You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rya.apache.org by "Aaron D. Mihalik" <aa...@gmail.com> on 2016/10/21 05:28:16 UTC
[VOTE] Release Rya (Incubating) version 3.2.10 RC3
I am pleased to be calling this vote for the source release of Apache Rya
(Incubating), version 3.2.10.
The source zip, including signatures, digests, etc. can be found at:
https://dist.apache.org/repos/dist/dev/incubator/rya/rya-incubating-3.2.10-rc3/
Ancillary artifacts such as poms, jars, wars, ect. can be found here:
https://repository.apache.org/content/repositories/orgapacherya-1004/org/apache/rya/rya-project/3.2.10-incubating/
The Git tag is rya-incubating-3.2.10-rc3
The Git commit ID is 66d8b7f060bddeeb7c50cb0918f98ce3b265c564
https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564
Checksums of rya-project-3.2.10-source-release.zip:
SHA1: 4468f55b9f381e9103ca1e2e9c25b30e1cad4ed0
MD5: a28d9a146857576903ff4fc3f7dae908
Release artifacts are signed with the following key:
https://people.apache.org/keys/committer/mihalik.asc
KEYS file available here:
https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
Issues that were closed/resolved for this release are here:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334209&styleName=Html&projectId=12319020
Issues resolved between RC1 and RC2 are here:
https://issues.apache.org/jira/browse/RYA-184
Issues resolved between RC2 and RC3 are here:
https://issues.apache.org/jira/browse/RYA-209
The vote will be open for 72 hours.
Please download the release candidate and evaluate the necessary items
including checking hashes, signatures, build from source, and test. The
please vote:
[ ] +1 Release this package as rya-project-3.2.10
[ ] +0 no opinion
[ ] -1 Do not release this package because because...
Re: [VOTE] Release Rya (Incubating) version 3.2.10 RC3
Posted by Puja Valiyil <pu...@gmail.com>.
+1 (binding)
Looked like the issues preventing the earlier release were resolved.
On Mon, Oct 24, 2016 at 3:29 PM, Aaron D. Mihalik <aa...@gmail.com>
wrote:
> This is a gentle reminder to everyone to provide some feedback on the
> release candidate. We need at least another binding vote to continue this
> process.
>
> Also, non-binding votes are encouraged :)
>
> Josh/Adina: I have looked at your feedback and made minor updates, tickets,
> and comments to address the issues you raised:
>
>
> > [Josh] Apache Accumulo®, please
>
> I have updated the website accordingly
>
> > [Josh] lots of warnings in your Maven project
>
> Created a Jira issue for this: RYA-216 - Clean up Maven Warnings
>
> > [Josh] include when the 72hrs is "up" (with tz)
>
> I updated the template
>
> > [Adina] Maybe we should put the KEYS file both in
> dist.a.o/repos/dist/dev/ and dist.a.o/repos/dist/release/
>
> Initially, I had the KEYS file in both places but I noticed that most
> projects only have it in "release" and I thought it might be confusing to
> maintain two files with the same content. I'm fine reverting back to both
> places, however. Let me know.
>
>
> > [Josh] you have no other signatures on your key
>
> David Lotts signed my key last week. I updated dist.a.o [1] but my key on
> people.a.o [2] is doesn't reflect David's signature. Any idea how to push
> an update? The key server that people.a.o pulls from has the update [3].
>
> > [Josh] Put some thought in how your source-release creates binaries
>
> Agreed... created RYA-217 Evaluate Shaded and Zip'd artifacts
>
>
> --Aaron
>
>
> [1] https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
> [2] http://people.apache.org/keys/committer/mihalik.asc
> [3]
> http://keys2.kfwebs.net/pks/lookup?op=vindex&search=
> 0x8E6245BF6937DEAE1F7B72DDC3CC40CAF50EAE1A
>
>
> On Sun, Oct 23, 2016 at 2:54 PM Adina Crainiceanu <ad...@usna.edu> wrote:
>
> +1 binding
>
> I checked:
> * name includes incubating
> * DISCLAIMER exists and has the correct content
> * LICENSE and NOTICE exist and they have the correct content (if we don't
> bundle any dependencies)
> * release artifacts placed in
> https://dist.apache.org/repos/dist/dev/incubator/rya/
> * checksums correct (md5 and sha1)
> * signature correct. Maybe we should put the KEYS file both in
> https://dist.apache.org/repos/dist/dev/incubator/rya/ (where I expected it
> to check the release) and
> https://dist.apache.org/repos/dist/release/incubator/rya/ (where others
> can
> download when we have the official release)
> * no unexpected binaries in the .zip file
> * can build from source, with included tests (I did mvm clean install)
>
> Thank you,
> Adina
>
> On Fri, Oct 21, 2016 at 1:31 PM, Josh Elser <el...@apache.org> wrote:
>
> > +1
> >
> > * Sig/Xsums OK, but you have no other signatures on your key to verify
> > that the key used to sign these artifacts is actually your key, Aaron.
