You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@flagon.apache.org by Evan Jones <ej...@apache.org> on 2024/03/22 00:58:41 UTC
[VOTE] Release Apache Flagon UserALEjs 2.4.0
Hi Folks,
Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate # 02.
About Flagon: http://flagon.apache.org/
This Minor release includes :
* Refactors Map and Filter APIs as generalized callbacks for
functionality
* Updates packages and dependencies
* Adds additional examples (callback functions)
* Updates to update deprecated downstream dev dependencies
* Changes to documentation, updated examples
* New browser extension setting, password, for basic auth.
* New log fields httpSessionId and browserSessionId
* Callbacks for auth headers and custom headers.
* Example json schema added.
Git source tag (2.4.0-rc02):
https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
Source Release Artifacts:
https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
PGP release keys (signed using {8/16 char sigID}):
https://github.com/apache/flagon-useralejs/blob/master/KEYS
Link to Successful Github Actions tests:
https://github.com/apache/flagon-useralejs/actions/runs/8383064872
Vote will be open for 72 hours. Please VOTE as follows:
[ ] +1, let's get it released!!!
[ ] +/-0, fine, but consider to fix few issues before...
[ ] -1, nope, because... (and please explain why)
Along with your VOTE, please indicate testing and checks you've made
against build artifacts, src, and documentation:
[ ] Build and Unit Tests Pass
[ ] Integration Tests Pass
[ ] Signatures and Hashes Match Keys
[ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
[ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
[ ] CHANGELOG included with release distribution
[ ] All Source Files Have Correct ASF Headers
[ ] No Binary Files in Source Release Packages
Thank you to everyone that is able to VOTE as well as everyone that
contributed to Apache Flagon 2.4.0.
Best,
Evan Jones
Re: [VOTE] Release Apache Flagon UserALEjs 2.4.0-RC02
Posted by Joshua Poore <po...@apache.org>.
Updating VOTE subject to RC02 to keep consistency on lists.
> On Mar 25, 2024, at 10:17 PM, Joshua Poore <po...@apache.org> wrote:
>
> +1 from me
>
> Great work everyone! Acceptable release.
>
> we only need 1 more binding VOTE for a release!
>
>
> [Y] Build and Unit Tests Pass
> [Y] Integration Tests Pass
> [Y] Signatures and Hashes Match Keys
> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> [Y] CHANGELOG included with release distribution
> [Y] All Source Files Have Correct ASF Headers
> [Y] No Binary Files in Source Release Packages
>
>> On Mar 24, 2024, at 9:47 PM, Amir Ghaemi <ag...@umd.edu> wrote:
>>
>> Thank you both!
>>
>> +1 from me!
>>
>> [✓] Build and Unit Tests Pass
>> [ ] Integration Tests Pass
>> [ ] Signatures and Hashes Match Keys
>> [✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
>> Packages
>> [✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and Incubator
>> Policy
>> [✓] CHANGELOG included with release distribution
>> [✓] All Source Files Have Correct ASF Headers
>> [ ] No Binary Files in Source Release Packages
>>
>>
>> Best,
>> *Amir M. Ghaemi*
>>
>>
>> On Sun, Mar 24, 2024 at 1:14 PM Jason Young <jk...@apache.org> wrote:
>>
>>> +1 from me now, and thanks for updating the release script.
>>>
>>>> [Y] Build and Unit Tests Pass
>>>> [Y] Integration Tests Pass
>>>> [Y] Signatures and Hashes Match Keys
>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>> [Y] CHANGELOG included with release distribution
>>>> [Y] All Source Files Have Correct ASF Headers
>>>> [Y] No Binary Files in Source Release Packages
>>>
>>> -Jason
>>>
>>> On 2024/03/23 19:30:10 Evan Jones wrote:
>>>> All,
>>>>
>>>> I've fixed up the release candidate. Given the commit head and source
>>> code
>>>> haven't changed, I've decided to update the RC in place on the apache
>>>> dist/dev repo and will keep the voting open on this thread to avoid
>>>> spamming your inboxes.
>>>>
>>>> Fixes:
>>>> 1. The release script in the flagon repo claimed to run git clean -dxf,
>>> but
>>>> this was actually commented out. I've fixed this in the script.
>>>> 2. I indeed was signing with a different default key. This has been
>>> fixed.
>>>> However, please note, your verification call was incorrect. You must do a
>>>> one-one mapping between the signatures and their constituent files. For
>>>> unix systems, the one-liner below does this:
>>>> for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
>>>> 3. I updated the script to use sha512sum. This should ameliorate your
>>>> issues, Jason.
>>>>
>>>> Please re-assess the candidate and get your votes in. We'll extend voting
>>>> by another 72 hours.
>>>>
>>>> Best
>>>>
>>>> Evan Jones
>>>> Website: www.ea-jones.com
>>>>
>>>>
>>>> On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <ev...@gmail.com>
>>> wrote:
>>>>
>>>>> Thanks, Jason.
>>>>>
>>>>> 1. This is odd. I used the script. And explicitly recall it asking
>>> about
>>>>> git clean.
>>>>>
>>>>> 2. I was worried about this. I have multiple keys.
>>>>>
>>>>> 3. I'll update the script to use sha512sum.
>>>>>
>>>>> Will re-roll later.
>>>>>
>>>>> Best
>>>>>
>>>>> Evan Jones
>>>>> Website: www.ea-jones.com
>>>>>
>>>>>
>>>>> On Sat, Mar 23, 2024 at 9:55 AM Jason Young <jk...@apache.org> wrote:
>>>>>
>>>>>> -1 from me
>>>>>>
>>>>>> 1. (blocking) Source artifacts should contain only files tracked by
>>> git
>>>>>> but there are build files, log files, and .vscode. The
>>>>>> make-release-artifacts.sh script should do this, so maybe this is an
>>> issue
>>>>>> with the script. Otherwise you can remove these files with `git clean
>>> -dxf`
>>>>>>
>>>>>> 2. (blocking) I cannot verify the signatures, I am running:
>>>>>> gpg --import KEYS
>>>>>> gpg --verify *.asc
>>>>>>
>>>>>> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
>>> verify,
>>>>>> which I'm guessing is a different GPG key on your machine
>>>>>>
>>>>>> 3. (non-blocking) When I check the hashes with shasum it throws "no
>>>>>> properly formatted SHA checksum lines found". I recalculated and
>>> compared
>>>>>> the hashes and they are correct but formatted differently.
>>>>>>
>>>>>> Your hashes were generated with gpg --print-md, and I couldn't figure
>>> out
>>>>>> how to programmatically check this format. Also, Apache recommends
>>> shasum
>>>>>> for SHA-512 release hashs.
>>>>>> https://infra.apache.org/release-signing.html#sha-checksum
>>>>>>
>>>>>> [Y] Build and Unit Tests Pass
>>>>>> [Y] Integration Tests Pass
>>>>>> [N] Signatures and Hashes Match Keys
>>>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>>>> [Y] CHANGELOG included with release distribution
>>>>>> [Y] All Source Files Have Correct ASF Headers
>>>>>> [N] No Binary Files in Source Release Packages
>>>>>>
>>>>>> -Jason
>>>>>>
>>>>>> On 2024/03/22 00:58:41 Evan Jones wrote:
>>>>>>> Hi Folks,
>>>>>>>
>>>>>>> Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate
>>> # 02.
>>>>>>>
>>>>>>> About Flagon: http://flagon.apache.org/
>>>>>>>
>>>>>>> This Minor release includes :
>>>>>>> * Refactors Map and Filter APIs as generalized callbacks for
>>>>>>> functionality
>>>>>>> * Updates packages and dependencies
>>>>>>> * Adds additional examples (callback functions)
>>>>>>> * Updates to update deprecated downstream dev dependencies
>>>>>>> * Changes to documentation, updated examples
>>>>>>> * New browser extension setting, password, for basic auth.
>>>>>>> * New log fields httpSessionId and browserSessionId
>>>>>>> * Callbacks for auth headers and custom headers.
>>>>>>> * Example json schema added.
>>>>>>>
>>>>>>> Git source tag (2.4.0-rc02):
>>>>>>> https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
>>>>>>>
>>>>>>> Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
>>>>>>>
>>>>>>> Source Release Artifacts:
>>>>>>>
>>>>>>
>>> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
>>>>>>>
>>>>>>> PGP release keys (signed using {8/16 char sigID}):
>>>>>>> https://github.com/apache/flagon-useralejs/blob/master/KEYS
>>>>>>>
>>>>>>> Link to Successful Github Actions tests:
>>>>>>> https://github.com/apache/flagon-useralejs/actions/runs/8383064872
>>>>>>>
>>>>>>> Vote will be open for 72 hours. Please VOTE as follows:
>>>>>>>
>>>>>>> [ ] +1, let's get it released!!!
