You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@druid.apache.org by Will Lauer <wl...@verizonmedia.com.INVALID> on 2021/04/21 23:31:46 UTC
Re: [E] Re: [VOTE] Release Apache Druid 0.21.0 [RC1]
We've seen that problem here in builds of multiple products today. We
believe it's due to a bad definition file from NIST, and not the products
themselves.
Will
On Wed, Apr 21, 2021, 6:14 PM Atul Mohan <at...@apache.org> wrote:
> I'm in the process of verification, but the dependency-check failed for me
> with the following error:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable
> to parse CPE: cpe:2.3:a:perl:file::path:1.08:*:*:*:*:*:*:* at
> org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpe (CveDB.java:1341)
> at org.owasp.dependencycheck.data.nvdcve.CveDB.lambda$parseCpes$3
> (CveDB.java:1298) at java.util.ArrayList.forEach (ArrayList.java:1257)
> at org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpes
> (CveDB.java:1297) at
> org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability
> (CveDB.java:880) at
> org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse
> (NvdCveParser.java:99) at
> org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON
> (ProcessTask.java:139) at
> org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles
> (ProcessTask.java:152) at
> org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> (ProcessTask.java:113) at
> org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> (ProcessTask.java:40) at java.util.concurrent.FutureTask.run
> (FutureTask.java:266) at
> java.util.concurrent.ThreadPoolExecutor.runWorker
> (ThreadPoolExecutor.java:1149) at
> java.util.concurrent.ThreadPoolExecutor$Worker.run
> (ThreadPoolExecutor.java:624) at java.lang.Thread.run (Thread.java:748)*
>
> Am I missing something?
>
> On Mon, Apr 19, 2021 at 4:33 PM Clint Wylie <cw...@apache.org> wrote:
>
> > +1 (binding)
> >
> > src package:
> > - verified signature/checksum
> > - LICENSE/NOTICE present
> > - compiled, ran checks, unit tests
> > - built binary distribution, ingested some data and ran some queries
> >
> > binary package:
> > - verified signature/checksum
> > - LICENSE/NOTICE present
> > - ingested some data and ran some queries
> >
> > docker:
> > - verified checksum
> > - started cluster with docker-compose, ingested some data and ran some
> > queries
> >
> > Thanks for putting the release together Jihoon!
> >
> > On Fri, Apr 16, 2021 at 5:59 PM Jihoon Son <ji...@apache.org> wrote:
> >
> > > Hi all,
> > >
> > > I have created a build for Apache Druid 0.21.0, release
> > > candidate 1.
> > >
> > > Thanks for everyone who has helped contribute to the release! You can
> > read
> > > the proposed release notes here:
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_druid_issues_10752&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=3glZYUiMVphoin9jejQzxvDHpV5njS8sZo94Py1hs14&e=
> > >
> > > The release candidate has been tagged in GitHub as
> > > druid-0.21.0-rc1 (733697c25ff22045f14016d83b123fa18556dec8),
> > > available here:
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_druid_releases_tag_druid-2D0.21.0-2Drc1&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=_mTLWD2vl-ZszMCZClaSl3F2nnCxNHd3lbUwfcM2JVI&e=
> > >
> > > The artifacts to be voted on are located here:
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_dev_druid_0.21.0-2Drc1_&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=-uiRpPGJoNYuFvEXUyM3RyLIoo85afwG2RVDkLmg8Cg&e=
> > >
> > > A staged Maven repository is available for review at:
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__repository.apache.org_content_repositories_orgapachedruid-2D1023_&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=OAQ1QS-O5ns8rmhtmK_oT3B14z-OGnyg6lS2DKZX82M&e=
> > >
> > > Staged druid.apache.org website documentation is available here:
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__druid.staged.apache.org_docs_0.21.0_design_index.html&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=IKBV30tEa3bs1TFvZ_lPI3cr54jF9DG-PPG2sJL9yNQ&e=
> > >
> > > A Docker image containing the binary of the release candidate can be
> > > retrieved via:
> > > docker pull apache/druid:0.21.0-rc1
> > >
> > > artifact checksums
> > > src:
> > >
> > >
> >
> 8ff3c5ce96b6eff67a68945284e9d2280ea6fbca4ee4a3a023e74685f05dfbed84d1e9071ed5331cb0b1416cb87895d146ce733ae228070a9437375e1baca022
> > > bin:
> > >
> > >
> >
> 4c1b9ff4c8d89e1c78f0bc9e414ea4e855a637925959b5e4e4edd79bdbd0311f0b09cc332c6f48f982f10d9d46d2658cee802bac4e60116598d1aaf3deebf9b1
> > > docker:
> 33ff4044017f5974f2e250512a1dd2449078dbf1fa18dd2bd4fa511a4c9f2f78
> > >
> > > Release artifacts are signed with the following key:
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__people.apache.org_keys_committer_jihoonson.asc&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=1pOwieBsGGqkp99HXjNxwj8Bfla-9h2laHYJYuNjyAc&e=
> > >
> > > This key and the key of other committers can also be found in the
> > project's
> > > KEYS file here:
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_release_druid_KEYS&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=eBC5qeMlG3AvP-TEPsKGhCY0WFZtWc3LiCbB1KqEE9E&e=
> > >
> > > (If you are a committer, please feel free to add your own key to that
> > file
> > > by following the instructions in the file's header.)