> > Maybe you can find someone (in person or via phone) or who can your key
> for
> > you? [1]
> > * Verified that geoindexing is "off"
> > * Cursory glance over dependencies getting bundled in shaded JARs and
> they
> > look OK
> > * Listed commit exists in the repo
> > * L&N look correct for source release
> > * DISCLAIMER present
> > * Could build from source (`mvn package`)
> >
> > Overview on your website:
> >
> > * "Apache Rya (incubating) is a scalable RDF triple store built on top of
> > a columnar index store (Accumulo)." Apache Accumulo®, please.
> > * Required links are present to ASF
> > * Incubator branding looks good (to my memory)
> > * "Apache Rya (incubating)" is prominent too.
> >
> > Other things:
> >
> > * Noticed lots of warnings in your Maven project. Would be good to
> address
> > this to reduce the likelihood of build issues by users. [2]
> > * Nit: would be good to include when the 72hrs is "up" (with tz) instead
> > of relying on the timestamp that the message landed in
> > someone's inbox.
> > * Got an error running a `mvn install` (since your dependency graph seems
> > to be busted -- couldn't run a `mvn dependency:tree` without as I should
> be
> > able to). [3] Rerunning it was fine the second time..
> > * Maintaining your shaded jars over time is probably a losing battle (if
> > the licensing issues this time around weren't sign enough). I'd suggest
> you
> > start putting some thought in how your source-release creates binaries
> that
> > can be useful for people who want to run Rya but are not using the exact
> > versions of all of the dependencies you're bundling for them.
> > * I didn't inspect the JARs you're also distributing for licensing
> > correctness. Will let this slide since for now :)
> >
> > - Josh
> >
> > [1] https://www.apache.org/dev/release-signing.html#web-of-trust
> > [2] https://paste.apache.org/CQf3
> > [3] https://paste.apache.org/ssGd
> >
> >
> > Aaron D. Mihalik wrote:
> >
> >> I am pleased to be calling this vote for the source release of Apache
> Rya
> >> (Incubating), version 3.2.10.
> >>
> >> The source zip, including signatures, digests, etc. can be found at:
> >> https://dist.apache.org/repos/dist/dev/incubator/rya/rya-inc
> >> ubating-3.2.10-rc3/
> >>
> >> Ancillary artifacts such as poms, jars, wars, ect. can be found here:
> >> https://repository.apache.org/content/repositories/orgapache
> >> rya-1004/org/apache/rya/rya-project/3.2.10-incubating/
> >>
> >> The Git tag is rya-incubating-3.2.10-rc3
> >> The Git commit ID is 66d8b7f060bddeeb7c50cb0918f98ce3b265c564
> >> https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;
> >> a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564
> >>
> >> Checksums of rya-project-3.2.10-source-release.zip:
> >> SHA1: 4468f55b9f381e9103ca1e2e9c25b30e1cad4ed0
> >> MD5: a28d9a146857576903ff4fc3f7dae908
> >>
> >> Release artifacts are signed with the following key:
> >> https://people.apache.org/keys/committer/mihalik.asc
> >>
> >> KEYS file available here:
> >> https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
> >>
> >> Issues that were closed/resolved for this release are here:
> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?versi
> >> on=12334209&styleName=Html&projectId=12319020
> >>
> >> Issues resolved between RC1 and RC2 are here:
> >> https://issues.apache.org/jira/browse/RYA-184
> >>
> >> Issues resolved between RC2 and RC3 are here:
> >> https://issues.apache.org/jira/browse/RYA-209
> >>
> >> The vote will be open for 72 hours.