>>>>>>> [ ] +/-0, fine, but consider to fix few issues before...
>>>>>>> [ ] -1, nope, because... (and please explain why)
>>>>>>>
>>>>>>> Along with your VOTE, please indicate testing and checks you've made
>>>>>>> against build artifacts, src, and documentation:
>>>>>>>
>>>>>>> [ ] Build and Unit Tests Pass
>>>>>>> [ ] Integration Tests Pass
>>>>>>> [ ] Signatures and Hashes Match Keys
>>>>>>> [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>>>>> [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>>>>> [ ] CHANGELOG included with release distribution
>>>>>>> [ ] All Source Files Have Correct ASF Headers
>>>>>>> [ ] No Binary Files in Source Release Packages
>>>>>>>
>>>>>>> Thank you to everyone that is able to VOTE as well as everyone that
>>>>>>> contributed to Apache Flagon 2.4.0.
>>>>>>>
>>>>>>> Best,
>>>>>>> Evan Jones
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>
Re: [VOTE] Release Apache Flagon UserALEjs 2.4.0
Posted by Evan Jones <ej...@apache.org>.
All,
Final votes are in. We have +5 (+3 binding). The release is successful and
the vote is now CLOSED.
Thanks everyone. Good work.
@Auston re: automation - I've done some research on this and after having
just done the release, I have a better sense of where we can automate. I'll
create tickets soon.
On Mon, Apr 1, 2024 at 3:48 PM Austin Bennett <au...@apache.org> wrote:
> +1 ... LGTM.
>
> @jky@apache.org <jk...@apache.org> good catches.
>
> @ALL -- Which of the release steps do we think could be more automated and
> less manual? Yes, we still will have manual steps, but it might be worth
> investing in some repeatable scripts. For those that have done
> more thorough releases and/or validation, have you thought about what is
> missing? What could make your life easier? If yes, let's at least writeup
> some tickets for future work.
>
>
> nit: i'd like to see which RC we are voting on in the subject line.
>
> On Sat, Mar 30, 2024 at 2:29 PM Joshua Poore <po...@apache.org> wrote:
>
> > BUMP
> >
> > Hi All,
> >
> > Don’t forget to VOTE for this release!
> >
> > > On Mar 25, 2024, at 10:17 PM, Joshua Poore <po...@apache.org> wrote:
> > >
> > > +1 from me
> > >
> > > Great work everyone! Acceptable release.
> > >
> > > we only need 1 more binding VOTE for a release!
> > >
> > >
> > > [Y] Build and Unit Tests Pass
> > > [Y] Integration Tests Pass
> > > [Y] Signatures and Hashes Match Keys
> > > [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > > [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > > [Y] CHANGELOG included with release distribution
> > > [Y] All Source Files Have Correct ASF Headers
> > > [Y] No Binary Files in Source Release Packages
> > >
> > >> On Mar 24, 2024, at 9:47 PM, Amir Ghaemi <ag...@umd.edu> wrote:
> > >>
> > >> Thank you both!
> > >>
> > >> +1 from me!
> > >>
> > >> [✓] Build and Unit Tests Pass
> > >> [ ] Integration Tests Pass
> > >> [ ] Signatures and Hashes Match Keys
> > >> [✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
> > >> Packages
> > >> [✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and
> > Incubator
> > >> Policy
> > >> [✓] CHANGELOG included with release distribution
> > >> [✓] All Source Files Have Correct ASF Headers
> > >> [ ] No Binary Files in Source Release Packages
> > >>
> > >>
> > >> Best,
> > >> *Amir M. Ghaemi*
> > >>
> > >>
> > >> On Sun, Mar 24, 2024 at 1:14 PM Jason Young <jk...@apache.org> wrote:
> > >>
> > >>> +1 from me now, and thanks for updating the release script.
> > >>>
> > >>>> [Y] Build and Unit Tests Pass
> > >>>> [Y] Integration Tests Pass
> > >>>> [Y] Signatures and Hashes Match Keys
> > >>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > >>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > >>>> [Y] CHANGELOG included with release distribution
> > >>>> [Y] All Source Files Have Correct ASF Headers
> > >>>> [Y] No Binary Files in Source Release Packages
> > >>>
> > >>> -Jason
> > >>>
> > >>> On 2024/03/23 19:30:10 Evan Jones wrote:
> > >>>> All,
> > >>>>
> > >>>> I've fixed up the release candidate. Given the commit head and
> source
> > >>> code
> > >>>> haven't changed, I've decided to update the RC in place on the
> apache
> > >>>> dist/dev repo and will keep the voting open on this thread to avoid
> > >>>> spamming your inboxes.
> > >>>>
> > >>>> Fixes:
> > >>>> 1. The release script in the flagon repo claimed to run git clean
> > -dxf,
> > >>> but
> > >>>> this was actually commented out. I've fixed this in the script.
> > >>>> 2. I indeed was signing with a different default key. This has been
> > >>> fixed.
> > >>>> However, please note, your verification call was incorrect. You must
> > do a
> > >>>> one-one mapping between the signatures and their constituent files.
> > For
> > >>>> unix systems, the one-liner below does this:
> > >>>> for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
> > >>>> 3. I updated the script to use sha512sum. This should ameliorate
> your
> > >>>> issues, Jason.
> > >>>>
> > >>>> Please re-assess the candidate and get your votes in. We'll extend
> > voting
> > >>>> by another 72 hours.
> > >>>>
> > >>>> Best
> > >>>>
> > >>>> Evan Jones
> > >>>> Website: www.ea-jones.com
> > >>>>
> > >>>>
> > >>>> On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <
> evan.a.jones3@gmail.com>
> > >>> wrote:
> > >>>>
> > >>>>> Thanks, Jason.
> > >>>>>
> > >>>>> 1. This is odd. I used the script. And explicitly recall it asking
> > >>> about
> > >>>>> git clean.
> > >>>>>
> > >>>>> 2. I was worried about this. I have multiple keys.
> > >>>>>
> > >>>>> 3. I'll update the script to use sha512sum.
> > >>>>>
> > >>>>> Will re-roll later.
> > >>>>>
> > >>>>> Best
> > >>>>>
> > >>>>> Evan Jones
> > >>>>> Website: www.ea-jones.com
> > >>>>>
> > >>>>>
> > >>>>> On Sat, Mar 23, 2024 at 9:55 AM Jason Young <jk...@apache.org>
> wrote:
> > >>>>>
> > >>>>>> -1 from me
> > >>>>>>
> > >>>>>> 1. (blocking) Source artifacts should contain only files tracked
> by
> > >>> git
> > >>>>>> but there are build files, log files, and .vscode. The
> > >>>>>> make-release-artifacts.sh script should do this, so maybe this is
> an
> > >>> issue
> > >>>>>> with the script. Otherwise you can remove these files with `git
> > clean
> > >>> -dxf`
> > >>>>>>
> > >>>>>> 2. (blocking) I cannot verify the signatures, I am running:
> > >>>>>> gpg --import KEYS
> > >>>>>> gpg --verify *.asc
> > >>>>>>
> > >>>>>> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
> > >>> verify,
> > >>>>>> which I'm guessing is a different GPG key on your machine
> > >>>>>>
> > >>>>>> 3. (non-blocking) When I check the hashes with shasum it throws
> "no
> > >>>>>> properly formatted SHA checksum lines found". I recalculated and
> > >>> compared
> > >>>>>> the hashes and they are correct but formatted differently.
> > >>>>>>
> > >>>>>> Your hashes were generated with gpg --print-md, and I couldn't
> > figure
> > >>> out
> > >>>>>> how to programmatically check this format. Also, Apache recommends
> > >>> shasum
> > >>>>>> for SHA-512 release hashs.
> > >>>>>> https://infra.apache.org/release-signing.html#sha-checksum
> > >>>>>>
> > >>>>>> [Y] Build and Unit Tests Pass
> > >>>>>> [Y] Integration Tests Pass
> > >>>>>> [N] Signatures and Hashes Match Keys
> > >>>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release
> Packages
> > >>>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator
> Policy
> > >>>>>> [Y] CHANGELOG included with release distribution
> > >>>>>> [Y] All Source Files Have Correct ASF Headers
> > >>>>>> [N] No Binary Files in Source Release Packages
> > >>>>>>
> > >>>>>> -Jason
> > >>>>>>
> > >>>>>> On 2024/03/22 00:58:41 Evan Jones wrote:
> > >>>>>>> Hi Folks,
> > >>>>>>>
> > >>>>>>> Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release
> Candidate
> > >>> # 02.