> > >
> > >
> > > Verify checksums:
> > > diff <(shasum -a512 apache-druid-0.21.0-src.tar.gz | \
> > > cut -d ' ' -f1) \
> > > <(cat apache-druid-0.21.0-src.tar.gz.sha512 ; echo)
> > >
> > > diff <(shasum -a512 apache-druid-0.21.0-bin.tar.gz | \
> > > cut -d ' ' -f1) \
> > > <(cat apache-druid-0.21.0-bin.tar.gz.sha512 ; echo)
> > >
> > > Verify signatures:
> > > gpg --verify apache-druid-0.21.0-src.tar.gz.asc \
> > > apache-druid-0.21.0-src.tar.gz
> > >
> > > gpg --verify apache-druid-0.21.0-bin.tar.gz.asc \
> > > apache-druid-0.21.0-bin.tar.gz
> > >
> > > Please review the proposed artifacts and vote. Note that Apache has
> > > specific requirements that must be met before +1 binding votes can be
> > cast
> > > by PMC members. Please refer to the policy at
> > >
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.apache.org_legal_release-2Dpolicy.html-23policy&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=lw_SXs0SOPM34AsbkLFC1Z1epoTibNMcjotdFJlGvgU&e=
> for more details.
> > >
> > > As part of the validation process, the release artifacts can be
> generated
> > > from source by running:
> > > mvn clean install -Papache-release,dist -Dgpg.skip
> > >
> > > The RAT license check can be run from source by:
> > > mvn apache-rat:check -Prat
> > >
> > > This vote will be open for at least 72 hours. The vote will pass if a
> > > majority of at least three +1 PMC votes are cast.
> > >
> > > [ ] +1 Release this package as Apache Druid 0.21.0
> > > [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > > [ ] -1 Do not release this package because...
> > >
> > > Thanks!
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > For additional commands, e-mail: dev-help@druid.apache.org
> > >
> > >
> >
>
Re: [E] Re: [VOTE] Release Apache Druid 0.21.0 [RC1]
Posted by Atul Mohan <at...@apache.org>.
+1 (non-binding)
src package:
- verified signature/hash and RAT license checks
- LICENSE, NOTICE and README files are present
- Compiled and ran unit tests, but skipped dependency check.The test
LookupIntrospectionResourceTest.testGetMap initially failed with "Socket
Closed" exception, but passed on retry.
- built binary distribution. Ran the quickstart tutorial
- verified router and coordinator mode of web-console
bin package:
- verified signature/hash
- LICENSE, NOTICE and README files are present
- started cluster with micro-quickstart, ingested data and verified data
with queries
- verified router and coordinator mode of web-console
docker:
- verified checksum
- started a cluster with docker-compose and ran the quickstart tutorial
- verified router and coordinator mode of web-console
Thanks for all the hard work with the release.
On Thu, Apr 22, 2021 at 5:23 PM Jihoon Son <ji...@apache.org> wrote:
> Thanks Atul.
>
> The CVE check still fails due to the same issue. I suggest you and all
> reviewers skip it this time. The CVE check passed when I created the
> RC.
> Clint also confirmed that it passed during his testing.
>
> On Wed, Apr 21, 2021 at 5:27 PM Atul Mohan <at...@apache.org> wrote:
> >
> > There is an issue logged for this problem:
> > https://github.com/jeremylong/DependencyCheck/issues/3306
> >
> > On Wed, Apr 21, 2021 at 7:25 PM Jihoon Son <ji...@apache.org> wrote:
> >
> > > Thanks Will, Hopefully the problem can be solved soon.
> > >
> > > On Wed, Apr 21, 2021 at 4:58 PM Will Lauer
> > > <wl...@verizonmedia.com.invalid> wrote:
> > > >
> > > > We've seen that problem here in builds of multiple products today. We
> > > > believe it's due to a bad definition file from NIST, and not the
> products
> > > > themselves.
> > > >
> > > > Will
> > > >
> > > > On Wed, Apr 21, 2021, 6:14 PM Atul Mohan <at...@apache.org> wrote:
> > > >
> > > > > I'm in the process of verification, but the dependency-check failed
> > > for me
> > > > > with the following error:
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > *Caused by:
> org.owasp.dependencycheck.data.nvdcve.DatabaseException:
> > > Unable
> > > > > to parse CPE: cpe:2.3:a:perl:file::path:1.08:*:*:*:*:*:*:* at
> > > > > org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpe
> (CveDB.java:1341)
> > > > > at org.owasp.dependencycheck.data.nvdcve.CveDB.lambda$parseCpes$3
> > > > > (CveDB.java:1298) at java.util.ArrayList.forEach
> > > (ArrayList.java:1257)
> > > > > at org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpes
> > > > > (CveDB.java:1297) at
> > > > > org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability
> > > > > (CveDB.java:880) at
> > > > > org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse
> > > > > (NvdCveParser.java:99) at
> > > > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON
> > > > > (ProcessTask.java:139) at
> > > > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles
> > > > > (ProcessTask.java:152) at
> > > > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> > > > > (ProcessTask.java:113) at
> > > > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> > > > > (ProcessTask.java:40) at java.util.concurrent.FutureTask.run
> > > > > (FutureTask.java:266) at
> > > > > java.util.concurrent.ThreadPoolExecutor.runWorker
> > > > > (ThreadPoolExecutor.java:1149) at
> > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run
> > > > > (ThreadPoolExecutor.java:624) at java.lang.Thread.run
> > > (Thread.java:748)*
> > > > >
> > > > > Am I missing something?