> >> Please download the release candidate and evaluate the necessary items
> >> including checking hashes, signatures, build from source, and test. The
> >> please vote:
> >>
> >> [ ] +1 Release this package as rya-project-3.2.10
> >> [ ] +0 no opinion
> >> [ ] -1 Do not release this package because because...
> >>
> >>
>
>
> --
> Dr. Adina Crainiceanu
> Associate Professor, Computer Science Department
> United States Naval Academy
> 410-293-6822 <(410)%20293-6822>
> adina@usna.edu
> http://www.usna.edu/Users/cs/adina/
>
RE: [VOTE] Release Rya (Incubating) version 3.2.10 RC3
Posted by "Meier, Caleb" <Ca...@parsons.com>.
+1 (binding)
Everything built fine. The signatures and hashes were correct, and there were no extra binaries. At the bottom of the e-mail are the remaining licenses that don't
fall into the "good" list of ASF pre-approved licenses. These were obtained by running
mvn license:aggregate-add-third-party
and then
egrep -iv "BSD|ASF|MIT|CDDL|EPL|Apache|Eclipse|Public Domain" target/generated-sources/license/THIRD-PARTY.txt
I'm assuming that these have been signed off on by Josh, Puja, and Aaron.
(Unknown license) ASM Core (asm:asm:3.1 - http://asm.objectweb.org/asm/)
(GNU LESSER GENERAL PUBLIC LICENSE) JCalendar (com.toedter:jcalendar:1.1.4 - http://www.toedter.com/en/jcalendar/)
(Unknown license) commons-beanutils (commons-beanutils:commons-beanutils:1.7.0 - no url defined)
(HSQLDB License) HSQLDB (hsqldb:hsqldb:1.8.0.10 - http://hsqldb.org/)
(Unknown license) servlet-api (javax.servlet:servlet-api:2.5 - no url defined)
(Unknown license) jsp-api (javax.servlet.jsp:jsp-api:2.1 - no url defined)
(Common Public License Version 1.0) JUnit (junit:junit:4.8.2 - http://junit.org)
(ASL, version 2) (LGPL, version 2.1) Java Native Access (net.java.dev.jna:jna:4.0.0 - https://github.com/twall/jna)
(ASL, version 2) (LGPL, version 2.1) Java Native Access Platform (net.java.dev.jna:jna-platform:4.0.0 - https://github.com/twall/jna)
(Unknown license) Antlr 3.4 Runtime (org.antlr:antlr-runtime:3.4 - http://www.antlr.org)
(Unknown license) Jettison (org.codehaus.jettison:jettison:1.1 - no url defined)
(GNU General Public License (GPL), version 2, with the Classpath exception) JMH Core (org.openjdk.jmh:jmh-core:1.13 - http://openjdk.java.net/projects/code-tools/jmh/jmh-core/)
(GNU General Public License (GPL), version 2, with the Classpath exception) JMH Generators: Annotation Processors (org.openjdk.jmh:jmh-generator-annprocess:1.13 - http://openjdk.java.net/projects/code-tools/jmh/jmh-generator-annprocess/)
(Unknown license) org.osgi.compendium (org.osgi:org.osgi.compendium:4.2.0 - no url defined)
(Unknown license) org.osgi.core (org.osgi:org.osgi.core:4.2.0 - no url defined)
(Unknown license) spring-aop (org.springframework:spring-aop:3.0.5.RELEASE - no url defined)
(Unknown license) spring-asm (org.springframework:spring-asm:3.0.5.RELEASE - no url defined)
(Unknown license) spring-context-support (org.springframework:spring-context-support:3.0.7.RELEASE - no url defined)
(Unknown license) spring-tx (org.springframework:spring-tx:3.0.5.RELEASE - no url defined)
(Unknown license) oro (oro:oro:2.0.8 - no url defined)
(Unknown license) regexp (regexp:regexp:1.3 - no url defined)
(Unknown license) jasper-compiler (tomcat:jasper-compiler:5.5.12 - no url defined)
(Unknown license) jasper-runtime (tomcat:jasper-runtime:5.5.12 - no url defined)
-----Original Message-----
From: Aaron D. Mihalik [mailto:aaron.mihalik@gmail.com]
Sent: Monday, October 24, 2016 3:30 PM
To: dev@rya.incubator.apache.org
Subject: Re: [VOTE] Release Rya (Incubating) version 3.2.10 RC3
This is a gentle reminder to everyone to provide some feedback on the release candidate. We need at least another binding vote to continue this process.
