You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by Jeffery Painter <je...@jivecast.com> on 2018/11/08 20:39:34 UTC
[VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on staged repository
Hello Turbine devs,
I know this one was a bit of a pain, but I finally got it working! Thank you everyone for your help.
A release candidate for the Fulcrum yaafi-crypto component, version
1.0.7 has been prepared. It contains updates to utilize the new Turbine 5 parent pom,
junit 4.12, removal of references to StringBuffer and a simplification
of the HexConverter methods that are more Java 8 friendly.
Please verify this release candidate carefully and vote.
Tag:
https://svn.apache.org/repos/asf/turbine/fulcrum/tags/fulcrum-yaafi-crypto-1.0.7
Artifacts:
https://repository.apache.org/content/repositories/orgapacheturbine-1035
[ ] +1 release it
[ ] +0 go ahead I don't care
[ ] -1 no, do not release it because
--
Jeff Painter
Re: Antwort: Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on
staged repository
Posted by Jeffery Painter <je...@jivecast.com>.
Thanks Georg,
I am happy with whatever the group decides in terms of policy. I agree
that between the three of us who are most active on turbine, there are
often times where one or all of us are busy with our day jobs and just
can't get to it testing everyone's changes.
I am happy to let this one wait until I return on the Nov-26 in order to
allow Thomas time to vote.
In the meantime, I will check out your logging changes today and do a
quick review.
Thanks!
Jeff
On 11/15/18 9:25 AM, Georg Kallidis wrote:
> Hi Jeff,
>
> this was recently on the member mailing list, which might be helpful as a
> short reminder here as well.
>
> https://wiki.apache.org/incubator/DefaultProjectGuidelines
>
> I understand we need at least three binding (PMC) votes for a release.
> Thomas hopefully finds some time soon to look into it (or may be another
> PMC will help out)! As we want to do a bunch of releases in the following
> months, we may communincate about how to achieve this best in some detail
> ..
>
> Best regards, Georg
>
>
>
>
> Von: Jeffery Painter <je...@jivecast.com>
> An: dev@turbine.apache.org
> Datum: 15.11.2018 13:48
> Betreff: Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on
> staged repository
>
>
>
>
> That's 2 votes in favor and none opposed. Is that enough to consider it
> for release? I am out of town next week, so I would like to close this
> out by tomorrow.
>
> Thanks!
> Jeff
>
>
> On 11/13/18 2:46 AM, Georg Kallidis wrote:
>>> [X] +1 release it
>>> [ ] +0 go ahead I don't care
>>> [ ] -1 no, do not release it because
>> Best regards, Georg
>>
>> P.S. Artifact - link now reachable.
>>
>>
>>
>>
>> Von: Jeffery Painter <je...@jivecast.com>
>> An: dev@turbine.apache.org
>> Datum: 08.11.2018 22:13
>> Betreff: Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on
>> staged repository
>>
>>
>>
>>
>>
>> On 11/8/18 3:39 PM, Jeffery Painter wrote:
>>> Hello Turbine devs,
>>>
>>> I know this one was a bit of a pain, but I finally got it working!
> Thank
>> you everyone for your help.
>>> A release candidate for the Fulcrum yaafi-crypto component, version
>>> 1.0.7 has been prepared. It contains updates to utilize the new Turbine
>> 5 parent pom,
>>> junit 4.12, removal of references to StringBuffer and a simplification
>>> of the HexConverter methods that are more Java 8 friendly.
>>>
>>> Please verify this release candidate carefully and vote.
>>>
>>> Tag:
>>>
> https://svn.apache.org/repos/asf/turbine/fulcrum/tags/fulcrum-yaafi-crypto-1.0.7
>
>>> Artifacts:
>>>
> https://repository.apache.org/content/repositories/orgapacheturbine-1035
>>> [X] +1 release it
>>> [ ] +0 go ahead I don't care
>>> [ ] -1 no, do not release it because
>>>
>>>
>
> [Anhang "signature.asc" gelöscht von Georg Kallidis/CeDiS/FU-Berlin/DE]
>
Antwort: Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on staged
repository
Posted by Georg Kallidis <ge...@cedis.fu-berlin.de>.
Hi Jeff,
this was recently on the member mailing list, which might be helpful as a
short reminder here as well.
https://wiki.apache.org/incubator/DefaultProjectGuidelines
I understand we need at least three binding (PMC) votes for a release.
Thomas hopefully finds some time soon to look into it (or may be another
PMC will help out)! As we want to do a bunch of releases in the following
months, we may communincate about how to achieve this best in some detail
..
Best regards, Georg
Von: Jeffery Painter <je...@jivecast.com>
An: dev@turbine.apache.org
Datum: 15.11.2018 13:48
Betreff: Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on
staged repository
That's 2 votes in favor and none opposed. Is that enough to consider it
for release? I am out of town next week, so I would like to close this
out by tomorrow.
