You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@beam.apache.org by Lukasz Cwik <lc...@google.com> on 2019/07/09 22:33:48 UTC
[VOTE] Vendored Dependencies Release
Please review the release of the following artifacts that we vendor:
* beam-vendor-grpc_1_21_0
* beam-vendor-guava-26_0-jre
Hi everyone,
Please review and vote on the release candidate #2 for the
org.apache.beam:beam-vendor-grpc_1_21_0:0.1 and
org.apache.beam:beam-vendor-guava-26_0-jre:0.1, as follows:
[ ] +1, Approve the release
[ ] -1, Do not approve the release (please provide specific comments)
The complete staging area is available for your review, which includes:
* the official Apache source release to be deployed to dist.apache.org [1],
which is signed with the key with fingerprint
EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
* all artifacts to be deployed to the Maven Central Repository [3],
* commit hash "b4efbb23cc5dec80b8bbd8745c62efecdadfa236" [4],
The vote will be open for at least 72 hours. It is adopted by majority
approval, with at least 3 PMC affirmative votes.
Thanks,
Luke
[1] https://dist.apache.org/repos/dist/dev/beam/vendor/
[2] https://dist.apache.org/repos/dist/release/beam/KEYS
[3] https://repository.apache.org/content/repositories/orgapachebeam-1076/
[4]
https://github.com/apache/beam/commit/b4efbb23cc5dec80b8bbd8745c62efecdadfa236
Re: [VOTE] Vendored Dependencies Release
Posted by Lukasz Cwik <lc...@google.com>.
No, the classes weren't expected inside of Guava. Cancelling this release
candidate.
I don't believe the protos/certs/keys matter and were part of our prior
1.13.1 release as well[1].
I found out that we stopped validating the contents of the vendored jar as
part of the release process and opened up pr/9036[2] to fix our validation.
Kai, I will try to add the vendored bytebuddy to the next release, it would
be useful if you could help review the PRs related to vendoring.
1:
https://repo1.maven.org/maven2/org/apache/beam/beam-vendor-grpc-1_13_1/0.2/beam-vendor-grpc-1_13_1-0.2.jar
2: https://github.com/apache/beam/pull/9036
On Wed, Jul 10, 2019 at 1:34 PM Kai Jiang <jk...@uber.com> wrote:
> pull/8357 <https://github.com/apache/beam/pull/8357> proposes to vendor
> bytebuddy artifact.
> Is it possible to release "beam-vendor-bytebuddy-1_9_3" in next release
> candidate?
>
> Best,
> Kai
>
> On Wed, Jul 10, 2019 at 11:31 AM Kenneth Knowles <ke...@apache.org> wrote:
>
>> grpc: jar contains certs, keys, protos at the top level; intended?
>>
>> guava: jar contains classes not in vendored prefix, with prefixes such as
>> com/google/j2objc, org/codehaus/mojo, com/google/errorprone,
>> org/checkerframework, javax/annotation
>>
>> On Tue, Jul 9, 2019 at 3:34 PM Lukasz Cwik <lc...@google.com> wrote:
>>
>>> Please review the release of the following artifacts that we vendor:
>>> * beam-vendor-grpc_1_21_0
>>> * beam-vendor-guava-26_0-jre
>>>
>>> Hi everyone,
>>> Please review and vote on the release candidate #2 for the
>>> org.apache.beam:beam-vendor-grpc_1_21_0:0.1 and
>>> org.apache.beam:beam-vendor-guava-26_0-jre:0.1, as follows:
>>> [ ] +1, Approve the release
>>> [ ] -1, Do not approve the release (please provide specific comments)
>>>
>>>
>>> The complete staging area is available for your review, which includes:
>>> * the official Apache source release to be deployed to dist.apache.org
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__dist.apache.org&d=DwMFaQ&c=r2dcLCtU9q6n0vrtnDw9vg&r=w9NQdMas-PbABIe2Vnjx7A&m=XQ3qyG5SAoY6jY4Pv3Bn3fVfQFbjZaIMJovq2d1Y-2c&s=csOeuLf-hGb4WMuN0WlDgcN7dYHjh1S0CGpw5i12sQ4&e=>
>>> [1], which is signed with the key with fingerprint
>>> EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
>>> * all artifacts to be deployed to the Maven Central Repository [3],
>>> * commit hash "b4efbb23cc5dec80b8bbd8745c62efecdadfa236" [4],
>>>
>>> The vote will be open for at least 72 hours. It is adopted by majority
>>> approval, with at least 3 PMC affirmative votes.
