great Job!!
> > > >> > > +1
> > > >> > >
> > > >> > > Netanel Malka
> > > >> > >
> > > >> > > On 2021/01/07 10:16:11, Jia Yu <ji...@apache.org> wrote:
> > > >> > > > Hi All,
> > > >> > > >
> > > >> > > > After a fruitful discussion about our first Apache Sedona
> > release
> > > >> > > > 1.0.0-incubator, the release has been created. This is a call
> > for
> > > >> vote
> > > >> > to
> > > >> > > > release Apache Sedona (incubating) 1.0.0.
> > > >> > > >
> > > >> > > > Note that: the current sha1 and checksum verification of
> Sedona
> > > will
> > > >> > > > require us to manually download artifact jars, sha1, asc from
> > > >> > > > repository.apache.org 12 times each. It is very annoying.
> > Please
> > > >> let
> > > >> > me
> > > >> > > > know if you have any suggestions to speed up the process.
> > > >> > > >
> > > >> > > > Release note:
> > > >> > > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100
> > > >> > > >
> > > >> > > > Build instructions:
> > > >> > > > https://sedona.staged.apache.org/download/compile/
> > > >> > > >
> > > >> > > > Git tag:
> > > >> > > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator
> > > >> > > >
> > > >> > > > Maven staging repository (search for "sedona", 12 artifacts in
> > > >> total):
> > > >> > > > https://repository.apache.org/#stagingRepositories
> > > >> > > >
> > > >> > > > Release Commit ID:
> > > >> > > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6
> > > >> > > >
> > > >> > > > GPG public key to verify the Release:
> > > >> > > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
> > > >> > > >
> > > >> > > > The vote will be open for at least 72 hours or until a
> majority
> > of
> > > >> at
> > > >> > > least
> > > >> > > > 3 +1 PMC votes are cast
> > > >> > > >
> > > >> > > > Please vote accordingly:
> > > >> > > >
> > > >> > > > [ ] +1 approve
> > > >> > > >
> > > >> > > > [ ] +0 no opinion
> > > >> > > >
> > > >> > > > [ ] -1 disapprove with the reason
> > > >> > > >
> > > >> > > > Checklist for reference (because of DISCLAIMER-WIP, other
> > > checklist
> > > >> > items
> > > >> > > > are not blockers):
> > > >> > > >
> > > >> > > > [ ] Download links are valid.
> > > >> > > >
> > > >> > > > [ ] Checksums and PGP signatures are valid.
> > > >> > > >
> > > >> > > > [ ] DISCLAIMER is included.
> > > >> > > >
> > > >> > > > [ ] Source code artifacts have correct names matching the
> > current
> > > >> > > release.
> > > >> > > >
> > > >> > > > For a detailed checklist please refer to:
> > > >> > > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
> > > >> > > >
> > > >> > > > To verify the checksum,
> > > >> > > > 1. open https://repository.apache.org
> > > >> > > > 2 (1) click each release jar (12 in total) to see its current
> > SHA1
> > > >> > (under
> > > >> > > > Artifact tab) (2) download .jar.sha1 to see the content of the
> > > >> uploaded
> > > >> > > > sha1. This two should match
> > > >> > > >
> > > >> > > > To verify the GPG key (12 in total),
> > > >> > > > gpg --import the-key-file
> > > >> > > > gpg --verify xxx.jar.asc xxx.jar
> > > >> > > >
> > > >> > > > You should see something like "gpg: Good signature from "Jia
> Yu
> > > >> > (Arizona
> > > >> > > > State University Data Systems Lab) <ji...@asu.edu>" gpg:
> > > WARNING:
> > > >> > This
> > > >> > > > key is not certified with a trusted signature!"
> > > >> > > >
> > > >> > > > Thanks,
> > > >> > > > Jia
> > > >> > > >
> > > >> > >
> > > >> >
> > > >> >
> > > >> > --
> > > >> > Nothing is impossible
> > > >> >
> > > >>
> > > >
> > > >
> > > > --
> > > > Nothing is impossible
> > > >
> > >
> > >
> > > --
> > > Nothing is impossible
> > >
> >
>
>
> --
> Nothing is impossible
>
Re: [VOTE] Release Apache Sedona (incubating) 1.0.0
Posted by vongosling <fe...@gmail.com>.
Thanks for your clarification. I wonder how things are going, looking
forward to the rc1 discussion.
Felix Cheung <fe...@apache.org> 于2021年1月14日周四 上午9:46写道:
> To clarify, what on
>
> Maven staging repository (search for "sedona", 12 artifacts in total):
> https://repository.apache.org/#stagingRepositories
>
> Is not source distribution. It’s the Maven Java repository of artifacts
> (binaries)
>
> Again the office ASF vote is on src.
>
>
> On Wed, Jan 13, 2021 at 12:12 AM vongosling <fe...@gmail.com> wrote:
>
> > Hi,
> >
> > I also checked the source code, the name of the decompressed file is
> > incubator-sedona-sedona-1.0.0-incubator... It's confusing.
> >
> > And I see that the size of files reaches almost 600 MB +. There are a lot
> > of HDF files. I just wonder do we have a plan to optimize here :-)
> >
> > Here's a list of the Apache Incubation Project releases[1] memo, which
> > could solve some of my words. Remember, this is just a reference. For the
> > initial release in apache, I generally recommend that we could solve some
> > of the key issues at the beginning.
> >
> > [1] https://issues.apache.org/jira/browse/LEGAL-469
> >
> > vongosling <fe...@gmail.com> 于2021年1月13日周三 下午3:43写道:
> >
> > >
> > > I would like to make some more comments since the broken message as
> Felix
> > > said.