> > >>>>>>>
> > >>>>>>> About Flagon: http://flagon.apache.org/
> > >>>>>>>
> > >>>>>>> This Minor release includes :
> > >>>>>>> * Refactors Map and Filter APIs as generalized callbacks for
> > >>>>>>> functionality
> > >>>>>>> * Updates packages and dependencies
> > >>>>>>> * Adds additional examples (callback functions)
> > >>>>>>> * Updates to update deprecated downstream dev dependencies
> > >>>>>>> * Changes to documentation, updated examples
> > >>>>>>> * New browser extension setting, password, for basic auth.
> > >>>>>>> * New log fields httpSessionId and browserSessionId
> > >>>>>>> * Callbacks for auth headers and custom headers.
> > >>>>>>> * Example json schema added.
> > >>>>>>>
> > >>>>>>> Git source tag (2.4.0-rc02):
> > >>>>>>> https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
> > >>>>>>>
> > >>>>>>> Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
> > >>>>>>>
> > >>>>>>> Source Release Artifacts:
> > >>>>>>>
> > >>>>>>
> > >>>
> >
> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
> > >>>>>>>
> > >>>>>>> PGP release keys (signed using {8/16 char sigID}):
> > >>>>>>> https://github.com/apache/flagon-useralejs/blob/master/KEYS
> > >>>>>>>
> > >>>>>>> Link to Successful Github Actions tests:
> > >>>>>>>
> https://github.com/apache/flagon-useralejs/actions/runs/8383064872
> > >>>>>>>
> > >>>>>>> Vote will be open for 72 hours. Please VOTE as follows:
> > >>>>>>>
> > >>>>>>> [ ] +1, let's get it released!!!
> > >>>>>>> [ ] +/-0, fine, but consider to fix few issues before...
> > >>>>>>> [ ] -1, nope, because... (and please explain why)
> > >>>>>>>
> > >>>>>>> Along with your VOTE, please indicate testing and checks you've
> > made
> > >>>>>>> against build artifacts, src, and documentation:
> > >>>>>>>
> > >>>>>>> [ ] Build and Unit Tests Pass
> > >>>>>>> [ ] Integration Tests Pass
> > >>>>>>> [ ] Signatures and Hashes Match Keys
> > >>>>>>> [ ] LICENSE, and NOTICE Files in Source and Binary Release
> Packages
> > >>>>>>> [ ] LICENSE, and NOTICE are consistent with ASF and Incubator
> > Policy
> > >>>>>>> [ ] CHANGELOG included with release distribution
> > >>>>>>> [ ] All Source Files Have Correct ASF Headers
> > >>>>>>> [ ] No Binary Files in Source Release Packages
> > >>>>>>>
> > >>>>>>> Thank you to everyone that is able to VOTE as well as everyone
> that
> > >>>>>>> contributed to Apache Flagon 2.4.0.
> > >>>>>>>
> > >>>>>>> Best,
> > >>>>>>> Evan Jones
> > >>>>>>>
> > >>>>>>
> > >>>>>
> > >>>>
> > >>>
> > >
> >
> >
>
Re: [VOTE] Release Apache Flagon UserALEjs 2.4.0
Posted by Austin Bennett <au...@apache.org>.
+1 ... LGTM.
@jky@apache.org <jk...@apache.org> good catches.
@ALL -- Which of the release steps do we think could be more automated and
less manual? Yes, we still will have manual steps, but it might be worth
investing in some repeatable scripts. For those that have done
more thorough releases and/or validation, have you thought about what is
missing? What could make your life easier? If yes, let's at least writeup
some tickets for future work.
nit: i'd like to see which RC we are voting on in the subject line.
On Sat, Mar 30, 2024 at 2:29 PM Joshua Poore <po...@apache.org> wrote:
> BUMP
>
> Hi All,
>
> Don’t forget to VOTE for this release!
>
> > On Mar 25, 2024, at 10:17 PM, Joshua Poore <po...@apache.org> wrote:
> >
> > +1 from me
> >
> > Great work everyone! Acceptable release.
> >
> > we only need 1 more binding VOTE for a release!
> >
> >
> > [Y] Build and Unit Tests Pass
> > [Y] Integration Tests Pass
> > [Y] Signatures and Hashes Match Keys
> > [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > [Y] CHANGELOG included with release distribution
> > [Y] All Source Files Have Correct ASF Headers
> > [Y] No Binary Files in Source Release Packages
> >
> >> On Mar 24, 2024, at 9:47 PM, Amir Ghaemi <ag...@umd.edu> wrote:
> >>
> >> Thank you both!
> >>
> >> +1 from me!
> >>
> >> [✓] Build and Unit Tests Pass
> >> [ ] Integration Tests Pass
> >> [ ] Signatures and Hashes Match Keys
> >> [✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
> >> Packages
> >> [✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and
> Incubator
> >> Policy
> >> [✓] CHANGELOG included with release distribution
> >> [✓] All Source Files Have Correct ASF Headers
> >> [ ] No Binary Files in Source Release Packages
> >>
> >>
> >> Best,
> >> *Amir M. Ghaemi*
> >>
> >>
> >> On Sun, Mar 24, 2024 at 1:14 PM Jason Young <jk...@apache.org> wrote:
> >>
> >>> +1 from me now, and thanks for updating the release script.
> >>>
> >>>> [Y] Build and Unit Tests Pass
> >>>> [Y] Integration Tests Pass
> >>>> [Y] Signatures and Hashes Match Keys
> >>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> >>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> >>>> [Y] CHANGELOG included with release distribution
> >>>> [Y] All Source Files Have Correct ASF Headers
> >>>> [Y] No Binary Files in Source Release Packages
> >>>
> >>> -Jason
> >>>
> >>> On 2024/03/23 19:30:10 Evan Jones wrote:
> >>>> All,
> >>>>
> >>>> I've fixed up the release candidate. Given the commit head and source
> >>> code
> >>>> haven't changed, I've decided to update the RC in place on the apache
> >>>> dist/dev repo and will keep the voting open on this thread to avoid
> >>>> spamming your inboxes.
> >>>>
> >>>> Fixes:
> >>>> 1. The release script in the flagon repo claimed to run git clean
> -dxf,
> >>> but
> >>>> this was actually commented out. I've fixed this in the script.
> >>>> 2. I indeed was signing with a different default key. This has been
> >>> fixed.
> >>>> However, please note, your verification call was incorrect. You must
> do a
> >>>> one-one mapping between the signatures and their constituent files.
> For
> >>>> unix systems, the one-liner below does this:
> >>>> for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
> >>>> 3. I updated the script to use sha512sum. This should ameliorate your
> >>>> issues, Jason.
> >>>>
> >>>> Please re-assess the candidate and get your votes in. We'll extend
> voting
> >>>> by another 72 hours.
> >>>>
> >>>> Best
> >>>>
> >>>> Evan Jones
> >>>> Website: www.ea-jones.com
> >>>>
> >>>>
> >>>> On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <ev...@gmail.com>
> >>> wrote:
> >>>>
> >>>>> Thanks, Jason.
> >>>>>
> >>>>> 1. This is odd. I used the script. And explicitly recall it asking
> >>> about
> >>>>> git clean.
> >>>>>
> >>>>> 2. I was worried about this. I have multiple keys.
> >>>>>
> >>>>> 3. I'll update the script to use sha512sum.
> >>>>>
> >>>>> Will re-roll later.
> >>>>>
> >>>>> Best
> >>>>>
> >>>>> Evan Jones
> >>>>> Website: www.ea-jones.com
> >>>>>
> >>>>>
> >>>>> On Sat, Mar 23, 2024 at 9:55 AM Jason Young <jk...@apache.org> wrote:
> >>>>>
> >>>>>> -1 from me
> >>>>>>
> >>>>>> 1. (blocking) Source artifacts should contain only files tracked by
> >>> git
> >>>>>> but there are build files, log files, and .vscode. The
> >>>>>> make-release-artifacts.sh script should do this, so maybe this is an
> >>> issue
> >>>>>> with the script. Otherwise you can remove these files with `git
> clean
> >>> -dxf`
> >>>>>>
> >>>>>> 2. (blocking) I cannot verify the signatures, I am running:
> >>>>>> gpg --import KEYS
> >>>>>> gpg --verify *.asc
> >>>>>>
> >>>>>> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
> >>> verify,
> >>>>>> which I'm guessing is a different GPG key on your machine
> >>>>>>
> >>>>>> 3. (non-blocking) When I check the hashes with shasum it throws "no
> >>>>>> properly formatted SHA checksum lines found". I recalculated and
> >>> compared
> >>>>>> the hashes and they are correct but formatted differently.