Also, non-binding votes are encouraged :)
Josh/Adina: I have looked at your feedback and made minor updates, tickets, and comments to address the issues you raised:
> [Josh] Apache Accumulo®, please
I have updated the website accordingly
> [Josh] lots of warnings in your Maven project
Created a Jira issue for this: RYA-216 - Clean up Maven Warnings
> [Josh] include when the 72hrs is "up" (with tz)
I updated the template
> [Adina] Maybe we should put the KEYS file both in
dist.a.o/repos/dist/dev/ and dist.a.o/repos/dist/release/
Initially, I had the KEYS file in both places but I noticed that most projects only have it in "release" and I thought it might be confusing to maintain two files with the same content. I'm fine reverting back to both places, however. Let me know.
> [Josh] you have no other signatures on your key
David Lotts signed my key last week. I updated dist.a.o [1] but my key on people.a.o [2] is doesn't reflect David's signature. Any idea how to push an update? The key server that people.a.o pulls from has the update [3].
> [Josh] Put some thought in how your source-release creates binaries
Agreed... created RYA-217 Evaluate Shaded and Zip'd artifacts
--Aaron
[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_release_incubator_rya_KEYS&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=oRAGQlItutHUnC5pj152XKymSWuxBwgqInEwC-XkZBc&e=
[2] https://urldefense.proofpoint.com/v2/url?u=http-3A__people.apache.org_keys_committer_mihalik.asc&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=wnTXMcREN54rvH0rdTYWgUnwpJ_4F0rLwQIdQOVofaI&e=
[3]
https://urldefense.proofpoint.com/v2/url?u=http-3A__keys2.kfwebs.net_pks_lookup-3Fop-3Dvindex-26search-3D0x8E6245BF6937DEAE1F7B72DDC3CC40CAF50EAE1A&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=vN-ly-lFFX3zxR2i_unUjErbKeTlpQazoERvKvoGKoE&e=
On Sun, Oct 23, 2016 at 2:54 PM Adina Crainiceanu <ad...@usna.edu> wrote:
+1 binding
I checked:
* name includes incubating
* DISCLAIMER exists and has the correct content
* LICENSE and NOTICE exist and they have the correct content (if we don't bundle any dependencies)
* release artifacts placed in
https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_dev_incubator_rya_&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=RqgcGrrexpEUivnXcJkwH7QtW9iWlZJ8O6zJp_VtJmY&e=
* checksums correct (md5 and sha1)
* signature correct. Maybe we should put the KEYS file both in https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_dev_incubator_rya_&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=RqgcGrrexpEUivnXcJkwH7QtW9iWlZJ8O6zJp_VtJmY&e= (where I expected it to check the release) and https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_repos_dist_release_incubator_rya_&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=N_01x-2tZjuhIZ7TQSs94guF0-qR2KoZ3LV7YSk8AKw&e= (where others can download when we have the official release)
* no unexpected binaries in the .zip file
* can build from source, with included tests (I did mvm clean install)
Thank you,
Adina
On Fri, Oct 21, 2016 at 1:31 PM, Josh Elser <el...@apache.org> wrote:
> +1
>
> * Sig/Xsums OK, but you have no other signatures on your key to verify
> that the key used to sign these artifacts is actually your key, Aaron.
> Maybe you can find someone (in person or via phone) or who can your
> key
for
> you? [1]
> * Verified that geoindexing is "off"
> * Cursory glance over dependencies getting bundled in shaded JARs and
> they look OK
> * Listed commit exists in the repo
> * L&N look correct for source release
> * DISCLAIMER present
> * Could build from source (`mvn package`)
>
> Overview on your website:
>
> * "Apache Rya (incubating) is a scalable RDF triple store built on top
> of a columnar index store (Accumulo)." Apache Accumulo®, please.