> > >
> > > 4. It is recommended that the final package name be
> > > sedona-core_2.11-incubating instead of [2](the source code is too
> large).
> > > You must have at least src distribution(That's ok now, but do we only
> > > distribute source code?). Use the sha512 signature.
> > >
> > > 5. I have not checked the copyright-related issues and the compilation
> is
> > > not passed. I hope that the compilation can pass in rc2. At the same
> > time,
> > > I also call on our committer to help verify it carefully and carefully.
> > We
> > > are more strict in the first release. If careful enough, I'm sure we'll
> > be
> > > able to publish it before rc3.
> > >
> > > If you have any questions, refer to the voting results of other items
> in
> > > the incubation list. Of course, you are welcome to discuss it in your
> > email.
> > >
> > > [1] https://dist.apache.org/repos/dist/dev/incubator/
> > > [1] https://repository.apache.org/#nexus-search;quick-sedona
> > >
> > > Felix Cheung <fe...@apache.org> 于2021年1月13日周三 下午1:59写道:
> > >
> > >> We should definitely have the source release on
> > >> https://dist.apache.org/repos/dist/dev/incubator/
> > >>
> > >> We are voting for source release (and the git tag) - binaries are for
> > >> convenience.
> > >>
> > >> Von, can you clarify the final package name inline? I think you are
> > >> looking
> > >> at the artifact ID not a package name?
> > >>
> > >>
> > >> On Tue, Jan 12, 2021 at 6:09 PM vongosling <fe...@gmail.com>
> wrote:
> > >>
> > >> > I'd love to vote +1, but after I've looked at this release, I'm
> > sorry, I
> > >> > have to vote -1. This is just the early stage of release, and I
> think
> > >> we
> > >> > have the ability to smooth the release standardization process for
> > >> apache.
> > >> > Here, I'll point out some of the issues I've identified:
> > >> >
> > >> > 1. The recommended name of the GitHub tag is 1.0.0-rc1(rc2, rc3...).
> > >> This
> > >> > allows you to trace the number of times before a successful release.
> > >> > 2. The source code tarball needs to be uploaded to the Apache dist
> > >> > repository [1] instead of the Stage repository.
> > >> > 3. You are advised to use the Apache email address instead of
> > >> > jayu2@asu.edu
> > >> > for GPG signatures.
> > >> > 4. It is recommended that the final package name be
> > >> > sedona-core_2.11-incubing instead of [1]. You must have at least src
> > >> > distribution. Use the sha512 signature.
> > >>
> > >>
> > >> Can you clarify? The link below is broken, and I’m not sure which you
> > are
> > >> referencing.
> > >>
> > >>
> > >>
> > >> >
> > >> > 5. I have not checked the copyright-related issues and the
> compilation
> > >> is
> > >> > not passed. I hope that the compilation can pass in rc2. At the same
> > >> time,
> > >> > I also call on our committer to help verify it carefully and
> > carefully.
> > >> We
> > >> > are more strict in the first release. If careful enough, I'm sure
> > we'll
> > >> be
> > >> > able to publish it before rc3.
> > >> >
> > >> > If you have any questions, refer to the voting results of other
> items
> > in
> > >> > the incubation list. Of course, you are welcome to discuss it in
> your
> > >> > email.
> > >> >
> > >> > [1] https://dist.apache.org/repos/dist/dev/incubator/
> > >> > [1] https://repository.apache.org/#nexus-search;quick-sedona
> > >> >
> > >> > Netanel Malka <ma...@apache.org> 于2021年1月12日周二 下午2:13写道:
> > >> >
> > >> > > Great Job!!
> > >> > > +1
> > >> > >
> > >> > > Netanel Malka
> > >> > >
> > >> > > On 2021/01/07 10:16:11, Jia Yu <ji...@apache.org> wrote:
> > >> > > > Hi All,
> > >> > > >
> > >> > > > After a fruitful discussion about our first Apache Sedona
> release
> > >> > > > 1.0.0-incubator, the release has been created. This is a call
> for
> > >> vote
> > >> > to
> > >> > > > release Apache Sedona (incubating) 1.0.0.
> > >> > > >
> > >> > > > Note that: the current sha1 and checksum verification of Sedona
> > will
> > >> > > > require us to manually download artifact jars, sha1, asc from
> > >> > > > repository.apache.org 12 times each. It is very annoying.
> Please
> > >> let
> > >> > me
> > >> > > > know if you have any suggestions to speed up the process.
> > >> > > >
> > >> > > > Release note:
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100
> > >> > > >
> > >> > > > Build instructions:
> > >> > > > https://sedona.staged.apache.org/download/compile/
> > >> > > >
> > >> > > > Git tag:
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator
> > >> > > >
> > >> > > > Maven staging repository (search for "sedona", 12 artifacts in
> > >> total):
> > >> > > > https://repository.apache.org/#stagingRepositories
> > >> > > >
> > >> > > > Release Commit ID:
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6
> > >> > > >
> > >> > > > GPG public key to verify the Release:
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
> > >> > > >
> > >> > > > The vote will be open for at least 72 hours or until a majority
> of
> > >> at
> > >> > > least
> > >> > > > 3 +1 PMC votes are cast
> > >> > > >
> > >> > > > Please vote accordingly:
> > >> > > >
> > >> > > > [ ] +1 approve
> > >> > > >
> > >> > > > [ ] +0 no opinion
> > >> > > >
> > >> > > > [ ] -1 disapprove with the reason
> > >> > > >
> > >> > > > Checklist for reference (because of DISCLAIMER-WIP, other
> > checklist
> > >> > items
> > >> > > > are not blockers):
> > >> > > >
> > >> > > > [ ] Download links are valid.