> > > > >
> > > > > On Mon, Apr 19, 2021 at 4:33 PM Clint Wylie <cw...@apache.org>
> wrote:
> > > > >
> > > > > > +1 (binding)
> > > > > >
> > > > > > src package:
> > > > > > - verified signature/checksum
> > > > > > - LICENSE/NOTICE present
> > > > > > - compiled, ran checks, unit tests
> > > > > > - built binary distribution, ingested some data and ran some
> queries
> > > > > >
> > > > > > binary package:
> > > > > > - verified signature/checksum
> > > > > > - LICENSE/NOTICE present
> > > > > > - ingested some data and ran some queries
> > > > > >
> > > > > > docker:
> > > > > > - verified checksum
> > > > > > - started cluster with docker-compose, ingested some data and ran
> > > some
> > > > > > queries
> > > > > >
> > > > > > Thanks for putting the release together Jihoon!
> > > > > >
> > > > > > On Fri, Apr 16, 2021 at 5:59 PM Jihoon Son <jihoonson@apache.org
> >
> > > wrote:
> > > > > >
> > > > > > > Hi all,
> > > > > > >
> > > > > > > I have created a build for Apache Druid 0.21.0, release
> > > > > > > candidate 1.
> > > > > > >
> > > > > > > Thanks for everyone who has helped contribute to the release!
> You
> > > can
> > > > > > read
> > > > > > > the proposed release notes here:
> > > > > > >
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_druid_issues_10752&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=3glZYUiMVphoin9jejQzxvDHpV5njS8sZo94Py1hs14&e=
> > > > > > >
> > > > > > > The release candidate has been tagged in GitHub as
> > > > > > > druid-0.21.0-rc1 (733697c25ff22045f14016d83b123fa18556dec8),
> > > > > > > available here:
> > > > > > >
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_druid_releases_tag_druid-2D0.21.0-2Drc1&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=_mTLWD2vl-ZszMCZClaSl3F2nnCxNHd3lbUwfcM2JVI&e=
> > > > > > >
> > > > > > > The artifacts to be voted on are located here:
> > > > > > >
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_dev_druid_0.21.0-2Drc1_&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=-uiRpPGJoNYuFvEXUyM3RyLIoo85afwG2RVDkLmg8Cg&e=
> > > > > > >
> > > > > > > A staged Maven repository is available for review at:
> > > > > > >
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__repository.apache.org_content_repositories_orgapachedruid-2D1023_&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=OAQ1QS-O5ns8rmhtmK_oT3B14z-OGnyg6lS2DKZX82M&e=
> > > > > > >
> > > > > > > Staged druid.apache.org website documentation is available
> here:
> > > > > > >
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__druid.staged.apache.org_docs_0.21.0_design_index.html&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=IKBV30tEa3bs1TFvZ_lPI3cr54jF9DG-PPG2sJL9yNQ&e=
> > > > > > >
> > > > > > > A Docker image containing the binary of the release candidate
> can
> > > be
> > > > > > > retrieved via:
> > > > > > > docker pull apache/druid:0.21.0-rc1
> > > > > > >
> > > > > > > artifact checksums
> > > > > > > src:
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > >
> 8ff3c5ce96b6eff67a68945284e9d2280ea6fbca4ee4a3a023e74685f05dfbed84d1e9071ed5331cb0b1416cb87895d146ce733ae228070a9437375e1baca022
> > > > > > > bin:
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > >
> 4c1b9ff4c8d89e1c78f0bc9e414ea4e855a637925959b5e4e4edd79bdbd0311f0b09cc332c6f48f982f10d9d46d2658cee802bac4e60116598d1aaf3deebf9b1
> > > > > > > docker:
> > > > > 33ff4044017f5974f2e250512a1dd2449078dbf1fa18dd2bd4fa511a4c9f2f78
> > > > > > >
> > > > > > > Release artifacts are signed with the following key:
> > > > > > >
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__people.apache.org_keys_committer_jihoonson.asc&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=1pOwieBsGGqkp99HXjNxwj8Bfla-9h2laHYJYuNjyAc&e=
> > > > > > >
> > > > > > > This key and the key of other committers can also be found in
> the
> > > > > > project's
> > > > > > > KEYS file here:
> > > > > > >
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_release_druid_KEYS&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=eBC5qeMlG3AvP-TEPsKGhCY0WFZtWc3LiCbB1KqEE9E&e=
> > > > > > >
> > > > > > > (If you are a committer, please feel free to add your own key
> to
> > > that
> > > > > > file
> > > > > > > by following the instructions in the file's header.)
> > > > > > >
> > > > > > >
> > > > > > > Verify checksums:
> > > > > > > diff <(shasum -a512 apache-druid-0.21.0-src.tar.gz | \
> > > > > > > cut -d ' ' -f1) \
> > > > > > > <(cat apache-druid-0.21.0-src.tar.gz.sha512 ; echo)
> > > > > > >
> > > > > > > diff <(shasum -a512 apache-druid-0.21.0-bin.tar.gz | \
> > > > > > > cut -d ' ' -f1) \
> > > > > > > <(cat apache-druid-0.21.0-bin.tar.gz.sha512 ; echo)
> > > > > > >
> > > > > > > Verify signatures:
> > > > > > > gpg --verify apache-druid-0.21.0-src.tar.gz.asc \
> > > > > > > apache-druid-0.21.0-src.tar.gz
> > > > > > >
> > > > > > > gpg --verify apache-druid-0.21.0-bin.tar.gz.asc \
> > > > > > > apache-druid-0.21.0-bin.tar.gz
> > > > > > >
> > > > > > > Please review the proposed artifacts and vote. Note that
> Apache has
> > > > > > > specific requirements that must be met before +1 binding votes
> can
> > > be
> > > > > > cast
> > > > > > > by PMC members. Please refer to the policy at
> > > > > > >
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.apache.org_legal_release-2Dpolicy.html-23policy&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=lw_SXs0SOPM34AsbkLFC1Z1epoTibNMcjotdFJlGvgU&e=
> > > > > for more details.
