You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jena.apache.org by Andy Seaborne <an...@apache.org> on 2016/11/04 13:39:56 UTC
Re: [CANCELLED] [VOTE] Release Apache jena 3.1.1
Thank you for finding that.
Hmm. I have no idea what has happened. It must be some kind of user
error but the date does not suggest anything to me.
I will start again with a new key.
Andy
On 03/11/16 14:17, A. Soroka wrote:
> The source distro builds (mvn clean install) for me on Mac OS X
> 10.10.5 using Java 1.8.0_40 and Maven 3.3.9. Lots of Javadoc warnings
> (especially those weird ones about @propertyGetter, @propertySetter and
> @propertyDescription) but they are nothing new. Checksums verify for
> source distro. Andy's sig looks good, except...
>
> /tmp gpg --fingerprint 9CC7ECFE
> pub 4096R/9CC7ECFE 2014-06-16 [revoked: 2016-08-16]
> Key fingerprint = F0BA C675 207A 38AB F863 DAEA 1FD1 063C 9CC7 ECFE
> uid [ revoked] Andy Seaborne (Code signing key) <an...@apache.org>
>
> It seems that Andy, you signed with "9CC7ECFE", and if I interpret "http://pgpkeys.mit.edu/pks/lookup?search=Seaborne&op=vindex" correctly (a big "if") you revoked that key on 2016-08-16? Am I misreading that?
>
> On a side note, I get:
>
> ERROR: cannot verify dist.apache.org's certificate, issued by `/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4':
> Unable to locally verify the issuer's authority.
>
> from dist.apache.org and I had to go with wget's --no-check-certificate. Should I raise a ticket with infrastructure about that?
>
Yes.
> ---
> A. Soroka
> The University of Virginia Library
>
>> On Nov 2, 2016, at 5:39 PM, Andy Seaborne <an...@apache.org> wrote:
>>
>> Hi,
>>
>> Here is a vote on a release of Jena 3.1.1
>> (with Fuseki 2.4.1 and Fuseki 1.4.1).
>>
>> This is the first proposed candidate for this release.
>>
>> * Dependency changes:
>>
>> New module:
>> jena-fuseki2/jena-fuseki-embedded
>>
>> Updates:
>> com.github.jsonld-java:jsonld-java 0.7.0 -> 0.8.3
>>
>> org.apache.httpcomponents:httpClient 4.2.6 -> 4.5.2
>> org.apache.httpcomponents:httpCache 4.2.6 -> 4.5.2
>> org.apache.httpcomponents:httpCore 4.2.5 -> 4.4.4
>>
>> com.jayway.awaitility:awaitility 1.6.4 -> 1.7.0
>> com.spatial4j:spatial4j 0.4.1 -> 0.5
>> org.slf4j:* 1.7.20 -> 1.7.21
>> commons-codec:commons-codec 1.9 -> 1.10
>> org.apache.commons:commons-collections4 4.0 -> 4.1
>> org.apache.commons:commons-csv 1.0 -> 1.3
>> org.apache.commons:commons-lang3 3.3.2 -> 3.4
>> org.apache.thrift:libthrift 0.9.2 -> 0.9.3
>> org.apache.mrunit:mrunit 1.0.0 -> 1.1.0
>> com.github.rvesse:airline 2.1.0 -> 2.1.1
>>
>>
>> Key features of the release:
>>
>> * Completed F&O XPath3 functions
>> JENA-508 - Alessandro Seganti
>>
>> * ComplexPhraseQueryParser
>> JENA-1180 - Andrew Dolby
>>
>> * Additional vocabularies (DCAT, VoID, ROV, ORG)
>> JENA-1206 - Bart Hanssens
>>
>> * Improvement to the Fuseki service script for RHEL/Centos 6.
>> JENA-1219 - Dan Pritts
>>
>> * ORDER BY now cancelable.
>>
>> * Txn : a highlevel API for working with transactions
>> http://jena.staging.apache.org/documentation/txn/txn.html
>>
>> * Embedded Fuseki
>> http://jena.staging.apache.org/documentation/fuseki2/fuseki-embedded.html
>>
>> * Property path speed ups (JENA-1195)
>>
>> * Upgrade to Apache HttpClient v4.3 API
>> => auth changes cause API changes.