> > >> > > >
> > >> > > > [ ] Checksums and PGP signatures are valid.
> > >> > > >
> > >> > > > [ ] DISCLAIMER is included.
> > >> > > >
> > >> > > > [ ] Source code artifacts have correct names matching the
> current
> > >> > > release.
> > >> > > >
> > >> > > > For a detailed checklist please refer to:
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
> > >> > > >
> > >> > > > To verify the checksum,
> > >> > > > 1. open https://repository.apache.org
> > >> > > > 2 (1) click each release jar (12 in total) to see its current
> SHA1
> > >> > (under
> > >> > > > Artifact tab) (2) download .jar.sha1 to see the content of the
> > >> uploaded
> > >> > > > sha1. This two should match
> > >> > > >
> > >> > > > To verify the GPG key (12 in total),
> > >> > > > gpg --import the-key-file
> > >> > > > gpg --verify xxx.jar.asc xxx.jar
> > >> > > >
> > >> > > > You should see something like "gpg: Good signature from "Jia Yu
> > >> > (Arizona
> > >> > > > State University Data Systems Lab) <ji...@asu.edu>" gpg:
> > WARNING:
> > >> > This
> > >> > > > key is not certified with a trusted signature!"
> > >> > > >
> > >> > > > Thanks,
> > >> > > > Jia
> > >> > > >
> > >> > >
> > >> >
> > >> >
> > >> > --
> > >> > Nothing is impossible
> > >> >
> > >>
> > >
> > >
> > > --
> > > Nothing is impossible
> > >
> >
> >
> > --
> > Nothing is impossible
> >
>
--
Nothing is impossible
Re: [VOTE] Release Apache Sedona (incubating) 1.0.0
Posted by Felix Cheung <fe...@apache.org>.
To clarify, what on
Maven staging repository (search for "sedona", 12 artifacts in total):
https://repository.apache.org/#stagingRepositories
Is not source distribution. It’s the Maven Java repository of artifacts
(binaries)
Again the office ASF vote is on src.
On Wed, Jan 13, 2021 at 12:12 AM vongosling <fe...@gmail.com> wrote:
> Hi,
>
> I also checked the source code, the name of the decompressed file is
> incubator-sedona-sedona-1.0.0-incubator... It's confusing.
>
> And I see that the size of files reaches almost 600 MB +. There are a lot
> of HDF files. I just wonder do we have a plan to optimize here :-)
>
> Here's a list of the Apache Incubation Project releases[1] memo, which
> could solve some of my words. Remember, this is just a reference. For the
> initial release in apache, I generally recommend that we could solve some
> of the key issues at the beginning.
>
> [1] https://issues.apache.org/jira/browse/LEGAL-469
>
> vongosling <fe...@gmail.com> 于2021年1月13日周三 下午3:43写道:
>
> >
> > I would like to make some more comments since the broken message as Felix
> > said.
> >
> > 4. It is recommended that the final package name be
> > sedona-core_2.11-incubating instead of [2](the source code is too large).
> > You must have at least src distribution(That's ok now, but do we only
> > distribute source code?). Use the sha512 signature.
> >
> > 5. I have not checked the copyright-related issues and the compilation is
> > not passed. I hope that the compilation can pass in rc2. At the same
> time,
> > I also call on our committer to help verify it carefully and carefully.
> We
> > are more strict in the first release. If careful enough, I'm sure we'll
> be
> > able to publish it before rc3.
> >
> > If you have any questions, refer to the voting results of other items in
> > the incubation list. Of course, you are welcome to discuss it in your
> email.
> >
> > [1] https://dist.apache.org/repos/dist/dev/incubator/
> > [1] https://repository.apache.org/#nexus-search;quick-sedona
> >
> > Felix Cheung <fe...@apache.org> 于2021年1月13日周三 下午1:59写道:
> >
> >> We should definitely have the source release on
> >> https://dist.apache.org/repos/dist/dev/incubator/
> >>
> >> We are voting for source release (and the git tag) - binaries are for
> >> convenience.
> >>
> >> Von, can you clarify the final package name inline? I think you are
> >> looking
> >> at the artifact ID not a package name?
> >>
> >>
> >> On Tue, Jan 12, 2021 at 6:09 PM vongosling <fe...@gmail.com> wrote:
> >>
> >> > I'd love to vote +1, but after I've looked at this release, I'm
> sorry, I
> >> > have to vote -1. This is just the early stage of release, and I think
> >> we
> >> > have the ability to smooth the release standardization process for
> >> apache.
> >> > Here, I'll point out some of the issues I've identified:
> >> >
> >> > 1. The recommended name of the GitHub tag is 1.0.0-rc1(rc2, rc3...).
> >> This
> >> > allows you to trace the number of times before a successful release.
> >> > 2. The source code tarball needs to be uploaded to the Apache dist
> >> > repository [1] instead of the Stage repository.
> >> > 3. You are advised to use the Apache email address instead of
> >> > jayu2@asu.edu
> >> > for GPG signatures.
> >> > 4. It is recommended that the final package name be
> >> > sedona-core_2.11-incubing instead of [1]. You must have at least src
> >> > distribution. Use the sha512 signature.
> >>
> >>
> >> Can you clarify? The link below is broken, and I’m not sure which you
> are
> >> referencing.
> >>
> >>
> >>
> >> >
> >> > 5. I have not checked the copyright-related issues and the compilation
> >> is
> >> > not passed. I hope that the compilation can pass in rc2. At the same
> >> time,
> >> > I also call on our committer to help verify it carefully and
> carefully.
> >> We
> >> > are more strict in the first release. If careful enough, I'm sure
> we'll
> >> be
> >> > able to publish it before rc3.