> > > > > > >
> > > > > > > As part of the validation process, the release artifacts can be
> > > > > generated
> > > > > > > from source by running:
> > > > > > > mvn clean install -Papache-release,dist -Dgpg.skip
> > > > > > >
> > > > > > > The RAT license check can be run from source by:
> > > > > > > mvn apache-rat:check -Prat
> > > > > > >
> > > > > > > This vote will be open for at least 72 hours. The vote will
> pass
> > > if a
> > > > > > > majority of at least three +1 PMC votes are cast.
> > > > > > >
> > > > > > > [ ] +1 Release this package as Apache Druid 0.21.0
> > > > > > > [ ] 0 I don't feel strongly about it, but I'm okay with the
> release
> > > > > > > [ ] -1 Do not release this package because...
> > > > > > >
> > > > > > > Thanks!
> > > > > > >
> > > > > > >
> > > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > > > > > For additional commands, e-mail: dev-help@druid.apache.org
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > For additional commands, e-mail: dev-help@druid.apache.org
> > >
> > >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> For additional commands, e-mail: dev-help@druid.apache.org
>
>
Re: [E] Re: [VOTE] Release Apache Druid 0.21.0 [RC1]
Posted by Jihoon Son <ji...@apache.org>.
Thanks Atul.
The CVE check still fails due to the same issue. I suggest you and all
reviewers skip it this time. The CVE check passed when I created the
RC.
Clint also confirmed that it passed during his testing.
On Wed, Apr 21, 2021 at 5:27 PM Atul Mohan <at...@apache.org> wrote:
>
> There is an issue logged for this problem:
> https://github.com/jeremylong/DependencyCheck/issues/3306
>
> On Wed, Apr 21, 2021 at 7:25 PM Jihoon Son <ji...@apache.org> wrote:
>
> > Thanks Will, Hopefully the problem can be solved soon.
> >
> > On Wed, Apr 21, 2021 at 4:58 PM Will Lauer
> > <wl...@verizonmedia.com.invalid> wrote:
> > >
> > > We've seen that problem here in builds of multiple products today. We
> > > believe it's due to a bad definition file from NIST, and not the products
> > > themselves.
> > >
> > > Will
> > >
> > > On Wed, Apr 21, 2021, 6:14 PM Atul Mohan <at...@apache.org> wrote:
> > >
> > > > I'm in the process of verification, but the dependency-check failed
> > for me
> > > > with the following error:
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > *Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException:
> > Unable
> > > > to parse CPE: cpe:2.3:a:perl:file::path:1.08:*:*:*:*:*:*:* at
> > > > org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpe (CveDB.java:1341)
> > > > at org.owasp.dependencycheck.data.nvdcve.CveDB.lambda$parseCpes$3
> > > > (CveDB.java:1298) at java.util.ArrayList.forEach
> > (ArrayList.java:1257)
> > > > at org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpes
> > > > (CveDB.java:1297) at
> > > > org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability
> > > > (CveDB.java:880) at
> > > > org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse
> > > > (NvdCveParser.java:99) at
> > > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON
> > > > (ProcessTask.java:139) at
> > > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles
> > > > (ProcessTask.java:152) at
> > > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> > > > (ProcessTask.java:113) at
> > > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> > > > (ProcessTask.java:40) at java.util.concurrent.FutureTask.run
> > > > (FutureTask.java:266) at
> > > > java.util.concurrent.ThreadPoolExecutor.runWorker
> > > > (ThreadPoolExecutor.java:1149) at
> > > > java.util.concurrent.ThreadPoolExecutor$Worker.run
> > > > (ThreadPoolExecutor.java:624) at java.lang.Thread.run
> > (Thread.java:748)*
> > > >
> > > > Am I missing something?
> > > >
> > > > On Mon, Apr 19, 2021 at 4:33 PM Clint Wylie <cw...@apache.org> wrote:
> > > >
> > > > > +1 (binding)
> > > > >
> > > > > src package:
> > > > > - verified signature/checksum
> > > > > - LICENSE/NOTICE present
> > > > > - compiled, ran checks, unit tests
> > > > > - built binary distribution, ingested some data and ran some queries
> > > > >
> > > > > binary package:
> > > > > - verified signature/checksum
> > > > > - LICENSE/NOTICE present
> > > > > - ingested some data and ran some queries
> > > > >
> > > > > docker:
> > > > > - verified checksum
> > > > > - started cluster with docker-compose, ingested some data and ran
> > some
> > > > > queries
> > > > >
> > > > > Thanks for putting the release together Jihoon!
> > > > >
> > > > > On Fri, Apr 16, 2021 at 5:59 PM Jihoon Son <ji...@apache.org>
> > wrote:
> > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > I have created a build for Apache Druid 0.21.0, release
> > > > > > candidate 1.