>>
>>
>> Everyone, not just committers, is invited to test and vote.
>>
>> Staging repository:
>> https://repository.apache.org/content/repositories/orgapachejena-1014/
>>
>> Proposed dist/ area:
>> https://dist.apache.org/repos/dist/dev/jena/
>>
>> Keys:
>> https://svn.apache.org/repos/asf/jena/dist/KEYS
>>
>> Git commit (browser URL):
>> https://git-wip-us.apache.org/repos/asf/jena/commit/9be9e53f40
>>
>> Git Commit Hash:
>> 9be9e53f40eb3b043f72332db2d49d89e9f3d4ba
>>
>> Git Commit Tag:
>> jena-3.1.1-rc1
>>
>> Please vote to approve this release:
>>
>> [ ] +1 Approve the release
>> [ ] 0 Don't care
>> [ ] -1 Don't release, because ...
>>
>> This vote will be open to at least
>>
>> Saturday, 5 Nov 2016, 23:59 UTC
>>
>> If you expect to check the release but the 72 hour limit does not work
>> for you, please email within the schedule above with an expected time
>> and we can extend the vote period.
>>
>> Thanks,
>>
>> Andy
>>
>> Checking needed:
>>
>> + does everything work on Linux?
>> + does everything work on MS Windows?
>> + does everything work on OS X?
>> + are the GPG signatures fine?
>> + are the checksums correct?
>> + is there a source archive?
>> + can the source archive really be built?
>> + is there a correct LICENSE and NOTICE file in each artifact
>> (both source and binary artifacts)?
>> + does the NOTICE file contain all necessary attributions?
>> + have any licenses of dependencies changed due to upgrades?
>> if so have LICENSE and NOTICE been upgraded appropriately?
>> + does the tag/commit in the SCM contain reproducible sources?
>
Re: [CANCELLED] [VOTE] Release Apache jena 3.1.1
Posted by "A. Soroka" <aj...@virginia.edu>.
I filed a ticket on the dist.apache.org certificate weirdness as:
https://issues.apache.org/jira/browse/INFRA-12857
---
A. Soroka
The University of Virginia Library
> On Nov 4, 2016, at 9:39 AM, Andy Seaborne <an...@apache.org> wrote:
>
> Thank you for finding that.
>
> Hmm. I have no idea what has happened. It must be some kind of user error but the date does not suggest anything to me.
>
> I will start again with a new key.
>
> Andy
>
> On 03/11/16 14:17, A. Soroka wrote:
>> The source distro builds (mvn clean install) for me on Mac OS X
>> 10.10.5 using Java 1.8.0_40 and Maven 3.3.9. Lots of Javadoc warnings
>> (especially those weird ones about @propertyGetter, @propertySetter and
>> @propertyDescription) but they are nothing new. Checksums verify for
>> source distro. Andy's sig looks good, except...
>>
>> /tmp gpg --fingerprint 9CC7ECFE
>> pub 4096R/9CC7ECFE 2014-06-16 [revoked: 2016-08-16]
>> Key fingerprint = F0BA C675 207A 38AB F863 DAEA 1FD1 063C 9CC7 ECFE
>> uid [ revoked] Andy Seaborne (Code signing key) <an...@apache.org>
>>
>> It seems that Andy, you signed with "9CC7ECFE", and if I interpret "http://pgpkeys.mit.edu/pks/lookup?search=Seaborne&op=vindex" correctly (a big "if") you revoked that key on 2016-08-16? Am I misreading that?
>>
>> On a side note, I get:
>>
>> ERROR: cannot verify dist.apache.org's certificate, issued by `/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4':
>> Unable to locally verify the issuer's authority.
>>
>> from dist.apache.org and I had to go with wget's --no-check-certificate. Should I raise a ticket with infrastructure about that?
>>
>
> Yes.
>
>> ---
>> A. Soroka
>> The University of Virginia Library
>>
>>> On Nov 2, 2016, at 5:39 PM, Andy Seaborne <an...@apache.org> wrote:
>>>
>>> Hi,
>>>
>>> Here is a vote on a release of Jena 3.1.1
>>> (with Fuseki 2.4.1 and Fuseki 1.4.1).
>>>
>>> This is the first proposed candidate for this release.