> >> >
> >> > If you have any questions, refer to the voting results of other items
> in
> >> > the incubation list. Of course, you are welcome to discuss it in your
> >> > email.
> >> >
> >> > [1] https://dist.apache.org/repos/dist/dev/incubator/
> >> > [1] https://repository.apache.org/#nexus-search;quick-sedona
> >> >
> >> > Netanel Malka <ma...@apache.org> 于2021年1月12日周二 下午2:13写道:
> >> >
> >> > > Great Job!!
> >> > > +1
> >> > >
> >> > > Netanel Malka
> >> > >
> >> > > On 2021/01/07 10:16:11, Jia Yu <ji...@apache.org> wrote:
> >> > > > Hi All,
> >> > > >
> >> > > > After a fruitful discussion about our first Apache Sedona release
> >> > > > 1.0.0-incubator, the release has been created. This is a call for
> >> vote
> >> > to
> >> > > > release Apache Sedona (incubating) 1.0.0.
> >> > > >
> >> > > > Note that: the current sha1 and checksum verification of Sedona
> will
> >> > > > require us to manually download artifact jars, sha1, asc from
> >> > > > repository.apache.org 12 times each. It is very annoying. Please
> >> let
> >> > me
> >> > > > know if you have any suggestions to speed up the process.
> >> > > >
> >> > > > Release note:
> >> > > >
> >> > >
> >> >
> >>
> https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100
> >> > > >
> >> > > > Build instructions:
> >> > > > https://sedona.staged.apache.org/download/compile/
> >> > > >
> >> > > > Git tag:
> >> > > >
> >> > >
> >> >
> >>
> https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator
> >> > > >
> >> > > > Maven staging repository (search for "sedona", 12 artifacts in
> >> total):
> >> > > > https://repository.apache.org/#stagingRepositories
> >> > > >
> >> > > > Release Commit ID:
> >> > > >
> >> > >
> >> >
> >>
> https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6
> >> > > >
> >> > > > GPG public key to verify the Release:
> >> > > >
> >> > >
> >> >
> >>
> https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
> >> > > >
> >> > > > The vote will be open for at least 72 hours or until a majority of
> >> at
> >> > > least
> >> > > > 3 +1 PMC votes are cast
> >> > > >
> >> > > > Please vote accordingly:
> >> > > >
> >> > > > [ ] +1 approve
> >> > > >
> >> > > > [ ] +0 no opinion
> >> > > >
> >> > > > [ ] -1 disapprove with the reason
> >> > > >
> >> > > > Checklist for reference (because of DISCLAIMER-WIP, other
> checklist
> >> > items
> >> > > > are not blockers):
> >> > > >
> >> > > > [ ] Download links are valid.
> >> > > >
> >> > > > [ ] Checksums and PGP signatures are valid.
> >> > > >
> >> > > > [ ] DISCLAIMER is included.
> >> > > >
> >> > > > [ ] Source code artifacts have correct names matching the current
> >> > > release.
> >> > > >
> >> > > > For a detailed checklist please refer to:
> >> > > >
> >> > >
> >> >
> >>
> https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
> >> > > >
> >> > > > To verify the checksum,
> >> > > > 1. open https://repository.apache.org
> >> > > > 2 (1) click each release jar (12 in total) to see its current SHA1
> >> > (under
> >> > > > Artifact tab) (2) download .jar.sha1 to see the content of the
> >> uploaded
> >> > > > sha1. This two should match
> >> > > >
> >> > > > To verify the GPG key (12 in total),
> >> > > > gpg --import the-key-file
> >> > > > gpg --verify xxx.jar.asc xxx.jar
> >> > > >
> >> > > > You should see something like "gpg: Good signature from "Jia Yu
> >> > (Arizona
> >> > > > State University Data Systems Lab) <ji...@asu.edu>" gpg:
> WARNING:
> >> > This
> >> > > > key is not certified with a trusted signature!"
> >> > > >
> >> > > > Thanks,
> >> > > > Jia
> >> > > >
> >> > >
> >> >
> >> >
> >> > --
> >> > Nothing is impossible
> >> >
> >>
> >
> >
> > --
> > Nothing is impossible
> >
>
>
> --
> Nothing is impossible
>
Re: [VOTE] Release Apache Sedona (incubating) 1.0.0
Posted by vongosling <fe...@gmail.com>.
Hi,
I also checked the source code, the name of the decompressed file is
incubator-sedona-sedona-1.0.0-incubator... It's confusing.
And I see that the size of files reaches almost 600 MB +. There are a lot
of HDF files. I just wonder do we have a plan to optimize here :-)
Here's a list of the Apache Incubation Project releases[1] memo, which
could solve some of my words. Remember, this is just a reference. For the
initial release in apache, I generally recommend that we could solve some
of the key issues at the beginning.
[1] https://issues.apache.org/jira/browse/LEGAL-469
vongosling <fe...@gmail.com> 于2021年1月13日周三 下午3:43写道:
>
> I would like to make some more comments since the broken message as Felix
> said.
>
> 4. It is recommended that the final package name be
> sedona-core_2.11-incubating instead of [2](the source code is too large).
> You must have at least src distribution(That's ok now, but do we only
> distribute source code?). Use the sha512 signature.
>
> 5. I have not checked the copyright-related issues and the compilation is
> not passed. I hope that the compilation can pass in rc2. At the same time,
> I also call on our committer to help verify it carefully and carefully. We
> are more strict in the first release. If careful enough, I'm sure we'll be
> able to publish it before rc3.
>
> If you have any questions, refer to the voting results of other items in
> the incubation list. Of course, you are welcome to discuss it in your email.