> > > > > >
> > > > > > Thanks for everyone who has helped contribute to the release! You
> > can
> > > > > read
> > > > > > the proposed release notes here:
> > > > > >
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_druid_issues_10752&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=3glZYUiMVphoin9jejQzxvDHpV5njS8sZo94Py1hs14&e=
> > > > > >
> > > > > > The release candidate has been tagged in GitHub as
> > > > > > druid-0.21.0-rc1 (733697c25ff22045f14016d83b123fa18556dec8),
> > > > > > available here:
> > > > > >
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_druid_releases_tag_druid-2D0.21.0-2Drc1&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=_mTLWD2vl-ZszMCZClaSl3F2nnCxNHd3lbUwfcM2JVI&e=
> > > > > >
> > > > > > The artifacts to be voted on are located here:
> > > > > >
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_dev_druid_0.21.0-2Drc1_&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=-uiRpPGJoNYuFvEXUyM3RyLIoo85afwG2RVDkLmg8Cg&e=
> > > > > >
> > > > > > A staged Maven repository is available for review at:
> > > > > >
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__repository.apache.org_content_repositories_orgapachedruid-2D1023_&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=OAQ1QS-O5ns8rmhtmK_oT3B14z-OGnyg6lS2DKZX82M&e=
> > > > > >
> > > > > > Staged druid.apache.org website documentation is available here:
> > > > > >
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__druid.staged.apache.org_docs_0.21.0_design_index.html&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=IKBV30tEa3bs1TFvZ_lPI3cr54jF9DG-PPG2sJL9yNQ&e=
> > > > > >
> > > > > > A Docker image containing the binary of the release candidate can
> > be
> > > > > > retrieved via:
> > > > > > docker pull apache/druid:0.21.0-rc1
> > > > > >
> > > > > > artifact checksums
> > > > > > src:
> > > > > >
> > > > > >
> > > > >
> > > >
> > 8ff3c5ce96b6eff67a68945284e9d2280ea6fbca4ee4a3a023e74685f05dfbed84d1e9071ed5331cb0b1416cb87895d146ce733ae228070a9437375e1baca022
> > > > > > bin:
> > > > > >
> > > > > >
> > > > >
> > > >
> > 4c1b9ff4c8d89e1c78f0bc9e414ea4e855a637925959b5e4e4edd79bdbd0311f0b09cc332c6f48f982f10d9d46d2658cee802bac4e60116598d1aaf3deebf9b1
> > > > > > docker:
> > > > 33ff4044017f5974f2e250512a1dd2449078dbf1fa18dd2bd4fa511a4c9f2f78
> > > > > >
> > > > > > Release artifacts are signed with the following key:
> > > > > >
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__people.apache.org_keys_committer_jihoonson.asc&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=1pOwieBsGGqkp99HXjNxwj8Bfla-9h2laHYJYuNjyAc&e=
> > > > > >
> > > > > > This key and the key of other committers can also be found in the
> > > > > project's
> > > > > > KEYS file here:
> > > > > >
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_release_druid_KEYS&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=eBC5qeMlG3AvP-TEPsKGhCY0WFZtWc3LiCbB1KqEE9E&e=
> > > > > >
> > > > > > (If you are a committer, please feel free to add your own key to
> > that
> > > > > file
> > > > > > by following the instructions in the file's header.)
> > > > > >
> > > > > >
> > > > > > Verify checksums:
> > > > > > diff <(shasum -a512 apache-druid-0.21.0-src.tar.gz | \
> > > > > > cut -d ' ' -f1) \
> > > > > > <(cat apache-druid-0.21.0-src.tar.gz.sha512 ; echo)
> > > > > >
> > > > > > diff <(shasum -a512 apache-druid-0.21.0-bin.tar.gz | \
> > > > > > cut -d ' ' -f1) \
> > > > > > <(cat apache-druid-0.21.0-bin.tar.gz.sha512 ; echo)
> > > > > >
> > > > > > Verify signatures:
> > > > > > gpg --verify apache-druid-0.21.0-src.tar.gz.asc \
> > > > > > apache-druid-0.21.0-src.tar.gz
> > > > > >
> > > > > > gpg --verify apache-druid-0.21.0-bin.tar.gz.asc \
> > > > > > apache-druid-0.21.0-bin.tar.gz
> > > > > >
> > > > > > Please review the proposed artifacts and vote. Note that Apache has
> > > > > > specific requirements that must be met before +1 binding votes can
> > be
> > > > > cast
> > > > > > by PMC members. Please refer to the policy at
> > > > > >
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.apache.org_legal_release-2Dpolicy.html-23policy&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=lw_SXs0SOPM34AsbkLFC1Z1epoTibNMcjotdFJlGvgU&e=
> > > > for more details.
> > > > > >
> > > > > > As part of the validation process, the release artifacts can be
> > > > generated
> > > > > > from source by running:
> > > > > > mvn clean install -Papache-release,dist -Dgpg.skip
> > > > > >
> > > > > > The RAT license check can be run from source by:
> > > > > > mvn apache-rat:check -Prat
> > > > > >
> > > > > > This vote will be open for at least 72 hours. The vote will pass
> > if a
> > > > > > majority of at least three +1 PMC votes are cast.
> > > > > >
> > > > > > [ ] +1 Release this package as Apache Druid 0.21.0
> > > > > > [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > > > > > [ ] -1 Do not release this package because...
> > > > > >
> > > > > > Thanks!
> > > > > >
> > > > > >
> > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > > > > For additional commands, e-mail: dev-help@druid.apache.org
> > > > > >
> > > > > >
> > > > >
> > > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > For additional commands, e-mail: dev-help@druid.apache.org
> >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
For additional commands, e-mail: dev-help@druid.apache.org
Re: [E] Re: [VOTE] Release Apache Druid 0.21.0 [RC1]
Posted by Atul Mohan <at...@apache.org>.