Thanks!
Jeff
On 11/13/18 2:46 AM, Georg Kallidis wrote:
>> [X] +1 release it
>> [ ] +0 go ahead I don't care
>> [ ] -1 no, do not release it because
> Best regards, Georg
>
> P.S. Artifact - link now reachable.
>
>
>
>
> Von: Jeffery Painter <je...@jivecast.com>
> An: dev@turbine.apache.org
> Datum: 08.11.2018 22:13
> Betreff: Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on
> staged repository
>
>
>
>
>
> On 11/8/18 3:39 PM, Jeffery Painter wrote:
>> Hello Turbine devs,
>>
>> I know this one was a bit of a pain, but I finally got it working!
Thank
> you everyone for your help.
>> A release candidate for the Fulcrum yaafi-crypto component, version
>> 1.0.7 has been prepared. It contains updates to utilize the new Turbine
> 5 parent pom,
>> junit 4.12, removal of references to StringBuffer and a simplification
>> of the HexConverter methods that are more Java 8 friendly.
>>
>> Please verify this release candidate carefully and vote.
>>
>> Tag:
>>
>
https://svn.apache.org/repos/asf/turbine/fulcrum/tags/fulcrum-yaafi-crypto-1.0.7
>
>> Artifacts:
>>
https://repository.apache.org/content/repositories/orgapacheturbine-1035
>>
>> [X] +1 release it
>> [ ] +0 go ahead I don't care
>> [ ] -1 no, do not release it because
>>
>>
[Anhang "signature.asc" gelöscht von Georg Kallidis/CeDiS/FU-Berlin/DE]
Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on staged
repository
Posted by Jeffery Painter <je...@jivecast.com>.
That's 2 votes in favor and none opposed. Is that enough to consider it
for release? I am out of town next week, so I would like to close this
out by tomorrow.
Thanks!
Jeff
On 11/13/18 2:46 AM, Georg Kallidis wrote:
>> [X] +1 release it
>> [ ] +0 go ahead I don't care
>> [ ] -1 no, do not release it because
> Best regards, Georg
>
> P.S. Artifact - link now reachable.
>
>
>
>
> Von: Jeffery Painter <je...@jivecast.com>
> An: dev@turbine.apache.org
> Datum: 08.11.2018 22:13
> Betreff: Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on
> staged repository
>
>
>
>
>
> On 11/8/18 3:39 PM, Jeffery Painter wrote:
>> Hello Turbine devs,
>>
>> I know this one was a bit of a pain, but I finally got it working! Thank
> you everyone for your help.
>> A release candidate for the Fulcrum yaafi-crypto component, version
>> 1.0.7 has been prepared. It contains updates to utilize the new Turbine
> 5 parent pom,
>> junit 4.12, removal of references to StringBuffer and a simplification
>> of the HexConverter methods that are more Java 8 friendly.
>>
>> Please verify this release candidate carefully and vote.
>>
>> Tag:
>>
> https://svn.apache.org/repos/asf/turbine/fulcrum/tags/fulcrum-yaafi-crypto-1.0.7
>
>> Artifacts:
>> https://repository.apache.org/content/repositories/orgapacheturbine-1035
>>
>> [X] +1 release it
>> [ ] +0 go ahead I don't care
>> [ ] -1 no, do not release it because
>>
>>
Re: Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on staged
repository
Posted by Georg Kallidis <ge...@cedis.fu-berlin.de>.
> [X] +1 release it
> [ ] +0 go ahead I don't care
> [ ] -1 no, do not release it because
Best regards, Georg
P.S. Artifact - link now reachable.
Von: Jeffery Painter <je...@jivecast.com>
An: dev@turbine.apache.org
Datum: 08.11.2018 22:13
Betreff: Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on
staged repository
On 11/8/18 3:39 PM, Jeffery Painter wrote:
> Hello Turbine devs,
>
> I know this one was a bit of a pain, but I finally got it working! Thank
you everyone for your help.
>
> A release candidate for the Fulcrum yaafi-crypto component, version
> 1.0.7 has been prepared. It contains updates to utilize the new Turbine
5 parent pom,
> junit 4.12, removal of references to StringBuffer and a simplification
> of the HexConverter methods that are more Java 8 friendly.
>
> Please verify this release candidate carefully and vote.
>
> Tag:
>
https://svn.apache.org/repos/asf/turbine/fulcrum/tags/fulcrum-yaafi-crypto-1.0.7
>
> Artifacts:
> https://repository.apache.org/content/repositories/orgapacheturbine-1035
>
> [X] +1 release it
> [ ] +0 go ahead I don't care
> [ ] -1 no, do not release it because
>
>
--
Jeffery
[Anhang "signature.asc" gelöscht von Georg Kallidis/CeDiS/FU-Berlin/DE]
Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on staged
repository
Posted by Jeffery Painter <je...@jivecast.com>.