>
> [1] https://dist.apache.org/repos/dist/dev/incubator/
> [1] https://repository.apache.org/#nexus-search;quick-sedona
>
> Felix Cheung <fe...@apache.org> 于2021年1月13日周三 下午1:59写道:
>
>> We should definitely have the source release on
>> https://dist.apache.org/repos/dist/dev/incubator/
>>
>> We are voting for source release (and the git tag) - binaries are for
>> convenience.
>>
>> Von, can you clarify the final package name inline? I think you are
>> looking
>> at the artifact ID not a package name?
>>
>>
>> On Tue, Jan 12, 2021 at 6:09 PM vongosling <fe...@gmail.com> wrote:
>>
>> > I'd love to vote +1, but after I've looked at this release, I'm sorry, I
>> > have to vote -1. This is just the early stage of release, and I think
>> we
>> > have the ability to smooth the release standardization process for
>> apache.
>> > Here, I'll point out some of the issues I've identified:
>> >
>> > 1. The recommended name of the GitHub tag is 1.0.0-rc1(rc2, rc3...).
>> This
>> > allows you to trace the number of times before a successful release.
>> > 2. The source code tarball needs to be uploaded to the Apache dist
>> > repository [1] instead of the Stage repository.
>> > 3. You are advised to use the Apache email address instead of
>> > jayu2@asu.edu
>> > for GPG signatures.
>> > 4. It is recommended that the final package name be
>> > sedona-core_2.11-incubing instead of [1]. You must have at least src
>> > distribution. Use the sha512 signature.
>>
>>
>> Can you clarify? The link below is broken, and I’m not sure which you are
>> referencing.
>>
>>
>>
>> >
>> > 5. I have not checked the copyright-related issues and the compilation
>> is
>> > not passed. I hope that the compilation can pass in rc2. At the same
>> time,
>> > I also call on our committer to help verify it carefully and carefully.
>> We
>> > are more strict in the first release. If careful enough, I'm sure we'll
>> be
>> > able to publish it before rc3.
>> >
>> > If you have any questions, refer to the voting results of other items in
>> > the incubation list. Of course, you are welcome to discuss it in your
>> > email.
>> >
>> > [1] https://dist.apache.org/repos/dist/dev/incubator/
>> > [1] https://repository.apache.org/#nexus-search;quick-sedona
>> >
>> > Netanel Malka <ma...@apache.org> 于2021年1月12日周二 下午2:13写道:
>> >
>> > > Great Job!!
>> > > +1
>> > >
>> > > Netanel Malka
>> > >
>> > > On 2021/01/07 10:16:11, Jia Yu <ji...@apache.org> wrote:
>> > > > Hi All,
>> > > >
>> > > > After a fruitful discussion about our first Apache Sedona release
>> > > > 1.0.0-incubator, the release has been created. This is a call for
>> vote
>> > to
>> > > > release Apache Sedona (incubating) 1.0.0.
>> > > >
>> > > > Note that: the current sha1 and checksum verification of Sedona will
>> > > > require us to manually download artifact jars, sha1, asc from
>> > > > repository.apache.org 12 times each. It is very annoying. Please
>> let
>> > me
>> > > > know if you have any suggestions to speed up the process.
>> > > >
>> > > > Release note:
>> > > >
>> > >
>> >
>> https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100
>> > > >
>> > > > Build instructions:
>> > > > https://sedona.staged.apache.org/download/compile/
>> > > >
>> > > > Git tag:
>> > > >
>> > >
>> >
>> https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator
>> > > >
>> > > > Maven staging repository (search for "sedona", 12 artifacts in
>> total):
>> > > > https://repository.apache.org/#stagingRepositories
>> > > >
>> > > > Release Commit ID:
>> > > >
>> > >
>> >
>> https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6
>> > > >
>> > > > GPG public key to verify the Release:
>> > > >
>> > >
>> >
>> https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
>> > > >
>> > > > The vote will be open for at least 72 hours or until a majority of
>> at
>> > > least
>> > > > 3 +1 PMC votes are cast
>> > > >
>> > > > Please vote accordingly:
>> > > >
>> > > > [ ] +1 approve
>> > > >
>> > > > [ ] +0 no opinion
>> > > >
>> > > > [ ] -1 disapprove with the reason
>> > > >
>> > > > Checklist for reference (because of DISCLAIMER-WIP, other checklist
>> > items
>> > > > are not blockers):
>> > > >
>> > > > [ ] Download links are valid.
>> > > >
>> > > > [ ] Checksums and PGP signatures are valid.
>> > > >
>> > > > [ ] DISCLAIMER is included.
>> > > >
>> > > > [ ] Source code artifacts have correct names matching the current
>> > > release.
>> > > >
>> > > > For a detailed checklist please refer to:
>> > > >
>> > >
>> >
>> https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
>> > > >
>> > > > To verify the checksum,
>> > > > 1. open https://repository.apache.org
>> > > > 2 (1) click each release jar (12 in total) to see its current SHA1
>> > (under
>> > > > Artifact tab) (2) download .jar.sha1 to see the content of the
>> uploaded
>> > > > sha1. This two should match
>> > > >
>> > > > To verify the GPG key (12 in total),
>> > > > gpg --import the-key-file
>> > > > gpg --verify xxx.jar.asc xxx.jar
>> > > >
>> > > > You should see something like "gpg: Good signature from "Jia Yu
>> > (Arizona
>> > > > State University Data Systems Lab) <ji...@asu.edu>" gpg: WARNING:
>> > This
>> > > > key is not certified with a trusted signature!"