> >>>>>>
> >>>>>> Your hashes were generated with gpg --print-md, and I couldn't
> figure
> >>> out
> >>>>>> how to programmatically check this format. Also, Apache recommends
> >>> shasum
> >>>>>> for SHA-512 release hashs.
> >>>>>> https://infra.apache.org/release-signing.html#sha-checksum
> >>>>>>
> >>>>>> [Y] Build and Unit Tests Pass
> >>>>>> [Y] Integration Tests Pass
> >>>>>> [N] Signatures and Hashes Match Keys
> >>>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> >>>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> >>>>>> [Y] CHANGELOG included with release distribution
> >>>>>> [Y] All Source Files Have Correct ASF Headers
> >>>>>> [N] No Binary Files in Source Release Packages
> >>>>>>
> >>>>>> -Jason
> >>>>>>
> >>>>>> On 2024/03/22 00:58:41 Evan Jones wrote:
> >>>>>>> Hi Folks,
> >>>>>>>
> >>>>>>> Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate
> >>> # 02.
> >>>>>>>
> >>>>>>> About Flagon: http://flagon.apache.org/
> >>>>>>>
> >>>>>>> This Minor release includes :
> >>>>>>> * Refactors Map and Filter APIs as generalized callbacks for
> >>>>>>> functionality
> >>>>>>> * Updates packages and dependencies
> >>>>>>> * Adds additional examples (callback functions)
> >>>>>>> * Updates to update deprecated downstream dev dependencies
> >>>>>>> * Changes to documentation, updated examples
> >>>>>>> * New browser extension setting, password, for basic auth.
> >>>>>>> * New log fields httpSessionId and browserSessionId
> >>>>>>> * Callbacks for auth headers and custom headers.
> >>>>>>> * Example json schema added.
> >>>>>>>
> >>>>>>> Git source tag (2.4.0-rc02):
> >>>>>>> https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
> >>>>>>>
> >>>>>>> Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
> >>>>>>>
> >>>>>>> Source Release Artifacts:
> >>>>>>>
> >>>>>>
> >>>
> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
> >>>>>>>
> >>>>>>> PGP release keys (signed using {8/16 char sigID}):
> >>>>>>> https://github.com/apache/flagon-useralejs/blob/master/KEYS
> >>>>>>>
> >>>>>>> Link to Successful Github Actions tests:
> >>>>>>> https://github.com/apache/flagon-useralejs/actions/runs/8383064872
> >>>>>>>
> >>>>>>> Vote will be open for 72 hours. Please VOTE as follows:
> >>>>>>>
> >>>>>>> [ ] +1, let's get it released!!!
> >>>>>>> [ ] +/-0, fine, but consider to fix few issues before...
> >>>>>>> [ ] -1, nope, because... (and please explain why)
> >>>>>>>
> >>>>>>> Along with your VOTE, please indicate testing and checks you've
> made
> >>>>>>> against build artifacts, src, and documentation:
> >>>>>>>
> >>>>>>> [ ] Build and Unit Tests Pass
> >>>>>>> [ ] Integration Tests Pass
> >>>>>>> [ ] Signatures and Hashes Match Keys
> >>>>>>> [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
> >>>>>>> [ ] LICENSE, and NOTICE are consistent with ASF and Incubator
> Policy
> >>>>>>> [ ] CHANGELOG included with release distribution
> >>>>>>> [ ] All Source Files Have Correct ASF Headers
> >>>>>>> [ ] No Binary Files in Source Release Packages
> >>>>>>>
> >>>>>>> Thank you to everyone that is able to VOTE as well as everyone that
> >>>>>>> contributed to Apache Flagon 2.4.0.
> >>>>>>>
> >>>>>>> Best,
> >>>>>>> Evan Jones
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>
> >
>
>
Re: [VOTE] Release Apache Flagon UserALEjs 2.4.0
Posted by Joshua Poore <po...@apache.org>.
BUMP
Hi All,
Don’t forget to VOTE for this release!
> On Mar 25, 2024, at 10:17 PM, Joshua Poore <po...@apache.org> wrote:
>
> +1 from me
>
> Great work everyone! Acceptable release.
>
> we only need 1 more binding VOTE for a release!
>
>
> [Y] Build and Unit Tests Pass
> [Y] Integration Tests Pass
> [Y] Signatures and Hashes Match Keys
> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> [Y] CHANGELOG included with release distribution
> [Y] All Source Files Have Correct ASF Headers
> [Y] No Binary Files in Source Release Packages
>
>> On Mar 24, 2024, at 9:47 PM, Amir Ghaemi <ag...@umd.edu> wrote:
>>
>> Thank you both!
>>
>> +1 from me!
>>
>> [✓] Build and Unit Tests Pass
>> [ ] Integration Tests Pass
>> [ ] Signatures and Hashes Match Keys
>> [✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
>> Packages
>> [✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and Incubator
>> Policy
>> [✓] CHANGELOG included with release distribution
>> [✓] All Source Files Have Correct ASF Headers
>> [ ] No Binary Files in Source Release Packages
>>
>>
>> Best,
>> *Amir M. Ghaemi*
>>
>>
>> On Sun, Mar 24, 2024 at 1:14 PM Jason Young <jk...@apache.org> wrote:
>>
>>> +1 from me now, and thanks for updating the release script.
>>>
>>>> [Y] Build and Unit Tests Pass
>>>> [Y] Integration Tests Pass
>>>> [Y] Signatures and Hashes Match Keys
>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>> [Y] CHANGELOG included with release distribution
>>>> [Y] All Source Files Have Correct ASF Headers
>>>> [Y] No Binary Files in Source Release Packages
>>>
>>> -Jason
>>>
>>> On 2024/03/23 19:30:10 Evan Jones wrote:
>>>> All,
>>>>
>>>> I've fixed up the release candidate. Given the commit head and source
>>> code
>>>> haven't changed, I've decided to update the RC in place on the apache
>>>> dist/dev repo and will keep the voting open on this thread to avoid
>>>> spamming your inboxes.
>>>>
>>>> Fixes:
>>>> 1. The release script in the flagon repo claimed to run git clean -dxf,
>>> but
>>>> this was actually commented out. I've fixed this in the script.
>>>> 2. I indeed was signing with a different default key. This has been
>>> fixed.
>>>> However, please note, your verification call was incorrect. You must do a
>>>> one-one mapping between the signatures and their constituent files. For
>>>> unix systems, the one-liner below does this:
>>>> for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
>>>> 3. I updated the script to use sha512sum. This should ameliorate your
>>>> issues, Jason.
>>>>
>>>> Please re-assess the candidate and get your votes in. We'll extend voting
>>>> by another 72 hours.
>>>>
>>>> Best
>>>>
>>>> Evan Jones
>>>> Website: www.ea-jones.com
>>>>
>>>>
>>>> On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <ev...@gmail.com>
>>> wrote:
>>>>
>>>>> Thanks, Jason.
>>>>>
>>>>> 1. This is odd. I used the script. And explicitly recall it asking
>>> about
>>>>> git clean.
>>>>>
>>>>> 2. I was worried about this. I have multiple keys.
>>>>>
>>>>> 3. I'll update the script to use sha512sum.
>>>>>
>>>>> Will re-roll later.
>>>>>
>>>>> Best
>>>>>
>>>>> Evan Jones
>>>>> Website: www.ea-jones.com
>>>>>
>>>>>
>>>>> On Sat, Mar 23, 2024 at 9:55 AM Jason Young <jk...@apache.org> wrote:
>>>>>
>>>>>> -1 from me
>>>>>>
>>>>>> 1. (blocking) Source artifacts should contain only files tracked by
>>> git
>>>>>> but there are build files, log files, and .vscode. The
>>>>>> make-release-artifacts.sh script should do this, so maybe this is an
>>> issue
>>>>>> with the script. Otherwise you can remove these files with `git clean
>>> -dxf`
>>>>>>
>>>>>> 2. (blocking) I cannot verify the signatures, I am running:
>>>>>> gpg --import KEYS
>>>>>> gpg --verify *.asc
>>>>>>
>>>>>> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
>>> verify,
>>>>>> which I'm guessing is a different GPG key on your machine
>>>>>>
>>>>>> 3. (non-blocking) When I check the hashes with shasum it throws "no
>>>>>> properly formatted SHA checksum lines found". I recalculated and
>>> compared
>>>>>> the hashes and they are correct but formatted differently.
