[VOTE] Release activemq-nms-amqp 1.8.2-rc2

[Havret <h4...@gmail.com>]

Hi,

This is the second run for activemq-nms-amqp 1.8.2.

I've added the missing headers, updated the license files, and generated
SHA512 using powershell not gpg, so it should be more in line with what you
guys are used to.

The files can be grabbed from:
https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/

Please check it and vote accordingly.

Regards,
KP

Re: [VOTE] Release activemq-nms-amqp 1.8.2-rc2

[Michael André Pearce <mi...@icloud.com.INVALID>]

+1 (binding)


(cc'ing pmc private list)

On 27 June 2021 at 21:50, Havret <h4...@gmail.com> wrote:


Hi,

This is the second run for activemq-nms-amqp 1.8.2.

I've added the missing headers, updated the license files, and generated
SHA512 using powershell not gpg, so it should be more in line with what you
guys are used to.

The files can be grabbed from:
https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/

Please check it and vote accordingly.

Regards,
KP

Re: [VOTE] Release activemq-nms-amqp 1.8.2-rc2

[W B D <wb...@users.sourceforge.net>]

Any further progress toward a release for 1.8.2? I understand the main
holdup has been some change in the checksum format.

I'm hopeful that another bug fix that was included in AMQPNetLite 2.4.3,
might explain and resolve the stall I observed during failover as reported
in AMQNET-656 - see https://github.com/Azure/amqpnetlite/issues/460. I made
a note on PR #59 accordingly.

Bruce

On Tue, Jul 13, 2021 at 10:07 AM Robbie Gemmell <ro...@gmail.com>
wrote:

> Well there you go. Those instructions seem to be linked to now instead
> of previous content which were not on infra.apache.org but elsewhere,
> although they are themselves clearly still not that up to date given
> the references to MD5 in the wider leadup section, with GPG being the
> third suggestion there on how to generate a checksum.
>
> I dont see any instructions on suggesting how you are meant to verify
> the .sha512 output from GPG, so I guess perhaps I'd also use GPG to
> create another similar file (after knowing thats what created it; I
> expect many might not) and then diff the two. Or just eyeball the
> output of some other tool, which is again quite annoying due to the
> format. The new approach is easier to eyeball compare, though still
> different enough to be annoying. Not a patch on the typical format.
>
> There have been many ways to get the various shaXsum programs on
> Windows too over the years such as cygwin, git bash, etc, whereas
> today I would imagine actually just using the Linux version via WSL is
> likely the simplest option for many. Though I'm not suggesting you
> actually need to do any of those. Just having the checksum file in a
> similar format that people can more easily verify. (Though you could
> always do something like spin up a GHA etc build and have it grab and
> verify the existing files and create a replacement output, then
> manually verify that by comparison the same way an actual user might
> need to with just the ugly one).
>
> Ultimately it is a sha512 checksum, its just one thats a less typical
> format and so more difficult to use for its intended purpose. Maybe
> thats why many might seem to have not bothered.
>
> Robbie
>
> On Tue, 13 Jul 2021 at 16:06, Havret <h4...@gmail.com> wrote:
> >
> > Hi Robbie,
> >
> > Thanks for the hint regarding this "rat" thingy. I'll give it a try.
> >
> > Regarding sha, I've always been following this instruction -->
> > https://infra.apache.org/release-signing.html to generate sha for my
> > releases. This command to be precise:
> > $ gpg --print-md SHA512 [fileName] &gt; [fileName].sha512
> > I'm guessing that sha512sum is some Linux based tool that you're guys
> > using. Unfortunately it is not available on Windows. :(
> >
> > KP
> >
> >
> > On Tue, Jul 13, 2021 at 3:15 PM Robbie Gemmell <robbie.gemmell@gmail.com
> >
> > wrote:
> >
> > > See https://creadur.apache.org/rat/ for licence check tooling.
> > >
> > > I noted the checksum format wasn't typical one as I've never seen it
> > > used in a release before. The checkum being split into subsections and
> > > formatted in an uppercase multi line grid, and so doesnt work with e.g
> > > sha512sum, and also isnt so easily verified by eye either as a result.
> > > It sounds from your new description like you generated it with gpg
> > > originally, which is typically only used for the signatures. Perhaps
> > > gpg is able to verify the checksum files directly too, but I've also
> > > not seen instructions suggesting that before and so still wouldnt
> > > currently know how to do that without having a dig.
> > >
> > > The 'typical formats' I referred to previously are either the related
> > > filename and its basic checksum formatted on a line as e.g generated
> > > by sha512sum etc and easily verified by the same, or simply the basic
> > > checksum alone which can at least be eyeballed against a similar value
> > > generated by most things (though again, quite awkward with the gpg
> > > grid format one).
> > >
> > > Robbie
> > >
> > > On Tue, 13 Jul 2021 at 12:06, Havret <h4...@gmail.com> wrote:
> > > >
> > > > Hi Tim,
> > > >
> > > > I used the official recommended tooling to generate SHA the first
> time,
> > > but
> > > > Robbie compiled that the format was wrong. I don't know what else I
> can
> > > do.
> > > >
> > > > Regarding the missing headers, do you have any tooling (or script)
> that
> > > > could help me with scanning the files beforehand, so I don't have to
> > > > manually go through every single file? Maybe this kind of check
> should be
> > > > included in the CI pipeline?
> > > >
> > > > Thanks,
> > > > KP
> > > >
> > > > On Thu, Jul 8, 2021 at 5:30 PM Timothy Bish <ta...@gmail.com>
> wrote:
> > > >
> > > > > On 6/27/21 4:49 PM, Havret wrote:
> > > > > > Hi,
> > > > > >
> > > > > > This is the second run for activemq-nms-amqp 1.8.2.
> > > > > >
> > > > > > I've added the missing headers, updated the license files, and
> > > generated
> > > > > > SHA512 using powershell not gpg, so it should be more in line
> with
> > > what
> > > > > you
> > > > > > guys are used to.
> > > > > >
> > > > > > The files can be grabbed from:
> > > > > >
> > > > >
> > >
> https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/
> > > > > >
> > > > > > Please check it and vote accordingly.
> > > > > >
> > > > > > Regards,
> > > > > > KP
> > > > > >
> > > > > +0
> > > > >
> > > > > There still appear to be some missing license headers in test code
> > > such as:
> > > > >
> > > > > ./test/Apache-NMS-AMQP-Interop-Test/NmsSessionTest.cs
> > > > >
> > > > > And I cannot get the sha files to validate using standard tooling
> > > > > without hand editing the files as they don't see to follow normal
> file
> > > > > formatting that's expected by the tooling as documented on the
> Apache
> > > > > release validation guidelines.
> > > > >
> > > > > --
> > > > > Tim Bish
> > > > >
> > > > >
> > >
>

Re: [VOTE] Release activemq-nms-amqp 1.8.2-rc2

[Robbie Gemmell <ro...@gmail.com>]

Well there you go. Those instructions seem to be linked to now instead
of previous content which were not on infra.apache.org but elsewhere,
although they are themselves clearly still not that up to date given
the references to MD5 in the wider leadup section, with GPG being the
third suggestion there on how to generate a checksum.

I dont see any instructions on suggesting how you are meant to verify
the .sha512 output from GPG, so I guess perhaps I'd also use GPG to
create another similar file (after knowing thats what created it; I
expect many might not) and then diff the two. Or just eyeball the
output of some other tool, which is again quite annoying due to the
format. The new approach is easier to eyeball compare, though still
different enough to be annoying. Not a patch on the typical format.

There have been many ways to get the various shaXsum programs on
Windows too over the years such as cygwin, git bash, etc, whereas
today I would imagine actually just using the Linux version via WSL is
likely the simplest option for many. Though I'm not suggesting you
actually need to do any of those. Just having the checksum file in a
similar format that people can more easily verify. (Though you could
always do something like spin up a GHA etc build and have it grab and
verify the existing files and create a replacement output, then
manually verify that by comparison the same way an actual user might
need to with just the ugly one).

Ultimately it is a sha512 checksum, its just one thats a less typical
format and so more difficult to use for its intended purpose. Maybe
thats why many might seem to have not bothered.