> * Required links are present to ASF
> * Incubator branding looks good (to my memory)
> * "Apache Rya (incubating)" is prominent too.
>
> Other things:
>
> * Noticed lots of warnings in your Maven project. Would be good to
> address this to reduce the likelihood of build issues by users. [2]
> * Nit: would be good to include when the 72hrs is "up" (with tz)
> instead of relying on the timestamp that the message landed in
> someone's inbox.
> * Got an error running a `mvn install` (since your dependency graph
> seems to be busted -- couldn't run a `mvn dependency:tree` without as
> I should
be
> able to). [3] Rerunning it was fine the second time..
> * Maintaining your shaded jars over time is probably a losing battle
> (if the licensing issues this time around weren't sign enough). I'd
> suggest
you
> start putting some thought in how your source-release creates binaries
that
> can be useful for people who want to run Rya but are not using the
> exact versions of all of the dependencies you're bundling for them.
> * I didn't inspect the JARs you're also distributing for licensing
> correctness. Will let this slide since for now :)
>
> - Josh
>
> [1]
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.apache.org_de
> v_release-2Dsigning.html-23web-2Dof-2Dtrust&d=CwIFaQ&c=Nwf-pp4xtYRe0sC
> RVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD
> 0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=JIUjOmAJK7rviGMEz
> 2CWNsPlVmfcCG9cut5EWcqv6DU&e= [2]
> https://urldefense.proofpoint.com/v2/url?u=https-3A__paste.apache.org_
> CQf3&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2
> kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT
> 5VIhodw6Bys&s=jW8-JckYUpKzpZreQGZyXybPtt-vcNC19HCyYm6DV6w&e=
> [3]
> https://urldefense.proofpoint.com/v2/url?u=https-3A__paste.apache.org_
> ssGd&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2
> kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT
> 5VIhodw6Bys&s=SiS7n7mDlGH48lmnr6PxgubewLkTMcfYbwGQF8MyJos&e=
>
>
> Aaron D. Mihalik wrote:
>
>> I am pleased to be calling this vote for the source release of Apache
>> Rya (Incubating), version 3.2.10.
>>
>> The source zip, including signatures, digests, etc. can be found at:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_
>> repos_dist_dev_incubator_rya_rya-2Dinc&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8
>> _LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo
>> 8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=w0kg8QTGTOMKE4-uSuG
>> -ibGklc44f5lzV2z26blO2Ws&e=
>> ubating-3.2.10-rc3/
>>
>> Ancillary artifacts such as poms, jars, wars, ect. can be found here:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__repository.apach
>> e.org_content_repositories_orgapache&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_L
>> WH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&
>> m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=bpuzbTB6lojJ_cE8-NgDi
>> O_J4sCpibZ11axua527md8&e=
>> rya-1004/org/apache/rya/rya-project/3.2.10-incubating/
>>
>> The Git tag is rya-incubating-3.2.10-rc3 The Git commit ID is
>> 66d8b7f060bddeeb7c50cb0918f98ce3b265c564
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__git-2Dwip-2Dus.a
>> pache.org_repos_asf-3Fp-3Dincubator-2Drya.git&d=CwIFaQ&c=Nwf-pp4xtYRe
>> 0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4
>> WXTD0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=ktCV0PbRwcqf
>> 2MNSik7aRx7i_PeCRQl2f1NRUoSp7ic&e= ;
>> a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564
>>
>> Checksums of rya-project-3.2.10-source-release.zip:
>> SHA1: 4468f55b9f381e9103ca1e2e9c25b30e1cad4ed0
>> MD5: a28d9a146857576903ff4fc3f7dae908
>>
>> Release artifacts are signed with the following key:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__people.apache.or
>> g_keys_committer_mihalik.asc&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF
>> 7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJt
>> jCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=qdngMmn6ujEDbPPZPSrvB04jx25ps
>> 5UmWv1cMWfW8CQ&e=
>>
>> KEYS file available here:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__dist.apache.org_
>> repos_dist_release_incubator_rya_KEYS&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_
>> LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8
>> &m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=oRAGQlItutHUnC5pj152
>> XKymSWuxBwgqInEwC-XkZBc&e=
>>
>> Issues that were closed/resolved for this release are here:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.or
>> g_jira_secure_ReleaseNote.jspa-3Fversi&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8
>> _LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo
>> 8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=mn5qEPBUNKYU7SabEEC
>> oF4hfI7O-vZ_hZ5SHZzWJpgY&e=
>> on=12334209&styleName=Html&projectId=12319020
>>
>> Issues resolved between RC1 and RC2 are here:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.or
>> g_jira_browse_RYA-2D184&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmr
>> YIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTq
>> WYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=8SiHJo-jCqvx8XchCZNLNI2ax61fD_Bojx
>> fofsSHw84&e=
>>
>> Issues resolved between RC2 and RC3 are here:
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.or
>> g_jira_browse_RYA-2D209&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmr
>> YIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTq
>> WYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=FhXvmswKKU781YHDxS_f4MpVXWYEkH8YVq
>> Idpl62rrA&e=
>>
>> The vote will be open for 72 hours.