>>>>>>
>>>>>> Your hashes were generated with gpg --print-md, and I couldn't figure
>>> out
>>>>>> how to programmatically check this format. Also, Apache recommends
>>> shasum
>>>>>> for SHA-512 release hashs.
>>>>>> https://infra.apache.org/release-signing.html#sha-checksum
>>>>>>
>>>>>> [Y] Build and Unit Tests Pass
>>>>>> [Y] Integration Tests Pass
>>>>>> [N] Signatures and Hashes Match Keys
>>>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>>>> [Y] CHANGELOG included with release distribution
>>>>>> [Y] All Source Files Have Correct ASF Headers
>>>>>> [N] No Binary Files in Source Release Packages
>>>>>>
>>>>>> -Jason
>>>>>>
>>>>>> On 2024/03/22 00:58:41 Evan Jones wrote:
>>>>>>> Hi Folks,
>>>>>>>
>>>>>>> Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate
>>> # 02.
>>>>>>>
>>>>>>> About Flagon: http://flagon.apache.org/
>>>>>>>
>>>>>>> This Minor release includes :
>>>>>>> * Refactors Map and Filter APIs as generalized callbacks for
>>>>>>> functionality
>>>>>>> * Updates packages and dependencies
>>>>>>> * Adds additional examples (callback functions)
>>>>>>> * Updates to update deprecated downstream dev dependencies
>>>>>>> * Changes to documentation, updated examples
>>>>>>> * New browser extension setting, password, for basic auth.
>>>>>>> * New log fields httpSessionId and browserSessionId
>>>>>>> * Callbacks for auth headers and custom headers.
>>>>>>> * Example json schema added.
>>>>>>>
>>>>>>> Git source tag (2.4.0-rc02):
>>>>>>> https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
>>>>>>>
>>>>>>> Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
>>>>>>>
>>>>>>> Source Release Artifacts:
>>>>>>>
>>>>>>
>>> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
>>>>>>>
>>>>>>> PGP release keys (signed using {8/16 char sigID}):
>>>>>>> https://github.com/apache/flagon-useralejs/blob/master/KEYS
>>>>>>>
>>>>>>> Link to Successful Github Actions tests:
>>>>>>> https://github.com/apache/flagon-useralejs/actions/runs/8383064872
>>>>>>>
>>>>>>> Vote will be open for 72 hours. Please VOTE as follows:
>>>>>>>
>>>>>>> [ ] +1, let's get it released!!!
>>>>>>> [ ] +/-0, fine, but consider to fix few issues before...
>>>>>>> [ ] -1, nope, because... (and please explain why)
>>>>>>>
>>>>>>> Along with your VOTE, please indicate testing and checks you've made
>>>>>>> against build artifacts, src, and documentation:
>>>>>>>
>>>>>>> [ ] Build and Unit Tests Pass
>>>>>>> [ ] Integration Tests Pass
>>>>>>> [ ] Signatures and Hashes Match Keys
>>>>>>> [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>>>>> [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>>>>> [ ] CHANGELOG included with release distribution
>>>>>>> [ ] All Source Files Have Correct ASF Headers
>>>>>>> [ ] No Binary Files in Source Release Packages
>>>>>>>
>>>>>>> Thank you to everyone that is able to VOTE as well as everyone that
>>>>>>> contributed to Apache Flagon 2.4.0.
>>>>>>>
>>>>>>> Best,
>>>>>>> Evan Jones
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>
Re: [VOTE] Release Apache Flagon UserALEjs 2.4.0
Posted by Joshua Poore <po...@apache.org>.
+1 from me
Great work everyone! Acceptable release.
we only need 1 more binding VOTE for a release!
[Y] Build and Unit Tests Pass
[Y] Integration Tests Pass
[Y] Signatures and Hashes Match Keys
[Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
[Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
[Y] CHANGELOG included with release distribution
[Y] All Source Files Have Correct ASF Headers
[Y] No Binary Files in Source Release Packages
> On Mar 24, 2024, at 9:47 PM, Amir Ghaemi <ag...@umd.edu> wrote:
>
> Thank you both!
>
> +1 from me!
>
> [✓] Build and Unit Tests Pass
> [ ] Integration Tests Pass
> [ ] Signatures and Hashes Match Keys
> [✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
> Packages
> [✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and Incubator
> Policy
> [✓] CHANGELOG included with release distribution
> [✓] All Source Files Have Correct ASF Headers
> [ ] No Binary Files in Source Release Packages
>
>
> Best,
> *Amir M. Ghaemi*
>
>
> On Sun, Mar 24, 2024 at 1:14 PM Jason Young <jk...@apache.org> wrote:
>
>> +1 from me now, and thanks for updating the release script.
>>
>>> [Y] Build and Unit Tests Pass
>>> [Y] Integration Tests Pass
>>> [Y] Signatures and Hashes Match Keys
>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>> [Y] CHANGELOG included with release distribution
>>> [Y] All Source Files Have Correct ASF Headers
>>> [Y] No Binary Files in Source Release Packages
>>
>> -Jason
>>
>> On 2024/03/23 19:30:10 Evan Jones wrote:
>>> All,
>>>
>>> I've fixed up the release candidate. Given the commit head and source
>> code
>>> haven't changed, I've decided to update the RC in place on the apache
>>> dist/dev repo and will keep the voting open on this thread to avoid
>>> spamming your inboxes.
>>>
>>> Fixes:
>>> 1. The release script in the flagon repo claimed to run git clean -dxf,
>> but
>>> this was actually commented out. I've fixed this in the script.
>>> 2. I indeed was signing with a different default key. This has been
>> fixed.
>>> However, please note, your verification call was incorrect. You must do a
>>> one-one mapping between the signatures and their constituent files. For
>>> unix systems, the one-liner below does this:
>>> for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
>>> 3. I updated the script to use sha512sum. This should ameliorate your
>>> issues, Jason.
>>>
>>> Please re-assess the candidate and get your votes in. We'll extend voting
>>> by another 72 hours.
>>>
>>> Best
>>>
>>> Evan Jones
>>> Website: www.ea-jones.com
>>>
>>>
>>> On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <ev...@gmail.com>
>> wrote:
>>>
>>>> Thanks, Jason.
>>>>
>>>> 1. This is odd. I used the script. And explicitly recall it asking
>> about
>>>> git clean.
>>>>
>>>> 2. I was worried about this. I have multiple keys.
>>>>
>>>> 3. I'll update the script to use sha512sum.
>>>>
>>>> Will re-roll later.
>>>>
>>>> Best
>>>>
>>>> Evan Jones
>>>> Website: www.ea-jones.com
>>>>
>>>>
>>>> On Sat, Mar 23, 2024 at 9:55 AM Jason Young <jk...@apache.org> wrote:
>>>>
>>>>> -1 from me
>>>>>
>>>>> 1. (blocking) Source artifacts should contain only files tracked by
>> git
>>>>> but there are build files, log files, and .vscode. The
>>>>> make-release-artifacts.sh script should do this, so maybe this is an
>> issue
>>>>> with the script. Otherwise you can remove these files with `git clean
>> -dxf`
>>>>>
>>>>> 2. (blocking) I cannot verify the signatures, I am running:
>>>>> gpg --import KEYS
>>>>> gpg --verify *.asc
>>>>>
>>>>> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
>> verify,
>>>>> which I'm guessing is a different GPG key on your machine
>>>>>
>>>>> 3. (non-blocking) When I check the hashes with shasum it throws "no
>>>>> properly formatted SHA checksum lines found". I recalculated and
>> compared
>>>>> the hashes and they are correct but formatted differently.
>>>>>
>>>>> Your hashes were generated with gpg --print-md, and I couldn't figure
>> out
>>>>> how to programmatically check this format. Also, Apache recommends
>> shasum
>>>>> for SHA-512 release hashs.
>>>>> https://infra.apache.org/release-signing.html#sha-checksum
>>>>>
>>>>> [Y] Build and Unit Tests Pass
>>>>> [Y] Integration Tests Pass
>>>>> [N] Signatures and Hashes Match Keys
>>>>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>>> [Y] CHANGELOG included with release distribution
>>>>> [Y] All Source Files Have Correct ASF Headers
>>>>> [N] No Binary Files in Source Release Packages
>>>>>
>>>>> -Jason
>>>>>
>>>>> On 2024/03/22 00:58:41 Evan Jones wrote:
>>>>>> Hi Folks,
>>>>>>
>>>>>> Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate
>> # 02.