>> > > >
>> > > > Thanks,
>> > > > Jia
>> > > >
>> > >
>> >
>> >
>> > --
>> > Nothing is impossible
>> >
>>
>
>
> --
> Nothing is impossible
>
--
Nothing is impossible
Re: [VOTE] Release Apache Sedona (incubating) 1.0.0
Posted by vongosling <fe...@gmail.com>.
I would like to make some more comments since the broken message as Felix
said.
4. It is recommended that the final package name be
sedona-core_2.11-incubating instead of [2](the source code is too large).
You must have at least src distribution(That's ok now, but do we only
distribute source code?). Use the sha512 signature.
5. I have not checked the copyright-related issues and the compilation is
not passed. I hope that the compilation can pass in rc2. At the same time,
I also call on our committer to help verify it carefully and carefully. We
are more strict in the first release. If careful enough, I'm sure we'll be
able to publish it before rc3.
If you have any questions, refer to the voting results of other items in
the incubation list. Of course, you are welcome to discuss it in your email.
[1] https://dist.apache.org/repos/dist/dev/incubator/
[1] https://repository.apache.org/#nexus-search;quick-sedona
Felix Cheung <fe...@apache.org> 于2021年1月13日周三 下午1:59写道:
> We should definitely have the source release on
> https://dist.apache.org/repos/dist/dev/incubator/
>
> We are voting for source release (and the git tag) - binaries are for
> convenience.
>
> Von, can you clarify the final package name inline? I think you are looking
> at the artifact ID not a package name?
>
>
> On Tue, Jan 12, 2021 at 6:09 PM vongosling <fe...@gmail.com> wrote:
>
> > I'd love to vote +1, but after I've looked at this release, I'm sorry, I
> > have to vote -1. This is just the early stage of release, and I think we
> > have the ability to smooth the release standardization process for
> apache.
> > Here, I'll point out some of the issues I've identified:
> >
> > 1. The recommended name of the GitHub tag is 1.0.0-rc1(rc2, rc3...). This
> > allows you to trace the number of times before a successful release.
> > 2. The source code tarball needs to be uploaded to the Apache dist
> > repository [1] instead of the Stage repository.
> > 3. You are advised to use the Apache email address instead of
> > jayu2@asu.edu
> > for GPG signatures.
> > 4. It is recommended that the final package name be
> > sedona-core_2.11-incubing instead of [1]. You must have at least src
> > distribution. Use the sha512 signature.
>
>
> Can you clarify? The link below is broken, and I’m not sure which you are
> referencing.
>
>
>
> >
> > 5. I have not checked the copyright-related issues and the compilation is
> > not passed. I hope that the compilation can pass in rc2. At the same
> time,
> > I also call on our committer to help verify it carefully and carefully.
> We
> > are more strict in the first release. If careful enough, I'm sure we'll
> be
> > able to publish it before rc3.
> >
> > If you have any questions, refer to the voting results of other items in
> > the incubation list. Of course, you are welcome to discuss it in your
> > email.
> >
> > [1] https://dist.apache.org/repos/dist/dev/incubator/
> > [1] https://repository.apache.org/#nexus-search;quick-sedona
> >
> > Netanel Malka <ma...@apache.org> 于2021年1月12日周二 下午2:13写道:
> >
> > > Great Job!!
> > > +1
> > >
> > > Netanel Malka
> > >
> > > On 2021/01/07 10:16:11, Jia Yu <ji...@apache.org> wrote:
> > > > Hi All,
> > > >
> > > > After a fruitful discussion about our first Apache Sedona release
> > > > 1.0.0-incubator, the release has been created. This is a call for
> vote
> > to
> > > > release Apache Sedona (incubating) 1.0.0.
> > > >
> > > > Note that: the current sha1 and checksum verification of Sedona will
> > > > require us to manually download artifact jars, sha1, asc from
> > > > repository.apache.org 12 times each. It is very annoying. Please let
> > me
> > > > know if you have any suggestions to speed up the process.
> > > >
> > > > Release note:
> > > >
> > >
> >
> https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100
> > > >
> > > > Build instructions:
> > > > https://sedona.staged.apache.org/download/compile/
> > > >
> > > > Git tag:
> > > >
> > >
> >
> https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator
> > > >
> > > > Maven staging repository (search for "sedona", 12 artifacts in
> total):
> > > > https://repository.apache.org/#stagingRepositories
> > > >
> > > > Release Commit ID:
> > > >
> > >
> >
> https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6
> > > >
> > > > GPG public key to verify the Release:
> > > >
> > >
> >
> https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
> > > >
> > > > The vote will be open for at least 72 hours or until a majority of at
> > > least
> > > > 3 +1 PMC votes are cast
> > > >
> > > > Please vote accordingly:
> > > >
> > > > [ ] +1 approve
> > > >
> > > > [ ] +0 no opinion
> > > >
> > > > [ ] -1 disapprove with the reason
> > > >
> > > > Checklist for reference (because of DISCLAIMER-WIP, other checklist
> > items
> > > > are not blockers):
> > > >
> > > > [ ] Download links are valid.
> > > >
> > > > [ ] Checksums and PGP signatures are valid.
> > > >
> > > > [ ] DISCLAIMER is included.
> > > >
> > > > [ ] Source code artifacts have correct names matching the current
> > > release.
> > > >
> > > > For a detailed checklist please refer to:
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
> > > >
> > > > To verify the checksum,
> > > > 1. open https://repository.apache.org
> > > > 2 (1) click each release jar (12 in total) to see its current SHA1
> > (under
> > > > Artifact tab) (2) download .jar.sha1 to see the content of the
> uploaded
> > > > sha1. This two should match
> > > >
> > > > To verify the GPG key (12 in total),
> > > > gpg --import the-key-file
> > > > gpg --verify xxx.jar.asc xxx.jar
> > > >
> > > > You should see something like "gpg: Good signature from "Jia Yu
> > (Arizona
> > > > State University Data Systems Lab) <ji...@asu.edu>" gpg: WARNING:
> > This
> > > > key is not certified with a trusted signature!"