>> Please download the release candidate and evaluate the necessary
>> items including checking hashes, signatures, build from source, and
>> test. The please vote:
>>
>> [ ] +1 Release this package as rya-project-3.2.10 [ ] +0 no opinion [
>> ] -1 Do not release this package because because...
>>
>>
--
Dr. Adina Crainiceanu
Associate Professor, Computer Science Department United States Naval Academy
410-293-6822 <(410)%20293-6822>
adina@usna.edu
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.usna.edu_Users_cs_adina_&d=CwIFaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=vuVdzYC2kksVZR5STiFwDpzJ7CrMHCgeo_4WXTD0qo8&m=ZfEFJtjCrTqWYlOG5OQ1anhuoUqfwnAT5VIhodw6Bys&s=auxia68b3jUMOO3sTEBKTD-NEIiXXm9-mXkBv6-7Zug&e=
Re: [VOTE] Release Rya (Incubating) version 3.2.10 RC3
Posted by "Aaron D. Mihalik" <aa...@gmail.com>.
This is a gentle reminder to everyone to provide some feedback on the
release candidate. We need at least another binding vote to continue this
process.
Also, non-binding votes are encouraged :)
Josh/Adina: I have looked at your feedback and made minor updates, tickets,
and comments to address the issues you raised:
> [Josh] Apache Accumulo®, please
I have updated the website accordingly
> [Josh] lots of warnings in your Maven project
Created a Jira issue for this: RYA-216 - Clean up Maven Warnings
> [Josh] include when the 72hrs is "up" (with tz)
I updated the template
> [Adina] Maybe we should put the KEYS file both in
dist.a.o/repos/dist/dev/ and dist.a.o/repos/dist/release/
Initially, I had the KEYS file in both places but I noticed that most
projects only have it in "release" and I thought it might be confusing to
maintain two files with the same content. I'm fine reverting back to both
places, however. Let me know.
> [Josh] you have no other signatures on your key
David Lotts signed my key last week. I updated dist.a.o [1] but my key on
people.a.o [2] is doesn't reflect David's signature. Any idea how to push
an update? The key server that people.a.o pulls from has the update [3].
> [Josh] Put some thought in how your source-release creates binaries
Agreed... created RYA-217 Evaluate Shaded and Zip'd artifacts
--Aaron
[1] https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
[2] http://people.apache.org/keys/committer/mihalik.asc
[3]
http://keys2.kfwebs.net/pks/lookup?op=vindex&search=0x8E6245BF6937DEAE1F7B72DDC3CC40CAF50EAE1A
On Sun, Oct 23, 2016 at 2:54 PM Adina Crainiceanu <ad...@usna.edu> wrote:
+1 binding
I checked:
* name includes incubating
* DISCLAIMER exists and has the correct content
* LICENSE and NOTICE exist and they have the correct content (if we don't
bundle any dependencies)
* release artifacts placed in
https://dist.apache.org/repos/dist/dev/incubator/rya/
* checksums correct (md5 and sha1)
* signature correct. Maybe we should put the KEYS file both in
https://dist.apache.org/repos/dist/dev/incubator/rya/ (where I expected it
to check the release) and
https://dist.apache.org/repos/dist/release/incubator/rya/ (where others can
download when we have the official release)
* no unexpected binaries in the .zip file
* can build from source, with included tests (I did mvm clean install)
Thank you,
Adina
On Fri, Oct 21, 2016 at 1:31 PM, Josh Elser <el...@apache.org> wrote:
> +1
>
> * Sig/Xsums OK, but you have no other signatures on your key to verify
> that the key used to sign these artifacts is actually your key, Aaron.