On 11/8/18 3:39 PM, Jeffery Painter wrote:
> Hello Turbine devs,
>
> I know this one was a bit of a pain, but I finally got it working! Thank you everyone for your help.
>
> A release candidate for the Fulcrum yaafi-crypto component, version
> 1.0.7 has been prepared. It contains updates to utilize the new Turbine 5 parent pom,
> junit 4.12, removal of references to StringBuffer and a simplification
> of the HexConverter methods that are more Java 8 friendly.
>
> Please verify this release candidate carefully and vote.
>
> Tag:
> https://svn.apache.org/repos/asf/turbine/fulcrum/tags/fulcrum-yaafi-crypto-1.0.7
>
> Artifacts:
> https://repository.apache.org/content/repositories/orgapacheturbine-1035
>
> [X] +1 release it
> [ ] +0 go ahead I don't care
> [ ] -1 no, do not release it because
>
>
--
Jeffery
[RESULT] [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on staged
repository
Posted by Jeffery Painter <je...@jivecast.com>.
Hi all,
The result is that the the component will be released.
[binding]
+1 - Georg Kallidis
+1 - Thomas Vandahl
+1 - Jeffery Painter
Addressing Thomas's concerns:
1. Deprecation is coming from one of the test cases calling code in this
component that is deprecated. CryptoUtil.copy() method, so I think all
is OK there.
2. When I verified the signature, it looks good to me. Please let me
know if you are seeing something different than below.
painter@merlin:~/$ gpg --list-secret-key
/home/painter/.gnupg/pubring.gpg
--------------------------------
sec rsa4096 2018-09-25 [SC] [expires: 2023-09-24]
F325EA8120E1E588FC5EC9A9207EE518D34FA936
uid [ultimate] Jeffery Painter <je...@jivecast.com>
uid [ultimate] Jeffery Painter (CODE SIGNING KEY)
<pa...@apache.org>
ssb rsa4096 2018-09-25 [E] [expires: 2023-09-24]
painter@merlin:~/$ gpg --verify fulcrum-yaafi-crypto-1.0.7-bin.zip.asc
gpg: assuming signed data in 'fulcrum-yaafi-crypto-1.0.7-bin.zip'
gpg: Signature made Thu 08 Nov 2018 03:17:11 PM EST
gpg: using RSA key F325EA8120E1E588FC5EC9A9207EE518D34FA936
gpg: Good signature from "Jeffery Painter <je...@jivecast.com>" [ultimate]
gpg: aka "Jeffery Painter (CODE SIGNING KEY)
<pa...@apache.org>" [ultimate]
3. I updated the NOTICE.txt in the tagged version, and I also double
checked all the other fulcrum components as well.
I have released the artifacts from Nexus and continuing to follow
Georg's notes on how to finalize the release. Thank you for all your
help (and votes)!
--
Jeffery
On 11/18/18 1:08 PM, Thomas Vandahl wrote:
> Hi Jeff,
>
> On 08.11.18 21:39, Jeffery Painter wrote:
>> Please verify this release candidate carefully and vote.
>>
>> Tag:
>> https://svn.apache.org/repos/asf/turbine/fulcrum/tags/fulcrum-yaafi-crypto-1.0.7
>>
>> Artifacts:
>> https://repository.apache.org/content/repositories/orgapacheturbine-1035
>>
>> [X] +1 release it
>> [ ] +0 go ahead I don't care
>> [ ] -1 no, do not release it because
> Build and tests run fine. The compiler complains about using deprecated
> APIs (I didn't check that further). Signature is ok. Didn't you write
> your key had been signed at ApacheCon? The key you used for signing has
> no such signatures.
>
> Please update NOTICE.txt in the tag. The contents is utter nonsense.
>
> Bye, Thomas
>
Re: [VOTE] Release fulcrum-yaafi-crypto 1.0.7 based on staged
repository
Posted by Thomas Vandahl <tv...@apache.org>.
Hi Jeff,
On 08.11.18 21:39, Jeffery Painter wrote:
> Please verify this release candidate carefully and vote.
>
> Tag:
> https://svn.apache.org/repos/asf/turbine/fulcrum/tags/fulcrum-yaafi-crypto-1.0.7
>
> Artifacts:
> https://repository.apache.org/content/repositories/orgapacheturbine-1035
>
> [X] +1 release it
> [ ] +0 go ahead I don't care
> [ ] -1 no, do not release it because
Build and tests run fine. The compiler complains about using deprecated
APIs (I didn't check that further). Signature is ok. Didn't you write
your key had been signed at ApacheCon? The key you used for signing has
no such signatures.
Please update NOTICE.txt in the tag. The contents is utter nonsense.
Bye, Thomas