> > > >
> > > > Thanks,
> > > > Jia
> > > >
> > >
> >
> >
> > --
> > Nothing is impossible
> >
>
--
Nothing is impossible
Re: [VOTE] Release Apache Sedona (incubating) 1.0.0
Posted by Felix Cheung <fe...@apache.org>.
We should definitely have the source release on
https://dist.apache.org/repos/dist/dev/incubator/
We are voting for source release (and the git tag) - binaries are for
convenience.
Von, can you clarify the final package name inline? I think you are looking
at the artifact ID not a package name?
On Tue, Jan 12, 2021 at 6:09 PM vongosling <fe...@gmail.com> wrote:
> I'd love to vote +1, but after I've looked at this release, I'm sorry, I
> have to vote -1. This is just the early stage of release, and I think we
> have the ability to smooth the release standardization process for apache.
> Here, I'll point out some of the issues I've identified:
>
> 1. The recommended name of the GitHub tag is 1.0.0-rc1(rc2, rc3...). This
> allows you to trace the number of times before a successful release.
> 2. The source code tarball needs to be uploaded to the Apache dist
> repository [1] instead of the Stage repository.
> 3. You are advised to use the Apache email address instead of
> jayu2@asu.edu
> for GPG signatures.
> 4. It is recommended that the final package name be
> sedona-core_2.11-incubing instead of [1]. You must have at least src
> distribution. Use the sha512 signature.
Can you clarify? The link below is broken, and I’m not sure which you are
referencing.
>
> 5. I have not checked the copyright-related issues and the compilation is
> not passed. I hope that the compilation can pass in rc2. At the same time,
> I also call on our committer to help verify it carefully and carefully. We
> are more strict in the first release. If careful enough, I'm sure we'll be
> able to publish it before rc3.
>
> If you have any questions, refer to the voting results of other items in
> the incubation list. Of course, you are welcome to discuss it in your
> email.
>
> [1] https://dist.apache.org/repos/dist/dev/incubator/
> [1] https://repository.apache.org/#nexus-search;quick-sedona
>
> Netanel Malka <ma...@apache.org> 于2021年1月12日周二 下午2:13写道:
>
> > Great Job!!
> > +1
> >
> > Netanel Malka
> >
> > On 2021/01/07 10:16:11, Jia Yu <ji...@apache.org> wrote:
> > > Hi All,
> > >
> > > After a fruitful discussion about our first Apache Sedona release
> > > 1.0.0-incubator, the release has been created. This is a call for vote
> to
> > > release Apache Sedona (incubating) 1.0.0.
> > >
> > > Note that: the current sha1 and checksum verification of Sedona will
> > > require us to manually download artifact jars, sha1, asc from
> > > repository.apache.org 12 times each. It is very annoying. Please let
> me
> > > know if you have any suggestions to speed up the process.
> > >
> > > Release note:
> > >
> >
> https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100
> > >
> > > Build instructions:
> > > https://sedona.staged.apache.org/download/compile/
> > >
> > > Git tag:
> > >
> >
> https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator
> > >
> > > Maven staging repository (search for "sedona", 12 artifacts in total):
> > > https://repository.apache.org/#stagingRepositories
> > >
> > > Release Commit ID:
> > >
> >
> https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6
> > >
> > > GPG public key to verify the Release:
> > >
> >
> https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
> > >
> > > The vote will be open for at least 72 hours or until a majority of at
> > least
> > > 3 +1 PMC votes are cast
> > >
> > > Please vote accordingly:
> > >
> > > [ ] +1 approve
> > >
> > > [ ] +0 no opinion
> > >
> > > [ ] -1 disapprove with the reason
> > >
> > > Checklist for reference (because of DISCLAIMER-WIP, other checklist
> items
> > > are not blockers):
> > >
> > > [ ] Download links are valid.
> > >
> > > [ ] Checksums and PGP signatures are valid.
> > >
> > > [ ] DISCLAIMER is included.
> > >
> > > [ ] Source code artifacts have correct names matching the current
> > release.
> > >
> > > For a detailed checklist please refer to:
> > >
> >
> https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
> > >
> > > To verify the checksum,
> > > 1. open https://repository.apache.org
> > > 2 (1) click each release jar (12 in total) to see its current SHA1
> (under
> > > Artifact tab) (2) download .jar.sha1 to see the content of the uploaded
> > > sha1. This two should match
> > >
> > > To verify the GPG key (12 in total),
> > > gpg --import the-key-file
> > > gpg --verify xxx.jar.asc xxx.jar
> > >
> > > You should see something like "gpg: Good signature from "Jia Yu
> (Arizona
> > > State University Data Systems Lab) <ji...@asu.edu>" gpg: WARNING:
> This
> > > key is not certified with a trusted signature!"
> > >
> > > Thanks,
> > > Jia
> > >
> >
>
>
> --
> Nothing is impossible
>
Re: [VOTE] Release Apache Sedona (incubating) 1.0.0
Posted by vongosling <fe...@gmail.com>.
I'd love to vote +1, but after I've looked at this release, I'm sorry, I
have to vote -1. This is just the early stage of release, and I think we
have the ability to smooth the release standardization process for apache.
Here, I'll point out some of the issues I've identified:
1. The recommended name of the GitHub tag is 1.0.0-rc1(rc2, rc3...). This
allows you to trace the number of times before a successful release.