> Maybe you can find someone (in person or via phone) or who can your key
for
> you? [1]
> * Verified that geoindexing is "off"
> * Cursory glance over dependencies getting bundled in shaded JARs and they
> look OK
> * Listed commit exists in the repo
> * L&N look correct for source release
> * DISCLAIMER present
> * Could build from source (`mvn package`)
>
> Overview on your website:
>
> * "Apache Rya (incubating) is a scalable RDF triple store built on top of
> a columnar index store (Accumulo)." Apache Accumulo®, please.
> * Required links are present to ASF
> * Incubator branding looks good (to my memory)
> * "Apache Rya (incubating)" is prominent too.
>
> Other things:
>
> * Noticed lots of warnings in your Maven project. Would be good to address
> this to reduce the likelihood of build issues by users. [2]
> * Nit: would be good to include when the 72hrs is "up" (with tz) instead
> of relying on the timestamp that the message landed in
> someone's inbox.
> * Got an error running a `mvn install` (since your dependency graph seems
> to be busted -- couldn't run a `mvn dependency:tree` without as I should
be
> able to). [3] Rerunning it was fine the second time..
> * Maintaining your shaded jars over time is probably a losing battle (if
> the licensing issues this time around weren't sign enough). I'd suggest
you
> start putting some thought in how your source-release creates binaries
that
> can be useful for people who want to run Rya but are not using the exact
> versions of all of the dependencies you're bundling for them.
> * I didn't inspect the JARs you're also distributing for licensing
> correctness. Will let this slide since for now :)
>
> - Josh
>
> [1] https://www.apache.org/dev/release-signing.html#web-of-trust
> [2] https://paste.apache.org/CQf3
> [3] https://paste.apache.org/ssGd
>
>
> Aaron D. Mihalik wrote:
>
>> I am pleased to be calling this vote for the source release of Apache Rya
>> (Incubating), version 3.2.10.
>>
>> The source zip, including signatures, digests, etc. can be found at:
>> https://dist.apache.org/repos/dist/dev/incubator/rya/rya-inc
>> ubating-3.2.10-rc3/
>>
>> Ancillary artifacts such as poms, jars, wars, ect. can be found here:
>> https://repository.apache.org/content/repositories/orgapache
>> rya-1004/org/apache/rya/rya-project/3.2.10-incubating/
>>
>> The Git tag is rya-incubating-3.2.10-rc3
>> The Git commit ID is 66d8b7f060bddeeb7c50cb0918f98ce3b265c564
>> https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;
>> a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564
>>
>> Checksums of rya-project-3.2.10-source-release.zip:
>> SHA1: 4468f55b9f381e9103ca1e2e9c25b30e1cad4ed0
>> MD5: a28d9a146857576903ff4fc3f7dae908
>>
>> Release artifacts are signed with the following key:
>> https://people.apache.org/keys/committer/mihalik.asc
>>
>> KEYS file available here:
>> https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
>>
>> Issues that were closed/resolved for this release are here:
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?versi
>> on=12334209&styleName=Html&projectId=12319020
>>
>> Issues resolved between RC1 and RC2 are here:
>> https://issues.apache.org/jira/browse/RYA-184
>>
>> Issues resolved between RC2 and RC3 are here:
>> https://issues.apache.org/jira/browse/RYA-209
>>
>> The vote will be open for 72 hours.
>> Please download the release candidate and evaluate the necessary items
>> including checking hashes, signatures, build from source, and test. The
>> please vote:
>>
>> [ ] +1 Release this package as rya-project-3.2.10
>> [ ] +0 no opinion
>> [ ] -1 Do not release this package because because...