>>>>>>
>>>>>> About Flagon: http://flagon.apache.org/
>>>>>>
>>>>>> This Minor release includes :
>>>>>> * Refactors Map and Filter APIs as generalized callbacks for
>>>>>> functionality
>>>>>> * Updates packages and dependencies
>>>>>> * Adds additional examples (callback functions)
>>>>>> * Updates to update deprecated downstream dev dependencies
>>>>>> * Changes to documentation, updated examples
>>>>>> * New browser extension setting, password, for basic auth.
>>>>>> * New log fields httpSessionId and browserSessionId
>>>>>> * Callbacks for auth headers and custom headers.
>>>>>> * Example json schema added.
>>>>>>
>>>>>> Git source tag (2.4.0-rc02):
>>>>>> https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
>>>>>>
>>>>>> Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
>>>>>>
>>>>>> Source Release Artifacts:
>>>>>>
>>>>>
>> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
>>>>>>
>>>>>> PGP release keys (signed using {8/16 char sigID}):
>>>>>> https://github.com/apache/flagon-useralejs/blob/master/KEYS
>>>>>>
>>>>>> Link to Successful Github Actions tests:
>>>>>> https://github.com/apache/flagon-useralejs/actions/runs/8383064872
>>>>>>
>>>>>> Vote will be open for 72 hours. Please VOTE as follows:
>>>>>>
>>>>>> [ ] +1, let's get it released!!!
>>>>>> [ ] +/-0, fine, but consider to fix few issues before...
>>>>>> [ ] -1, nope, because... (and please explain why)
>>>>>>
>>>>>> Along with your VOTE, please indicate testing and checks you've made
>>>>>> against build artifacts, src, and documentation:
>>>>>>
>>>>>> [ ] Build and Unit Tests Pass
>>>>>> [ ] Integration Tests Pass
>>>>>> [ ] Signatures and Hashes Match Keys
>>>>>> [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
>>>>>> [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>>>>>> [ ] CHANGELOG included with release distribution
>>>>>> [ ] All Source Files Have Correct ASF Headers
>>>>>> [ ] No Binary Files in Source Release Packages
>>>>>>
>>>>>> Thank you to everyone that is able to VOTE as well as everyone that
>>>>>> contributed to Apache Flagon 2.4.0.
>>>>>>
>>>>>> Best,
>>>>>> Evan Jones
>>>>>>
>>>>>
>>>>
>>>
>>
Re: [VOTE] Release Apache Flagon UserALEjs 2.4.0
Posted by Amir Ghaemi <ag...@umd.edu>.
Thank you both!
+1 from me!
[✓] Build and Unit Tests Pass
[ ] Integration Tests Pass
[ ] Signatures and Hashes Match Keys
[✓] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release
Packages
[✓] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and Incubator
Policy
[✓] CHANGELOG included with release distribution
[✓] All Source Files Have Correct ASF Headers
[ ] No Binary Files in Source Release Packages
Best,
*Amir M. Ghaemi*
On Sun, Mar 24, 2024 at 1:14 PM Jason Young <jk...@apache.org> wrote:
> +1 from me now, and thanks for updating the release script.
>
> > [Y] Build and Unit Tests Pass
> > [Y] Integration Tests Pass
> > [Y] Signatures and Hashes Match Keys
> > [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > [Y] CHANGELOG included with release distribution
> > [Y] All Source Files Have Correct ASF Headers
> > [Y] No Binary Files in Source Release Packages
>
> -Jason
>
> On 2024/03/23 19:30:10 Evan Jones wrote:
> > All,
> >
> > I've fixed up the release candidate. Given the commit head and source
> code
> > haven't changed, I've decided to update the RC in place on the apache
> > dist/dev repo and will keep the voting open on this thread to avoid
> > spamming your inboxes.
> >
> > Fixes:
> > 1. The release script in the flagon repo claimed to run git clean -dxf,
> but
> > this was actually commented out. I've fixed this in the script.
> > 2. I indeed was signing with a different default key. This has been
> fixed.
> > However, please note, your verification call was incorrect. You must do a
> > one-one mapping between the signatures and their constituent files. For
> > unix systems, the one-liner below does this:
> > for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
> > 3. I updated the script to use sha512sum. This should ameliorate your
> > issues, Jason.
> >
> > Please re-assess the candidate and get your votes in. We'll extend voting
> > by another 72 hours.
> >
> > Best
> >
> > Evan Jones
> > Website: www.ea-jones.com
> >
> >
> > On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <ev...@gmail.com>
> wrote:
> >
> > > Thanks, Jason.
> > >
> > > 1. This is odd. I used the script. And explicitly recall it asking
> about
> > > git clean.
> > >
> > > 2. I was worried about this. I have multiple keys.
> > >
> > > 3. I'll update the script to use sha512sum.
> > >
> > > Will re-roll later.
> > >
> > > Best
> > >
> > > Evan Jones
> > > Website: www.ea-jones.com
> > >
> > >
> > > On Sat, Mar 23, 2024 at 9:55 AM Jason Young <jk...@apache.org> wrote:
> > >
> > >> -1 from me
> > >>
> > >> 1. (blocking) Source artifacts should contain only files tracked by
> git
> > >> but there are build files, log files, and .vscode. The
> > >> make-release-artifacts.sh script should do this, so maybe this is an
> issue
> > >> with the script. Otherwise you can remove these files with `git clean
> -dxf`
> > >>
> > >> 2. (blocking) I cannot verify the signatures, I am running:
> > >> gpg --import KEYS
> > >> gpg --verify *.asc
> > >>
> > >> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to
> verify,
> > >> which I'm guessing is a different GPG key on your machine
> > >>
> > >> 3. (non-blocking) When I check the hashes with shasum it throws "no
> > >> properly formatted SHA checksum lines found". I recalculated and
> compared
> > >> the hashes and they are correct but formatted differently.
> > >>
> > >> Your hashes were generated with gpg --print-md, and I couldn't figure
> out
> > >> how to programmatically check this format. Also, Apache recommends
> shasum
> > >> for SHA-512 release hashs.
> > >> https://infra.apache.org/release-signing.html#sha-checksum
> > >>
> > >> [Y] Build and Unit Tests Pass
> > >> [Y] Integration Tests Pass
> > >> [N] Signatures and Hashes Match Keys
> > >> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > >> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > >> [Y] CHANGELOG included with release distribution
> > >> [Y] All Source Files Have Correct ASF Headers
> > >> [N] No Binary Files in Source Release Packages
> > >>
> > >> -Jason
> > >>
> > >> On 2024/03/22 00:58:41 Evan Jones wrote:
> > >> > Hi Folks,
> > >> >
> > >> > Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate
> # 02.
> > >> >
> > >> > About Flagon: http://flagon.apache.org/
> > >> >
> > >> > This Minor release includes :
> > >> > * Refactors Map and Filter APIs as generalized callbacks for
> > >> > functionality
> > >> > * Updates packages and dependencies
> > >> > * Adds additional examples (callback functions)
> > >> > * Updates to update deprecated downstream dev dependencies
> > >> > * Changes to documentation, updated examples
> > >> > * New browser extension setting, password, for basic auth.
> > >> > * New log fields httpSessionId and browserSessionId
> > >> > * Callbacks for auth headers and custom headers.
> > >> > * Example json schema added.
> > >> >
> > >> > Git source tag (2.4.0-rc02):
> > >> > https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
> > >> >
> > >> > Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
> > >> >
> > >> > Source Release Artifacts:
> > >> >
> > >>
> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
> > >> >
> > >> > PGP release keys (signed using {8/16 char sigID}):
> > >> > https://github.com/apache/flagon-useralejs/blob/master/KEYS
> > >> >
> > >> > Link to Successful Github Actions tests:
> > >> > https://github.com/apache/flagon-useralejs/actions/runs/8383064872
> > >> >
> > >> > Vote will be open for 72 hours. Please VOTE as follows:
> > >> >
> > >> > [ ] +1, let's get it released!!!
> > >> > [ ] +/-0, fine, but consider to fix few issues before...
> > >> > [ ] -1, nope, because... (and please explain why)
> > >> >
> > >> > Along with your VOTE, please indicate testing and checks you've made
> > >> > against build artifacts, src, and documentation:
> > >> >
> > >> > [ ] Build and Unit Tests Pass
> > >> > [ ] Integration Tests Pass
> > >> > [ ] Signatures and Hashes Match Keys
> > >> > [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > >> > [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > >> > [ ] CHANGELOG included with release distribution
> > >> > [ ] All Source Files Have Correct ASF Headers
> > >> > [ ] No Binary Files in Source Release Packages
> > >> >
> > >> > Thank you to everyone that is able to VOTE as well as everyone that
> > >> > contributed to Apache Flagon 2.4.0.