There is an issue logged for this problem:
https://github.com/jeremylong/DependencyCheck/issues/3306
On Wed, Apr 21, 2021 at 7:25 PM Jihoon Son <ji...@apache.org> wrote:
> Thanks Will, Hopefully the problem can be solved soon.
>
> On Wed, Apr 21, 2021 at 4:58 PM Will Lauer
> <wl...@verizonmedia.com.invalid> wrote:
> >
> > We've seen that problem here in builds of multiple products today. We
> > believe it's due to a bad definition file from NIST, and not the products
> > themselves.
> >
> > Will
> >
> > On Wed, Apr 21, 2021, 6:14 PM Atul Mohan <at...@apache.org> wrote:
> >
> > > I'm in the process of verification, but the dependency-check failed
> for me
> > > with the following error:
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > *Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException:
> Unable
> > > to parse CPE: cpe:2.3:a:perl:file::path:1.08:*:*:*:*:*:*:* at
> > > org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpe (CveDB.java:1341)
> > > at org.owasp.dependencycheck.data.nvdcve.CveDB.lambda$parseCpes$3
> > > (CveDB.java:1298) at java.util.ArrayList.forEach
> (ArrayList.java:1257)
> > > at org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpes
> > > (CveDB.java:1297) at
> > > org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability
> > > (CveDB.java:880) at
> > > org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse
> > > (NvdCveParser.java:99) at
> > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON
> > > (ProcessTask.java:139) at
> > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles
> > > (ProcessTask.java:152) at
> > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> > > (ProcessTask.java:113) at
> > > org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> > > (ProcessTask.java:40) at java.util.concurrent.FutureTask.run
> > > (FutureTask.java:266) at
> > > java.util.concurrent.ThreadPoolExecutor.runWorker
> > > (ThreadPoolExecutor.java:1149) at
> > > java.util.concurrent.ThreadPoolExecutor$Worker.run
> > > (ThreadPoolExecutor.java:624) at java.lang.Thread.run
> (Thread.java:748)*
> > >
> > > Am I missing something?
> > >
> > > On Mon, Apr 19, 2021 at 4:33 PM Clint Wylie <cw...@apache.org> wrote:
> > >
> > > > +1 (binding)
> > > >
> > > > src package:
> > > > - verified signature/checksum
> > > > - LICENSE/NOTICE present
> > > > - compiled, ran checks, unit tests
> > > > - built binary distribution, ingested some data and ran some queries
> > > >
> > > > binary package:
> > > > - verified signature/checksum
> > > > - LICENSE/NOTICE present
> > > > - ingested some data and ran some queries
> > > >
> > > > docker:
> > > > - verified checksum
> > > > - started cluster with docker-compose, ingested some data and ran
> some
> > > > queries
> > > >
> > > > Thanks for putting the release together Jihoon!
> > > >
> > > > On Fri, Apr 16, 2021 at 5:59 PM Jihoon Son <ji...@apache.org>
> wrote:
> > > >
> > > > > Hi all,
> > > > >
> > > > > I have created a build for Apache Druid 0.21.0, release
> > > > > candidate 1.
> > > > >
> > > > > Thanks for everyone who has helped contribute to the release! You
> can
> > > > read
> > > > > the proposed release notes here:
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_druid_issues_10752&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=3glZYUiMVphoin9jejQzxvDHpV5njS8sZo94Py1hs14&e=
> > > > >
> > > > > The release candidate has been tagged in GitHub as
> > > > > druid-0.21.0-rc1 (733697c25ff22045f14016d83b123fa18556dec8),
> > > > > available here:
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_druid_releases_tag_druid-2D0.21.0-2Drc1&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=_mTLWD2vl-ZszMCZClaSl3F2nnCxNHd3lbUwfcM2JVI&e=
> > > > >
> > > > > The artifacts to be voted on are located here:
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_dev_druid_0.21.0-2Drc1_&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=-uiRpPGJoNYuFvEXUyM3RyLIoo85afwG2RVDkLmg8Cg&e=
> > > > >
> > > > > A staged Maven repository is available for review at:
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__repository.apache.org_content_repositories_orgapachedruid-2D1023_&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=OAQ1QS-O5ns8rmhtmK_oT3B14z-OGnyg6lS2DKZX82M&e=
> > > > >
> > > > > Staged druid.apache.org website documentation is available here:
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__druid.staged.apache.org_docs_0.21.0_design_index.html&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=IKBV30tEa3bs1TFvZ_lPI3cr54jF9DG-PPG2sJL9yNQ&e=
> > > > >
> > > > > A Docker image containing the binary of the release candidate can
> be
> > > > > retrieved via:
> > > > > docker pull apache/druid:0.21.0-rc1
> > > > >
> > > > > artifact checksums
> > > > > src:
> > > > >
> > > > >
> > > >
> > >
> 8ff3c5ce96b6eff67a68945284e9d2280ea6fbca4ee4a3a023e74685f05dfbed84d1e9071ed5331cb0b1416cb87895d146ce733ae228070a9437375e1baca022
> > > > > bin:
> > > > >
> > > > >
> > > >
> > >
> 4c1b9ff4c8d89e1c78f0bc9e414ea4e855a637925959b5e4e4edd79bdbd0311f0b09cc332c6f48f982f10d9d46d2658cee802bac4e60116598d1aaf3deebf9b1
> > > > > docker:
> > > 33ff4044017f5974f2e250512a1dd2449078dbf1fa18dd2bd4fa511a4c9f2f78
> > > > >
> > > > > Release artifacts are signed with the following key:
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__people.apache.org_keys_committer_jihoonson.asc&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=1pOwieBsGGqkp99HXjNxwj8Bfla-9h2laHYJYuNjyAc&e=
> > > > >
> > > > > This key and the key of other committers can also be found in the
> > > > project's
> > > > > KEYS file here:
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_release_druid_KEYS&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=eBC5qeMlG3AvP-TEPsKGhCY0WFZtWc3LiCbB1KqEE9E&e=
> > > > >
> > > > > (If you are a committer, please feel free to add your own key to
> that
> > > > file
> > > > > by following the instructions in the file's header.)