2. The source code tarball needs to be uploaded to the Apache dist
repository [1] instead of the Stage repository.
3. You are advised to use the Apache email address instead of jayu2@asu.edu
for GPG signatures.
4. It is recommended that the final package name be
sedona-core_2.11-incubing instead of [1]. You must have at least src
distribution. Use the sha512 signature.
5. I have not checked the copyright-related issues and the compilation is
not passed. I hope that the compilation can pass in rc2. At the same time,
I also call on our committer to help verify it carefully and carefully. We
are more strict in the first release. If careful enough, I'm sure we'll be
able to publish it before rc3.
If you have any questions, refer to the voting results of other items in
the incubation list. Of course, you are welcome to discuss it in your email.
[1] https://dist.apache.org/repos/dist/dev/incubator/
[1] https://repository.apache.org/#nexus-search;quick-sedona
Netanel Malka <ma...@apache.org> 于2021年1月12日周二 下午2:13写道:
> Great Job!!
> +1
>
> Netanel Malka
>
> On 2021/01/07 10:16:11, Jia Yu <ji...@apache.org> wrote:
> > Hi All,
> >
> > After a fruitful discussion about our first Apache Sedona release
> > 1.0.0-incubator, the release has been created. This is a call for vote to
> > release Apache Sedona (incubating) 1.0.0.
> >
> > Note that: the current sha1 and checksum verification of Sedona will
> > require us to manually download artifact jars, sha1, asc from
> > repository.apache.org 12 times each. It is very annoying. Please let me
> > know if you have any suggestions to speed up the process.
> >
> > Release note:
> >
> https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100
> >
> > Build instructions:
> > https://sedona.staged.apache.org/download/compile/
> >
> > Git tag:
> >
> https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator
> >
> > Maven staging repository (search for "sedona", 12 artifacts in total):
> > https://repository.apache.org/#stagingRepositories
> >
> > Release Commit ID:
> >
> https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6
> >
> > GPG public key to verify the Release:
> >
> https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
> >
> > The vote will be open for at least 72 hours or until a majority of at
> least
> > 3 +1 PMC votes are cast
> >
> > Please vote accordingly:
> >
> > [ ] +1 approve
> >
> > [ ] +0 no opinion
> >
> > [ ] -1 disapprove with the reason
> >
> > Checklist for reference (because of DISCLAIMER-WIP, other checklist items
> > are not blockers):
> >
> > [ ] Download links are valid.
> >
> > [ ] Checksums and PGP signatures are valid.
> >
> > [ ] DISCLAIMER is included.
> >
> > [ ] Source code artifacts have correct names matching the current
> release.
> >
> > For a detailed checklist please refer to:
> >
> https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
> >
> > To verify the checksum,
> > 1. open https://repository.apache.org
> > 2 (1) click each release jar (12 in total) to see its current SHA1 (under
> > Artifact tab) (2) download .jar.sha1 to see the content of the uploaded
> > sha1. This two should match
> >
> > To verify the GPG key (12 in total),
> > gpg --import the-key-file
> > gpg --verify xxx.jar.asc xxx.jar
> >
> > You should see something like "gpg: Good signature from "Jia Yu (Arizona
> > State University Data Systems Lab) <ji...@asu.edu>" gpg: WARNING: This
> > key is not certified with a trusted signature!"
> >
> > Thanks,
> > Jia
> >
>
--
Nothing is impossible
Re: [VOTE] Release Apache Sedona (incubating) 1.0.0
Posted by Netanel Malka <ma...@apache.org>.
Great Job!!
+1
Netanel Malka
On 2021/01/07 10:16:11, Jia Yu <ji...@apache.org> wrote:
> Hi All,
>
> After a fruitful discussion about our first Apache Sedona release
> 1.0.0-incubator, the release has been created. This is a call for vote to
> release Apache Sedona (incubating) 1.0.0.
>
> Note that: the current sha1 and checksum verification of Sedona will
> require us to manually download artifact jars, sha1, asc from
> repository.apache.org 12 times each. It is very annoying. Please let me
> know if you have any suggestions to speed up the process.
>
> Release note:
> https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100
>
> Build instructions:
> https://sedona.staged.apache.org/download/compile/
>
> Git tag:
> https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator
>
> Maven staging repository (search for "sedona", 12 artifacts in total):
> https://repository.apache.org/#stagingRepositories
>
> Release Commit ID:
> https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6
>
> GPG public key to verify the Release:
> https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg
>
> The vote will be open for at least 72 hours or until a majority of at least
> 3 +1 PMC votes are cast
>
> Please vote accordingly:
>
> [ ] +1 approve
>
> [ ] +0 no opinion
>
> [ ] -1 disapprove with the reason
>
> Checklist for reference (because of DISCLAIMER-WIP, other checklist items
> are not blockers):
>
> [ ] Download links are valid.
>
> [ ] Checksums and PGP signatures are valid.
>
> [ ] DISCLAIMER is included.
>
> [ ] Source code artifacts have correct names matching the current release.
>
> For a detailed checklist please refer to:
> https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
>
> To verify the checksum,
> 1. open https://repository.apache.org
> 2 (1) click each release jar (12 in total) to see its current SHA1 (under
> Artifact tab) (2) download .jar.sha1 to see the content of the uploaded
> sha1. This two should match
>
> To verify the GPG key (12 in total),
> gpg --import the-key-file
> gpg --verify xxx.jar.asc xxx.jar
>
> You should see something like "gpg: Good signature from "Jia Yu (Arizona
> State University Data Systems Lab) <ji...@asu.edu>" gpg: WARNING: This
> key is not certified with a trusted signature!"
>
> Thanks,
> Jia
>