> > >> >
> > >> > Best,
> > >> > Evan Jones
> > >> >
> > >>
> > >
> >
>
Re: [VOTE] Release Apache Flagon UserALEjs 2.4.0
Posted by Jason Young <jk...@apache.org>.
+1 from me now, and thanks for updating the release script.
> [Y] Build and Unit Tests Pass
> [Y] Integration Tests Pass
> [Y] Signatures and Hashes Match Keys
> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> [Y] CHANGELOG included with release distribution
> [Y] All Source Files Have Correct ASF Headers
> [Y] No Binary Files in Source Release Packages
-Jason
On 2024/03/23 19:30:10 Evan Jones wrote:
> All,
>
> I've fixed up the release candidate. Given the commit head and source code
> haven't changed, I've decided to update the RC in place on the apache
> dist/dev repo and will keep the voting open on this thread to avoid
> spamming your inboxes.
>
> Fixes:
> 1. The release script in the flagon repo claimed to run git clean -dxf, but
> this was actually commented out. I've fixed this in the script.
> 2. I indeed was signing with a different default key. This has been fixed.
> However, please note, your verification call was incorrect. You must do a
> one-one mapping between the signatures and their constituent files. For
> unix systems, the one-liner below does this:
> for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
> 3. I updated the script to use sha512sum. This should ameliorate your
> issues, Jason.
>
> Please re-assess the candidate and get your votes in. We'll extend voting
> by another 72 hours.
>
> Best
>
> Evan Jones
> Website: www.ea-jones.com
>
>
> On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <ev...@gmail.com> wrote:
>
> > Thanks, Jason.
> >
> > 1. This is odd. I used the script. And explicitly recall it asking about
> > git clean.
> >
> > 2. I was worried about this. I have multiple keys.
> >
> > 3. I'll update the script to use sha512sum.
> >
> > Will re-roll later.
> >
> > Best
> >
> > Evan Jones
> > Website: www.ea-jones.com
> >
> >
> > On Sat, Mar 23, 2024 at 9:55 AM Jason Young <jk...@apache.org> wrote:
> >
> >> -1 from me
> >>
> >> 1. (blocking) Source artifacts should contain only files tracked by git
> >> but there are build files, log files, and .vscode. The
> >> make-release-artifacts.sh script should do this, so maybe this is an issue
> >> with the script. Otherwise you can remove these files with `git clean -dxf`
> >>
> >> 2. (blocking) I cannot verify the signatures, I am running:
> >> gpg --import KEYS
> >> gpg --verify *.asc
> >>
> >> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to verify,
> >> which I'm guessing is a different GPG key on your machine
> >>
> >> 3. (non-blocking) When I check the hashes with shasum it throws "no
> >> properly formatted SHA checksum lines found". I recalculated and compared
> >> the hashes and they are correct but formatted differently.
> >>
> >> Your hashes were generated with gpg --print-md, and I couldn't figure out
> >> how to programmatically check this format. Also, Apache recommends shasum
> >> for SHA-512 release hashs.
> >> https://infra.apache.org/release-signing.html#sha-checksum
> >>
> >> [Y] Build and Unit Tests Pass
> >> [Y] Integration Tests Pass
> >> [N] Signatures and Hashes Match Keys
> >> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> >> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> >> [Y] CHANGELOG included with release distribution
> >> [Y] All Source Files Have Correct ASF Headers
> >> [N] No Binary Files in Source Release Packages
> >>
> >> -Jason
> >>
> >> On 2024/03/22 00:58:41 Evan Jones wrote:
> >> > Hi Folks,
> >> >
> >> > Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate # 02.
> >> >
> >> > About Flagon: http://flagon.apache.org/
> >> >
> >> > This Minor release includes :
> >> > * Refactors Map and Filter APIs as generalized callbacks for
> >> > functionality
> >> > * Updates packages and dependencies
> >> > * Adds additional examples (callback functions)
> >> > * Updates to update deprecated downstream dev dependencies
> >> > * Changes to documentation, updated examples
> >> > * New browser extension setting, password, for basic auth.
> >> > * New log fields httpSessionId and browserSessionId
> >> > * Callbacks for auth headers and custom headers.
> >> > * Example json schema added.
> >> >
> >> > Git source tag (2.4.0-rc02):
> >> > https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
> >> >
> >> > Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
> >> >
> >> > Source Release Artifacts:
> >> >
> >> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
> >> >
> >> > PGP release keys (signed using {8/16 char sigID}):
> >> > https://github.com/apache/flagon-useralejs/blob/master/KEYS
> >> >
> >> > Link to Successful Github Actions tests:
> >> > https://github.com/apache/flagon-useralejs/actions/runs/8383064872
> >> >
> >> > Vote will be open for 72 hours. Please VOTE as follows:
> >> >
> >> > [ ] +1, let's get it released!!!
> >> > [ ] +/-0, fine, but consider to fix few issues before...
> >> > [ ] -1, nope, because... (and please explain why)
> >> >
> >> > Along with your VOTE, please indicate testing and checks you've made
> >> > against build artifacts, src, and documentation:
> >> >
> >> > [ ] Build and Unit Tests Pass
> >> > [ ] Integration Tests Pass
> >> > [ ] Signatures and Hashes Match Keys
> >> > [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
> >> > [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> >> > [ ] CHANGELOG included with release distribution
> >> > [ ] All Source Files Have Correct ASF Headers
> >> > [ ] No Binary Files in Source Release Packages
> >> >
> >> > Thank you to everyone that is able to VOTE as well as everyone that
> >> > contributed to Apache Flagon 2.4.0.
> >> >
> >> > Best,
> >> > Evan Jones
> >> >
> >>
> >
>
Re: [VOTE] Release Apache Flagon UserALEjs 2.4.0
Posted by Evan Jones <ev...@gmail.com>.
All,
I've fixed up the release candidate. Given the commit head and source code
haven't changed, I've decided to update the RC in place on the apache
dist/dev repo and will keep the voting open on this thread to avoid
spamming your inboxes.
Fixes:
1. The release script in the flagon repo claimed to run git clean -dxf, but
this was actually commented out. I've fixed this in the script.
2. I indeed was signing with a different default key. This has been fixed.
However, please note, your verification call was incorrect. You must do a
one-one mapping between the signatures and their constituent files. For
unix systems, the one-liner below does this:
for a in *.tar.gz *.zip; do gpg2 --verify ${a}.asc ${a}; done
3. I updated the script to use sha512sum. This should ameliorate your
issues, Jason.
Please re-assess the candidate and get your votes in. We'll extend voting
by another 72 hours.
Best
Evan Jones
Website: www.ea-jones.com
On Sat, Mar 23, 2024 at 10:08 AM Evan Jones <ev...@gmail.com> wrote:
> Thanks, Jason.
>
> 1. This is odd. I used the script. And explicitly recall it asking about
> git clean.
>
> 2. I was worried about this. I have multiple keys.
>
> 3. I'll update the script to use sha512sum.
>
> Will re-roll later.
>
> Best
>
> Evan Jones
> Website: www.ea-jones.com
>
>
> On Sat, Mar 23, 2024 at 9:55 AM Jason Young <jk...@apache.org> wrote:
>
>> -1 from me
>>
>> 1. (blocking) Source artifacts should contain only files tracked by git
>> but there are build files, log files, and .vscode. The
>> make-release-artifacts.sh script should do this, so maybe this is an issue
>> with the script. Otherwise you can remove these files with `git clean -dxf`
>>
>> 2. (blocking) I cannot verify the signatures, I am running:
>> gpg --import KEYS
>> gpg --verify *.asc
>>
>> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to verify,
>> which I'm guessing is a different GPG key on your machine
>>
>> 3. (non-blocking) When I check the hashes with shasum it throws "no
>> properly formatted SHA checksum lines found". I recalculated and compared
>> the hashes and they are correct but formatted differently.
>>
>> Your hashes were generated with gpg --print-md, and I couldn't figure out
>> how to programmatically check this format. Also, Apache recommends shasum
>> for SHA-512 release hashs.
>> https://infra.apache.org/release-signing.html#sha-checksum
>>
>> [Y] Build and Unit Tests Pass
>> [Y] Integration Tests Pass
>> [N] Signatures and Hashes Match Keys
>> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
>> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>> [Y] CHANGELOG included with release distribution
>> [Y] All Source Files Have Correct ASF Headers
>> [N] No Binary Files in Source Release Packages
>>
>> -Jason
>>
>> On 2024/03/22 00:58:41 Evan Jones wrote:
>> > Hi Folks,
>> >
>> > Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate # 02.