>>>
>>> * Dependency changes:
>>>
>>> New module:
>>> jena-fuseki2/jena-fuseki-embedded
>>>
>>> Updates:
>>> com.github.jsonld-java:jsonld-java 0.7.0 -> 0.8.3
>>>
>>> org.apache.httpcomponents:httpClient 4.2.6 -> 4.5.2
>>> org.apache.httpcomponents:httpCache 4.2.6 -> 4.5.2
>>> org.apache.httpcomponents:httpCore 4.2.5 -> 4.4.4
>>>
>>> com.jayway.awaitility:awaitility 1.6.4 -> 1.7.0
>>> com.spatial4j:spatial4j 0.4.1 -> 0.5
>>> org.slf4j:* 1.7.20 -> 1.7.21
>>> commons-codec:commons-codec 1.9 -> 1.10
>>> org.apache.commons:commons-collections4 4.0 -> 4.1
>>> org.apache.commons:commons-csv 1.0 -> 1.3
>>> org.apache.commons:commons-lang3 3.3.2 -> 3.4
>>> org.apache.thrift:libthrift 0.9.2 -> 0.9.3
>>> org.apache.mrunit:mrunit 1.0.0 -> 1.1.0
>>> com.github.rvesse:airline 2.1.0 -> 2.1.1
>>>
>>>
>>> Key features of the release:
>>>
>>> * Completed F&O XPath3 functions
>>> JENA-508 - Alessandro Seganti
>>>
>>> * ComplexPhraseQueryParser
>>> JENA-1180 - Andrew Dolby
>>>
>>> * Additional vocabularies (DCAT, VoID, ROV, ORG)
>>> JENA-1206 - Bart Hanssens
>>>
>>> * Improvement to the Fuseki service script for RHEL/Centos 6.
>>> JENA-1219 - Dan Pritts
>>>
>>> * ORDER BY now cancelable.
>>>
>>> * Txn : a highlevel API for working with transactions
>>> http://jena.staging.apache.org/documentation/txn/txn.html
>>>
>>> * Embedded Fuseki
>>> http://jena.staging.apache.org/documentation/fuseki2/fuseki-embedded.html
>>>
>>> * Property path speed ups (JENA-1195)
>>>
>>> * Upgrade to Apache HttpClient v4.3 API
>>> => auth changes cause API changes.
>>>
>>>
>>> Everyone, not just committers, is invited to test and vote.
>>>
>>> Staging repository:
>>> https://repository.apache.org/content/repositories/orgapachejena-1014/
>>>
>>> Proposed dist/ area:
>>> https://dist.apache.org/repos/dist/dev/jena/
>>>
>>> Keys:
>>> https://svn.apache.org/repos/asf/jena/dist/KEYS
>>>
>>> Git commit (browser URL):
>>> https://git-wip-us.apache.org/repos/asf/jena/commit/9be9e53f40
>>>
>>> Git Commit Hash:
>>> 9be9e53f40eb3b043f72332db2d49d89e9f3d4ba
>>>
>>> Git Commit Tag:
>>> jena-3.1.1-rc1
>>>
>>> Please vote to approve this release:
>>>
>>> [ ] +1 Approve the release
>>> [ ] 0 Don't care
>>> [ ] -1 Don't release, because ...
>>>
>>> This vote will be open to at least
>>>
>>> Saturday, 5 Nov 2016, 23:59 UTC
>>>
>>> If you expect to check the release but the 72 hour limit does not work
>>> for you, please email within the schedule above with an expected time
>>> and we can extend the vote period.
>>>
>>> Thanks,
>>>
>>> Andy
>>>
>>> Checking needed:
>>>
>>> + does everything work on Linux?
>>> + does everything work on MS Windows?
>>> + does everything work on OS X?
>>> + are the GPG signatures fine?
>>> + are the checksums correct?
>>> + is there a source archive?
>>> + can the source archive really be built?
>>> + is there a correct LICENSE and NOTICE file in each artifact
>>> (both source and binary artifacts)?
>>> + does the NOTICE file contain all necessary attributions?
>>> + have any licenses of dependencies changed due to upgrades?
>>> if so have LICENSE and NOTICE been upgraded appropriately?
>>> + does the tag/commit in the SCM contain reproducible sources?
>>