Robbie

On Tue, 13 Jul 2021 at 16:06, Havret <h4...@gmail.com> wrote:
>
> Hi Robbie,
>
> Thanks for the hint regarding this "rat" thingy. I'll give it a try.
>
> Regarding sha, I've always been following this instruction -->
> https://infra.apache.org/release-signing.html to generate sha for my
> releases. This command to be precise:
> $ gpg --print-md SHA512 [fileName] &gt; [fileName].sha512
> I'm guessing that sha512sum is some Linux based tool that you're guys
> using. Unfortunately it is not available on Windows. :(
>
> KP
>
>
> On Tue, Jul 13, 2021 at 3:15 PM Robbie Gemmell <ro...@gmail.com>
> wrote:
>
> > See https://creadur.apache.org/rat/ for licence check tooling.
> >
> > I noted the checksum format wasn't typical one as I've never seen it
> > used in a release before. The checkum being split into subsections and
> > formatted in an uppercase multi line grid, and so doesnt work with e.g
> > sha512sum, and also isnt so easily verified by eye either as a result.
> > It sounds from your new description like you generated it with gpg
> > originally, which is typically only used for the signatures. Perhaps
> > gpg is able to verify the checksum files directly too, but I've also
> > not seen instructions suggesting that before and so still wouldnt
> > currently know how to do that without having a dig.
> >
> > The 'typical formats' I referred to previously are either the related
> > filename and its basic checksum formatted on a line as e.g generated
> > by sha512sum etc and easily verified by the same, or simply the basic
> > checksum alone which can at least be eyeballed against a similar value
> > generated by most things (though again, quite awkward with the gpg
> > grid format one).
> >
> > Robbie
> >
> > On Tue, 13 Jul 2021 at 12:06, Havret <h4...@gmail.com> wrote:
> > >
> > > Hi Tim,
> > >
> > > I used the official recommended tooling to generate SHA the first time,
> > but
> > > Robbie compiled that the format was wrong. I don't know what else I can
> > do.
> > >
> > > Regarding the missing headers, do you have any tooling (or script) that
> > > could help me with scanning the files beforehand, so I don't have to
> > > manually go through every single file? Maybe this kind of check should be
> > > included in the CI pipeline?
> > >
> > > Thanks,
> > > KP
> > >
> > > On Thu, Jul 8, 2021 at 5:30 PM Timothy Bish <ta...@gmail.com> wrote:
> > >
> > > > On 6/27/21 4:49 PM, Havret wrote:
> > > > > Hi,
> > > > >
> > > > > This is the second run for activemq-nms-amqp 1.8.2.
> > > > >
> > > > > I've added the missing headers, updated the license files, and
> > generated
> > > > > SHA512 using powershell not gpg, so it should be more in line with
> > what
> > > > you
> > > > > guys are used to.
> > > > >
> > > > > The files can be grabbed from:
> > > > >
> > > >
> > https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/
> > > > >
> > > > > Please check it and vote accordingly.
> > > > >
> > > > > Regards,
> > > > > KP
> > > > >
> > > > +0
> > > >
> > > > There still appear to be some missing license headers in test code
> > such as:
> > > >
> > > > ./test/Apache-NMS-AMQP-Interop-Test/NmsSessionTest.cs
> > > >
> > > > And I cannot get the sha files to validate using standard tooling
> > > > without hand editing the files as they don't see to follow normal file
> > > > formatting that's expected by the tooling as documented on the Apache
> > > > release validation guidelines.
> > > >
> > > > --
> > > > Tim Bish
> > > >
> > > >
> >

Re: [VOTE] Release activemq-nms-amqp 1.8.2-rc2

[Havret <h4...@gmail.com>]

Hi Robbie,

Thanks for the hint regarding this "rat" thingy. I'll give it a try.