>> >
>> > About Flagon: http://flagon.apache.org/
>> >
>> > This Minor release includes :
>> > * Refactors Map and Filter APIs as generalized callbacks for
>> > functionality
>> > * Updates packages and dependencies
>> > * Adds additional examples (callback functions)
>> > * Updates to update deprecated downstream dev dependencies
>> > * Changes to documentation, updated examples
>> > * New browser extension setting, password, for basic auth.
>> > * New log fields httpSessionId and browserSessionId
>> > * Callbacks for auth headers and custom headers.
>> > * Example json schema added.
>> >
>> > Git source tag (2.4.0-rc02):
>> > https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
>> >
>> > Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
>> >
>> > Source Release Artifacts:
>> >
>> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
>> >
>> > PGP release keys (signed using {8/16 char sigID}):
>> > https://github.com/apache/flagon-useralejs/blob/master/KEYS
>> >
>> > Link to Successful Github Actions tests:
>> > https://github.com/apache/flagon-useralejs/actions/runs/8383064872
>> >
>> > Vote will be open for 72 hours. Please VOTE as follows:
>> >
>> > [ ] +1, let's get it released!!!
>> > [ ] +/-0, fine, but consider to fix few issues before...
>> > [ ] -1, nope, because... (and please explain why)
>> >
>> > Along with your VOTE, please indicate testing and checks you've made
>> > against build artifacts, src, and documentation:
>> >
>> > [ ] Build and Unit Tests Pass
>> > [ ] Integration Tests Pass
>> > [ ] Signatures and Hashes Match Keys
>> > [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
>> > [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
>> > [ ] CHANGELOG included with release distribution
>> > [ ] All Source Files Have Correct ASF Headers
>> > [ ] No Binary Files in Source Release Packages
>> >
>> > Thank you to everyone that is able to VOTE as well as everyone that
>> > contributed to Apache Flagon 2.4.0.
>> >
>> > Best,
>> > Evan Jones
>> >
>>
>
Re: [VOTE] Release Apache Flagon UserALEjs 2.4.0
Posted by Evan Jones <ev...@gmail.com>.
Thanks, Jason.
1. This is odd. I used the script. And explicitly recall it asking about
git clean.
2. I was worried about this. I have multiple keys.
3. I'll update the script to use sha512sum.
Will re-roll later.
Best
Evan Jones
Website: www.ea-jones.com
On Sat, Mar 23, 2024 at 9:55 AM Jason Young <jk...@apache.org> wrote:
> -1 from me
>
> 1. (blocking) Source artifacts should contain only files tracked by git
> but there are build files, log files, and .vscode. The
> make-release-artifacts.sh script should do this, so maybe this is an issue
> with the script. Otherwise you can remove these files with `git clean -dxf`
>
> 2. (blocking) I cannot verify the signatures, I am running:
> gpg --import KEYS
> gpg --verify *.asc
>
> gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to verify,
> which I'm guessing is a different GPG key on your machine
>
> 3. (non-blocking) When I check the hashes with shasum it throws "no
> properly formatted SHA checksum lines found". I recalculated and compared
> the hashes and they are correct but formatted differently.
>
> Your hashes were generated with gpg --print-md, and I couldn't figure out
> how to programmatically check this format. Also, Apache recommends shasum
> for SHA-512 release hashs.
> https://infra.apache.org/release-signing.html#sha-checksum
>
> [Y] Build and Unit Tests Pass
> [Y] Integration Tests Pass
> [N] Signatures and Hashes Match Keys
> [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
> [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> [Y] CHANGELOG included with release distribution
> [Y] All Source Files Have Correct ASF Headers
> [N] No Binary Files in Source Release Packages
>
> -Jason
>
> On 2024/03/22 00:58:41 Evan Jones wrote:
> > Hi Folks,
> >
> > Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate # 02.
> >
> > About Flagon: http://flagon.apache.org/
> >
> > This Minor release includes :
> > * Refactors Map and Filter APIs as generalized callbacks for
> > functionality
> > * Updates packages and dependencies
> > * Adds additional examples (callback functions)
> > * Updates to update deprecated downstream dev dependencies
> > * Changes to documentation, updated examples
> > * New browser extension setting, password, for basic auth.
> > * New log fields httpSessionId and browserSessionId
> > * Callbacks for auth headers and custom headers.
> > * Example json schema added.
> >
> > Git source tag (2.4.0-rc02):
> > https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
> >
> > Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
> >
> > Source Release Artifacts:
> >
> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
> >
> > PGP release keys (signed using {8/16 char sigID}):
> > https://github.com/apache/flagon-useralejs/blob/master/KEYS
> >
> > Link to Successful Github Actions tests:
> > https://github.com/apache/flagon-useralejs/actions/runs/8383064872
> >
> > Vote will be open for 72 hours. Please VOTE as follows:
> >
> > [ ] +1, let's get it released!!!
> > [ ] +/-0, fine, but consider to fix few issues before...
> > [ ] -1, nope, because... (and please explain why)
> >
> > Along with your VOTE, please indicate testing and checks you've made
> > against build artifacts, src, and documentation:
> >
> > [ ] Build and Unit Tests Pass
> > [ ] Integration Tests Pass
> > [ ] Signatures and Hashes Match Keys
> > [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
> > [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> > [ ] CHANGELOG included with release distribution
> > [ ] All Source Files Have Correct ASF Headers
> > [ ] No Binary Files in Source Release Packages
> >
> > Thank you to everyone that is able to VOTE as well as everyone that
> > contributed to Apache Flagon 2.4.0.
> >
> > Best,
> > Evan Jones
> >
>
Re: [VOTE] Release Apache Flagon UserALEjs 2.4.0
Posted by Jason Young <jk...@apache.org>.
-1 from me
1. (blocking) Source artifacts should contain only files tracked by git but there are build files, log files, and .vscode. The make-release-artifacts.sh script should do this, so maybe this is an issue with the script. Otherwise you can remove these files with `git clean -dxf`
2. (blocking) I cannot verify the signatures, I am running:
gpg --import KEYS
gpg --verify *.asc
gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to verify, which I'm guessing is a different GPG key on your machine
3. (non-blocking) When I check the hashes with shasum it throws "no properly formatted SHA checksum lines found". I recalculated and compared the hashes and they are correct but formatted differently.
Your hashes were generated with gpg --print-md, and I couldn't figure out how to programmatically check this format. Also, Apache recommends shasum for SHA-512 release hashs.
https://infra.apache.org/release-signing.html#sha-checksum
[Y] Build and Unit Tests Pass
[Y] Integration Tests Pass
[N] Signatures and Hashes Match Keys
[Y] LICENSE, and NOTICE Files in Source and Binary Release Packages
[Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
[Y] CHANGELOG included with release distribution
[Y] All Source Files Have Correct ASF Headers
[N] No Binary Files in Source Release Packages
-Jason
On 2024/03/22 00:58:41 Evan Jones wrote:
> Hi Folks,
>
> Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate # 02.
>
> About Flagon: http://flagon.apache.org/
>
> This Minor release includes :
> * Refactors Map and Filter APIs as generalized callbacks for
> functionality
> * Updates packages and dependencies
> * Adds additional examples (callback functions)
> * Updates to update deprecated downstream dev dependencies
> * Changes to documentation, updated examples
> * New browser extension setting, password, for basic auth.
> * New log fields httpSessionId and browserSessionId
> * Callbacks for auth headers and custom headers.
> * Example json schema added.
>
> Git source tag (2.4.0-rc02):
> https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02
>
> Staging repo: https://dist.apache.org/repos/dist/dev/flagon/
>
> Source Release Artifacts:
> https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/
>
> PGP release keys (signed using {8/16 char sigID}):
> https://github.com/apache/flagon-useralejs/blob/master/KEYS
>
> Link to Successful Github Actions tests:
> https://github.com/apache/flagon-useralejs/actions/runs/8383064872
>
> Vote will be open for 72 hours. Please VOTE as follows:
>
> [ ] +1, let's get it released!!!
> [ ] +/-0, fine, but consider to fix few issues before...
> [ ] -1, nope, because... (and please explain why)
>
> Along with your VOTE, please indicate testing and checks you've made
> against build artifacts, src, and documentation:
>
> [ ] Build and Unit Tests Pass
> [ ] Integration Tests Pass
> [ ] Signatures and Hashes Match Keys
> [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages
> [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> [ ] CHANGELOG included with release distribution
> [ ] All Source Files Have Correct ASF Headers
> [ ] No Binary Files in Source Release Packages
>
> Thank you to everyone that is able to VOTE as well as everyone that
> contributed to Apache Flagon 2.4.0.
>
> Best,
> Evan Jones
>