> > > > >
> > > > >
> > > > > Verify checksums:
> > > > > diff <(shasum -a512 apache-druid-0.21.0-src.tar.gz | \
> > > > > cut -d ' ' -f1) \
> > > > > <(cat apache-druid-0.21.0-src.tar.gz.sha512 ; echo)
> > > > >
> > > > > diff <(shasum -a512 apache-druid-0.21.0-bin.tar.gz | \
> > > > > cut -d ' ' -f1) \
> > > > > <(cat apache-druid-0.21.0-bin.tar.gz.sha512 ; echo)
> > > > >
> > > > > Verify signatures:
> > > > > gpg --verify apache-druid-0.21.0-src.tar.gz.asc \
> > > > > apache-druid-0.21.0-src.tar.gz
> > > > >
> > > > > gpg --verify apache-druid-0.21.0-bin.tar.gz.asc \
> > > > > apache-druid-0.21.0-bin.tar.gz
> > > > >
> > > > > Please review the proposed artifacts and vote. Note that Apache has
> > > > > specific requirements that must be met before +1 binding votes can
> be
> > > > cast
> > > > > by PMC members. Please refer to the policy at
> > > > >
> > >
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.apache.org_legal_release-2Dpolicy.html-23policy&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=lw_SXs0SOPM34AsbkLFC1Z1epoTibNMcjotdFJlGvgU&e=
> > > for more details.
> > > > >
> > > > > As part of the validation process, the release artifacts can be
> > > generated
> > > > > from source by running:
> > > > > mvn clean install -Papache-release,dist -Dgpg.skip
> > > > >
> > > > > The RAT license check can be run from source by:
> > > > > mvn apache-rat:check -Prat
> > > > >
> > > > > This vote will be open for at least 72 hours. The vote will pass
> if a
> > > > > majority of at least three +1 PMC votes are cast.
> > > > >
> > > > > [ ] +1 Release this package as Apache Druid 0.21.0
> > > > > [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > > > > [ ] -1 Do not release this package because...
> > > > >
> > > > > Thanks!
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > > > For additional commands, e-mail: dev-help@druid.apache.org
> > > > >
> > > > >
> > > >
> > >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> For additional commands, e-mail: dev-help@druid.apache.org
>
>
Re: [E] Re: [VOTE] Release Apache Druid 0.21.0 [RC1]
Posted by Jihoon Son <ji...@apache.org>.
Thanks Will, Hopefully the problem can be solved soon.
On Wed, Apr 21, 2021 at 4:58 PM Will Lauer
<wl...@verizonmedia.com.invalid> wrote:
>
> We've seen that problem here in builds of multiple products today. We
> believe it's due to a bad definition file from NIST, and not the products
> themselves.
>
> Will
>
> On Wed, Apr 21, 2021, 6:14 PM Atul Mohan <at...@apache.org> wrote:
>
> > I'm in the process of verification, but the dependency-check failed for me
> > with the following error:
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > *Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable
> > to parse CPE: cpe:2.3:a:perl:file::path:1.08:*:*:*:*:*:*:* at
> > org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpe (CveDB.java:1341)
> > at org.owasp.dependencycheck.data.nvdcve.CveDB.lambda$parseCpes$3
> > (CveDB.java:1298) at java.util.ArrayList.forEach (ArrayList.java:1257)
> > at org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpes
> > (CveDB.java:1297) at
> > org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability
> > (CveDB.java:880) at
> > org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse
> > (NvdCveParser.java:99) at
> > org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON
> > (ProcessTask.java:139) at
> > org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles
> > (ProcessTask.java:152) at
> > org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> > (ProcessTask.java:113) at
> > org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> > (ProcessTask.java:40) at java.util.concurrent.FutureTask.run
> > (FutureTask.java:266) at
> > java.util.concurrent.ThreadPoolExecutor.runWorker
> > (ThreadPoolExecutor.java:1149) at
> > java.util.concurrent.ThreadPoolExecutor$Worker.run
> > (ThreadPoolExecutor.java:624) at java.lang.Thread.run (Thread.java:748)*
> >
> > Am I missing something?
> >
> > On Mon, Apr 19, 2021 at 4:33 PM Clint Wylie <cw...@apache.org> wrote:
> >
> > > +1 (binding)
> > >
> > > src package:
> > > - verified signature/checksum
> > > - LICENSE/NOTICE present
> > > - compiled, ran checks, unit tests
> > > - built binary distribution, ingested some data and ran some queries
> > >
> > > binary package:
> > > - verified signature/checksum
> > > - LICENSE/NOTICE present
> > > - ingested some data and ran some queries
> > >
> > > docker:
> > > - verified checksum
> > > - started cluster with docker-compose, ingested some data and ran some
> > > queries
> > >
> > > Thanks for putting the release together Jihoon!