Regarding sha, I've always been following this instruction -->
https://infra.apache.org/release-signing.html to generate sha for my
releases. This command to be precise:
$ gpg --print-md SHA512 [fileName] > [fileName].sha512
I'm guessing that sha512sum is some Linux based tool that you're guys
using. Unfortunately it is not available on Windows. :(

KP


On Tue, Jul 13, 2021 at 3:15 PM Robbie Gemmell <ro...@gmail.com>
wrote:

> See https://creadur.apache.org/rat/ for licence check tooling.
>
> I noted the checksum format wasn't typical one as I've never seen it
> used in a release before. The checkum being split into subsections and
> formatted in an uppercase multi line grid, and so doesnt work with e.g
> sha512sum, and also isnt so easily verified by eye either as a result.
> It sounds from your new description like you generated it with gpg
> originally, which is typically only used for the signatures. Perhaps
> gpg is able to verify the checksum files directly too, but I've also
> not seen instructions suggesting that before and so still wouldnt
> currently know how to do that without having a dig.
>
> The 'typical formats' I referred to previously are either the related
> filename and its basic checksum formatted on a line as e.g generated
> by sha512sum etc and easily verified by the same, or simply the basic
> checksum alone which can at least be eyeballed against a similar value
> generated by most things (though again, quite awkward with the gpg
> grid format one).
>
> Robbie
>
> On Tue, 13 Jul 2021 at 12:06, Havret <h4...@gmail.com> wrote:
> >
> > Hi Tim,
> >
> > I used the official recommended tooling to generate SHA the first time,
> but
> > Robbie compiled that the format was wrong. I don't know what else I can
> do.
> >
> > Regarding the missing headers, do you have any tooling (or script) that
> > could help me with scanning the files beforehand, so I don't have to
> > manually go through every single file? Maybe this kind of check should be
> > included in the CI pipeline?
> >
> > Thanks,
> > KP
> >
> > On Thu, Jul 8, 2021 at 5:30 PM Timothy Bish <ta...@gmail.com> wrote:
> >
> > > On 6/27/21 4:49 PM, Havret wrote:
> > > > Hi,
> > > >
> > > > This is the second run for activemq-nms-amqp 1.8.2.
> > > >
> > > > I've added the missing headers, updated the license files, and
> generated
> > > > SHA512 using powershell not gpg, so it should be more in line with
> what
> > > you
> > > > guys are used to.
> > > >
> > > > The files can be grabbed from:
> > > >
> > >
> https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/
> > > >
> > > > Please check it and vote accordingly.
> > > >
> > > > Regards,
> > > > KP
> > > >
> > > +0
> > >
> > > There still appear to be some missing license headers in test code
> such as:
> > >
> > > ./test/Apache-NMS-AMQP-Interop-Test/NmsSessionTest.cs
> > >
> > > And I cannot get the sha files to validate using standard tooling
> > > without hand editing the files as they don't see to follow normal file
> > > formatting that's expected by the tooling as documented on the Apache
> > > release validation guidelines.
> > >
> > > --
> > > Tim Bish
> > >
> > >
>

Re: [VOTE] Release activemq-nms-amqp 1.8.2-rc2

[Robbie Gemmell <ro...@gmail.com>]

See https://creadur.apache.org/rat/ for licence check tooling.

I noted the checksum format wasn't typical one as I've never seen it
used in a release before. The checkum being split into subsections and
formatted in an uppercase multi line grid, and so doesnt work with e.g
sha512sum, and also isnt so easily verified by eye either as a result.
It sounds from your new description like you generated it with gpg
originally, which is typically only used for the signatures. Perhaps
gpg is able to verify the checksum files directly too, but I've also
not seen instructions suggesting that before and so still wouldnt
currently know how to do that without having a dig.

The 'typical formats' I referred to previously are either the related
filename and its basic checksum formatted on a line as e.g generated
by sha512sum etc and easily verified by the same, or simply the basic
checksum alone which can at least be eyeballed against a similar value
generated by most things (though again, quite awkward with the gpg
grid format one).