>>>
>>> Thanks,
>>> Luke
>>>
>>> [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_dev_beam_vendor_&d=DwMFaQ&c=r2dcLCtU9q6n0vrtnDw9vg&r=w9NQdMas-PbABIe2Vnjx7A&m=XQ3qyG5SAoY6jY4Pv3Bn3fVfQFbjZaIMJovq2d1Y-2c&s=vDAP44KBSLriK6epP13aKgiALwJLZ9SKau_naQkkJHg&e=>
>>> [2] https://dist.apache.org/repos/dist/release/beam/KEYS
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_release_beam_KEYS&d=DwMFaQ&c=r2dcLCtU9q6n0vrtnDw9vg&r=w9NQdMas-PbABIe2Vnjx7A&m=XQ3qyG5SAoY6jY4Pv3Bn3fVfQFbjZaIMJovq2d1Y-2c&s=xpYP-T_xTF78zcT6jG8fBp4_SBEE1y7TwHvi8n2HbhE&e=>
>>> [3]
>>> https://repository.apache.org/content/repositories/orgapachebeam-1076/
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__repository.apache.org_content_repositories_orgapachebeam-2D1076_&d=DwMFaQ&c=r2dcLCtU9q6n0vrtnDw9vg&r=w9NQdMas-PbABIe2Vnjx7A&m=XQ3qyG5SAoY6jY4Pv3Bn3fVfQFbjZaIMJovq2d1Y-2c&s=sg01Cg5xZfqLbyvPHiggexIjz8xR8wxMVi4d-thIXBo&e=>
>>> [4]
>>> https://github.com/apache/beam/commit/b4efbb23cc5dec80b8bbd8745c62efecdadfa236
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_beam_commit_b4efbb23cc5dec80b8bbd8745c62efecdadfa236&d=DwMFaQ&c=r2dcLCtU9q6n0vrtnDw9vg&r=w9NQdMas-PbABIe2Vnjx7A&m=XQ3qyG5SAoY6jY4Pv3Bn3fVfQFbjZaIMJovq2d1Y-2c&s=IEe6OXABE34s9YIOPvwpwh7CbnWl8YOZTrj6476XWpI&e=>
>>>
>>
Re: [VOTE] Vendored Dependencies Release
Posted by Kai Jiang <jk...@uber.com>.
pull/8357 <https://github.com/apache/beam/pull/8357> proposes to vendor
bytebuddy artifact.
Is it possible to release "beam-vendor-bytebuddy-1_9_3" in next release
candidate?
Best,
Kai
On Wed, Jul 10, 2019 at 11:31 AM Kenneth Knowles <ke...@apache.org> wrote:
> grpc: jar contains certs, keys, protos at the top level; intended?
>
> guava: jar contains classes not in vendored prefix, with prefixes such as
> com/google/j2objc, org/codehaus/mojo, com/google/errorprone,
> org/checkerframework, javax/annotation
>
> On Tue, Jul 9, 2019 at 3:34 PM Lukasz Cwik <lc...@google.com> wrote:
>
>> Please review the release of the following artifacts that we vendor:
>> * beam-vendor-grpc_1_21_0
>> * beam-vendor-guava-26_0-jre
>>
>> Hi everyone,
>> Please review and vote on the release candidate #2 for the
>> org.apache.beam:beam-vendor-grpc_1_21_0:0.1 and
>> org.apache.beam:beam-vendor-guava-26_0-jre:0.1, as follows:
>> [ ] +1, Approve the release
>> [ ] -1, Do not approve the release (please provide specific comments)
>>
>>
>> The complete staging area is available for your review, which includes:
>> * the official Apache source release to be deployed to dist.apache.org
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__dist.apache.org&d=DwMFaQ&c=r2dcLCtU9q6n0vrtnDw9vg&r=w9NQdMas-PbABIe2Vnjx7A&m=XQ3qyG5SAoY6jY4Pv3Bn3fVfQFbjZaIMJovq2d1Y-2c&s=csOeuLf-hGb4WMuN0WlDgcN7dYHjh1S0CGpw5i12sQ4&e=>
>> [1], which is signed with the key with fingerprint
>> EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
>> * all artifacts to be deployed to the Maven Central Repository [3],
>> * commit hash "b4efbb23cc5dec80b8bbd8745c62efecdadfa236" [4],
>>
>> The vote will be open for at least 72 hours. It is adopted by majority
>> approval, with at least 3 PMC affirmative votes.