> > >
> > > On Fri, Apr 16, 2021 at 5:59 PM Jihoon Son <ji...@apache.org> wrote:
> > >
> > > > Hi all,
> > > >
> > > > I have created a build for Apache Druid 0.21.0, release
> > > > candidate 1.
> > > >
> > > > Thanks for everyone who has helped contribute to the release! You can
> > > read
> > > > the proposed release notes here:
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_druid_issues_10752&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=3glZYUiMVphoin9jejQzxvDHpV5njS8sZo94Py1hs14&e=
> > > >
> > > > The release candidate has been tagged in GitHub as
> > > > druid-0.21.0-rc1 (733697c25ff22045f14016d83b123fa18556dec8),
> > > > available here:
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_druid_releases_tag_druid-2D0.21.0-2Drc1&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=_mTLWD2vl-ZszMCZClaSl3F2nnCxNHd3lbUwfcM2JVI&e=
> > > >
> > > > The artifacts to be voted on are located here:
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_dev_druid_0.21.0-2Drc1_&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=-uiRpPGJoNYuFvEXUyM3RyLIoo85afwG2RVDkLmg8Cg&e=
> > > >
> > > > A staged Maven repository is available for review at:
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__repository.apache.org_content_repositories_orgapachedruid-2D1023_&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=OAQ1QS-O5ns8rmhtmK_oT3B14z-OGnyg6lS2DKZX82M&e=
> > > >
> > > > Staged druid.apache.org website documentation is available here:
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__druid.staged.apache.org_docs_0.21.0_design_index.html&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=IKBV30tEa3bs1TFvZ_lPI3cr54jF9DG-PPG2sJL9yNQ&e=
> > > >
> > > > A Docker image containing the binary of the release candidate can be
> > > > retrieved via:
> > > > docker pull apache/druid:0.21.0-rc1
> > > >
> > > > artifact checksums
> > > > src:
> > > >
> > > >
> > >
> > 8ff3c5ce96b6eff67a68945284e9d2280ea6fbca4ee4a3a023e74685f05dfbed84d1e9071ed5331cb0b1416cb87895d146ce733ae228070a9437375e1baca022
> > > > bin:
> > > >
> > > >
> > >
> > 4c1b9ff4c8d89e1c78f0bc9e414ea4e855a637925959b5e4e4edd79bdbd0311f0b09cc332c6f48f982f10d9d46d2658cee802bac4e60116598d1aaf3deebf9b1
> > > > docker:
> > 33ff4044017f5974f2e250512a1dd2449078dbf1fa18dd2bd4fa511a4c9f2f78
> > > >
> > > > Release artifacts are signed with the following key:
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__people.apache.org_keys_committer_jihoonson.asc&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=1pOwieBsGGqkp99HXjNxwj8Bfla-9h2laHYJYuNjyAc&e=
> > > >
> > > > This key and the key of other committers can also be found in the
> > > project's
> > > > KEYS file here:
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_release_druid_KEYS&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=eBC5qeMlG3AvP-TEPsKGhCY0WFZtWc3LiCbB1KqEE9E&e=
> > > >
> > > > (If you are a committer, please feel free to add your own key to that
> > > file
> > > > by following the instructions in the file's header.)
> > > >
> > > >
> > > > Verify checksums:
> > > > diff <(shasum -a512 apache-druid-0.21.0-src.tar.gz | \
> > > > cut -d ' ' -f1) \
> > > > <(cat apache-druid-0.21.0-src.tar.gz.sha512 ; echo)
> > > >
> > > > diff <(shasum -a512 apache-druid-0.21.0-bin.tar.gz | \
> > > > cut -d ' ' -f1) \
> > > > <(cat apache-druid-0.21.0-bin.tar.gz.sha512 ; echo)
> > > >
> > > > Verify signatures:
> > > > gpg --verify apache-druid-0.21.0-src.tar.gz.asc \
> > > > apache-druid-0.21.0-src.tar.gz
> > > >
> > > > gpg --verify apache-druid-0.21.0-bin.tar.gz.asc \
> > > > apache-druid-0.21.0-bin.tar.gz
> > > >
> > > > Please review the proposed artifacts and vote. Note that Apache has
> > > > specific requirements that must be met before +1 binding votes can be
> > > cast
> > > > by PMC members. Please refer to the policy at
> > > >
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.apache.org_legal_release-2Dpolicy.html-23policy&d=DwIBaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=ULseRJUsY5gTBgFA9-BUxg&m=r3FUVcK_gRFSGHYST7TdoEJUKRy6r8Fs-GljbjSBeh8&s=lw_SXs0SOPM34AsbkLFC1Z1epoTibNMcjotdFJlGvgU&e=
> > for more details.
> > > >
> > > > As part of the validation process, the release artifacts can be
> > generated
> > > > from source by running:
> > > > mvn clean install -Papache-release,dist -Dgpg.skip
> > > >
> > > > The RAT license check can be run from source by:
> > > > mvn apache-rat:check -Prat
> > > >
> > > > This vote will be open for at least 72 hours. The vote will pass if a
> > > > majority of at least three +1 PMC votes are cast.
> > > >
> > > > [ ] +1 Release this package as Apache Druid 0.21.0
> > > > [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > > > [ ] -1 Do not release this package because...
> > > >
> > > > Thanks!
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
> > > > For additional commands, e-mail: dev-help@druid.apache.org
> > > >
> > > >
> > >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@druid.apache.org
For additional commands, e-mail: dev-help@druid.apache.org