Robbie

On Tue, 13 Jul 2021 at 12:06, Havret <h4...@gmail.com> wrote:
>
> Hi Tim,
>
> I used the official recommended tooling to generate SHA the first time, but
> Robbie compiled that the format was wrong. I don't know what else I can do.
>
> Regarding the missing headers, do you have any tooling (or script) that
> could help me with scanning the files beforehand, so I don't have to
> manually go through every single file? Maybe this kind of check should be
> included in the CI pipeline?
>
> Thanks,
> KP
>
> On Thu, Jul 8, 2021 at 5:30 PM Timothy Bish <ta...@gmail.com> wrote:
>
> > On 6/27/21 4:49 PM, Havret wrote:
> > > Hi,
> > >
> > > This is the second run for activemq-nms-amqp 1.8.2.
> > >
> > > I've added the missing headers, updated the license files, and generated
> > > SHA512 using powershell not gpg, so it should be more in line with what
> > you
> > > guys are used to.
> > >
> > > The files can be grabbed from:
> > >
> > https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/
> > >
> > > Please check it and vote accordingly.
> > >
> > > Regards,
> > > KP
> > >
> > +0
> >
> > There still appear to be some missing license headers in test code such as:
> >
> > ./test/Apache-NMS-AMQP-Interop-Test/NmsSessionTest.cs
> >
> > And I cannot get the sha files to validate using standard tooling
> > without hand editing the files as they don't see to follow normal file
> > formatting that's expected by the tooling as documented on the Apache
> > release validation guidelines.
> >
> > --
> > Tim Bish
> >
> >

Re: [VOTE] Release activemq-nms-amqp 1.8.2-rc2

[Havret <h4...@gmail.com>]

Hi Tim,

I used the official recommended tooling to generate SHA the first time, but
Robbie compiled that the format was wrong. I don't know what else I can do.

Regarding the missing headers, do you have any tooling (or script) that
could help me with scanning the files beforehand, so I don't have to
manually go through every single file? Maybe this kind of check should be
included in the CI pipeline?

Thanks,
KP

On Thu, Jul 8, 2021 at 5:30 PM Timothy Bish <ta...@gmail.com> wrote:

> On 6/27/21 4:49 PM, Havret wrote:
> > Hi,
> >
> > This is the second run for activemq-nms-amqp 1.8.2.
> >
> > I've added the missing headers, updated the license files, and generated
> > SHA512 using powershell not gpg, so it should be more in line with what
> you
> > guys are used to.
> >
> > The files can be grabbed from:
> >
> https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/
> >
> > Please check it and vote accordingly.
> >
> > Regards,
> > KP
> >
> +0
>
> There still appear to be some missing license headers in test code such as:
>
> ./test/Apache-NMS-AMQP-Interop-Test/NmsSessionTest.cs
>
> And I cannot get the sha files to validate using standard tooling
> without hand editing the files as they don't see to follow normal file
> formatting that's expected by the tooling as documented on the Apache
> release validation guidelines.
>
> --
> Tim Bish
>
>

Re: [VOTE] Release activemq-nms-amqp 1.8.2-rc2

[Timothy Bish <ta...@gmail.com>]

On 6/27/21 4:49 PM, Havret wrote:
> Hi,
>
> This is the second run for activemq-nms-amqp 1.8.2.
>
> I've added the missing headers, updated the license files, and generated
> SHA512 using powershell not gpg, so it should be more in line with what you
> guys are used to.
>
> The files can be grabbed from:
> https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/
>
> Please check it and vote accordingly.
>
> Regards,
> KP
>
+0

There still appear to be some missing license headers in test code such as:

./test/Apache-NMS-AMQP-Interop-Test/NmsSessionTest.cs

And I cannot get the sha files to validate using standard tooling 
without hand editing the files as they don't see to follow normal file 
formatting that's expected by the tooling as documented on the Apache 
release validation guidelines.

-- 
Tim Bish

Re: [VOTE] Release activemq-nms-amqp 1.8.2-rc2

["L." <tr...@interia.pl>]

+1 (non-binding)

Regards

W dniu 27.06.2021 o 22:49, Havret pisze:
> Hi,
>
> This is the second run for activemq-nms-amqp 1.8.2.
>
> I've added the missing headers, updated the license files, and generated
> SHA512 using powershell not gpg, so it should be more in line with what you
> guys are used to.
>
> The files can be grabbed from:
> https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/
>
> Please check it and vote accordingly.
>
> Regards,
> KP
>