>>
>> Thanks,
>> Luke
>>
>> [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_dev_beam_vendor_&d=DwMFaQ&c=r2dcLCtU9q6n0vrtnDw9vg&r=w9NQdMas-PbABIe2Vnjx7A&m=XQ3qyG5SAoY6jY4Pv3Bn3fVfQFbjZaIMJovq2d1Y-2c&s=vDAP44KBSLriK6epP13aKgiALwJLZ9SKau_naQkkJHg&e=>
>> [2] https://dist.apache.org/repos/dist/release/beam/KEYS
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_release_beam_KEYS&d=DwMFaQ&c=r2dcLCtU9q6n0vrtnDw9vg&r=w9NQdMas-PbABIe2Vnjx7A&m=XQ3qyG5SAoY6jY4Pv3Bn3fVfQFbjZaIMJovq2d1Y-2c&s=xpYP-T_xTF78zcT6jG8fBp4_SBEE1y7TwHvi8n2HbhE&e=>
>> [3]
>> https://repository.apache.org/content/repositories/orgapachebeam-1076/
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__repository.apache.org_content_repositories_orgapachebeam-2D1076_&d=DwMFaQ&c=r2dcLCtU9q6n0vrtnDw9vg&r=w9NQdMas-PbABIe2Vnjx7A&m=XQ3qyG5SAoY6jY4Pv3Bn3fVfQFbjZaIMJovq2d1Y-2c&s=sg01Cg5xZfqLbyvPHiggexIjz8xR8wxMVi4d-thIXBo&e=>
>> [4]
>> https://github.com/apache/beam/commit/b4efbb23cc5dec80b8bbd8745c62efecdadfa236
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_beam_commit_b4efbb23cc5dec80b8bbd8745c62efecdadfa236&d=DwMFaQ&c=r2dcLCtU9q6n0vrtnDw9vg&r=w9NQdMas-PbABIe2Vnjx7A&m=XQ3qyG5SAoY6jY4Pv3Bn3fVfQFbjZaIMJovq2d1Y-2c&s=IEe6OXABE34s9YIOPvwpwh7CbnWl8YOZTrj6476XWpI&e=>
>>
>
Re: [VOTE] Vendored Dependencies Release
Posted by Kenneth Knowles <ke...@apache.org>.
grpc: jar contains certs, keys, protos at the top level; intended?
guava: jar contains classes not in vendored prefix, with prefixes such as
com/google/j2objc, org/codehaus/mojo, com/google/errorprone,
org/checkerframework, javax/annotation
On Tue, Jul 9, 2019 at 3:34 PM Lukasz Cwik <lc...@google.com> wrote:
> Please review the release of the following artifacts that we vendor:
> * beam-vendor-grpc_1_21_0
> * beam-vendor-guava-26_0-jre
>
> Hi everyone,
> Please review and vote on the release candidate #2 for the
> org.apache.beam:beam-vendor-grpc_1_21_0:0.1 and
> org.apache.beam:beam-vendor-guava-26_0-jre:0.1, as follows:
> [ ] +1, Approve the release
> [ ] -1, Do not approve the release (please provide specific comments)
>
>
> The complete staging area is available for your review, which includes:
> * the official Apache source release to be deployed to dist.apache.org
> [1], which is signed with the key with fingerprint
> EAD5DE293F4A03DD2E77565589E68A56E371CCA2 [2],
> * all artifacts to be deployed to the Maven Central Repository [3],
> * commit hash "b4efbb23cc5dec80b8bbd8745c62efecdadfa236" [4],
>
> The vote will be open for at least 72 hours. It is adopted by majority
> approval, with at least 3 PMC affirmative votes.
>
> Thanks,
> Luke
>
> [1] https://dist.apache.org/repos/dist/dev/beam/vendor/
> [2] https://dist.apache.org/repos/dist/release/beam/KEYS
> [3] https://repository.apache.org/content/repositories/orgapachebeam-1076/
> [4]
> https://github.com/apache/beam/commit/b4efbb23cc5dec80b8bbd8745c62efecdadfa236
>