>>
>>
--
Dr. Adina Crainiceanu
Associate Professor, Computer Science Department
United States Naval Academy
410-293-6822 <(410)%20293-6822>
adina@usna.edu
http://www.usna.edu/Users/cs/adina/
Re: [VOTE] Release Rya (Incubating) version 3.2.10 RC3
Posted by Adina Crainiceanu <ad...@usna.edu>.
+1 binding
I checked:
* name includes incubating
* DISCLAIMER exists and has the correct content
* LICENSE and NOTICE exist and they have the correct content (if we don't
bundle any dependencies)
* release artifacts placed in
https://dist.apache.org/repos/dist/dev/incubator/rya/
* checksums correct (md5 and sha1)
* signature correct. Maybe we should put the KEYS file both in
https://dist.apache.org/repos/dist/dev/incubator/rya/ (where I expected it
to check the release) and
https://dist.apache.org/repos/dist/release/incubator/rya/ (where others can
download when we have the official release)
* no unexpected binaries in the .zip file
* can build from source, with included tests (I did mvm clean install)
Thank you,
Adina
On Fri, Oct 21, 2016 at 1:31 PM, Josh Elser <el...@apache.org> wrote:
> +1
>
> * Sig/Xsums OK, but you have no other signatures on your key to verify
> that the key used to sign these artifacts is actually your key, Aaron.
> Maybe you can find someone (in person or via phone) or who can your key for
> you? [1]
> * Verified that geoindexing is "off"
> * Cursory glance over dependencies getting bundled in shaded JARs and they
> look OK
> * Listed commit exists in the repo
> * L&N look correct for source release
> * DISCLAIMER present
> * Could build from source (`mvn package`)
>
> Overview on your website:
>
> * "Apache Rya (incubating) is a scalable RDF triple store built on top of
> a columnar index store (Accumulo)." Apache Accumulo®, please.
> * Required links are present to ASF
> * Incubator branding looks good (to my memory)
> * "Apache Rya (incubating)" is prominent too.
>
> Other things:
>
> * Noticed lots of warnings in your Maven project. Would be good to address
> this to reduce the likelihood of build issues by users. [2]
> * Nit: would be good to include when the 72hrs is "up" (with tz) instead
> of relying on the timestamp that the message landed in
> someone's inbox.
> * Got an error running a `mvn install` (since your dependency graph seems
> to be busted -- couldn't run a `mvn dependency:tree` without as I should be
> able to). [3] Rerunning it was fine the second time..
> * Maintaining your shaded jars over time is probably a losing battle (if
> the licensing issues this time around weren't sign enough). I'd suggest you
> start putting some thought in how your source-release creates binaries that
> can be useful for people who want to run Rya but are not using the exact
> versions of all of the dependencies you're bundling for them.
> * I didn't inspect the JARs you're also distributing for licensing
> correctness. Will let this slide since for now :)
>
> - Josh
>
> [1] https://www.apache.org/dev/release-signing.html#web-of-trust
> [2] https://paste.apache.org/CQf3
> [3] https://paste.apache.org/ssGd
>
>
> Aaron D. Mihalik wrote:
>
>> I am pleased to be calling this vote for the source release of Apache Rya
>> (Incubating), version 3.2.10.
>>
>> The source zip, including signatures, digests, etc. can be found at:
>> https://dist.apache.org/repos/dist/dev/incubator/rya/rya-inc
>> ubating-3.2.10-rc3/
>>
>> Ancillary artifacts such as poms, jars, wars, ect. can be found here:
>> https://repository.apache.org/content/repositories/orgapache
>> rya-1004/org/apache/rya/rya-project/3.2.10-incubating/
>>
>> The Git tag is rya-incubating-3.2.10-rc3
>> The Git commit ID is 66d8b7f060bddeeb7c50cb0918f98ce3b265c564
>> https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;
>> a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564
>>
>> Checksums of rya-project-3.2.10-source-release.zip:
>> SHA1: 4468f55b9f381e9103ca1e2e9c25b30e1cad4ed0
>> MD5: a28d9a146857576903ff4fc3f7dae908
>>
>> Release artifacts are signed with the following key:
>> https://people.apache.org/keys/committer/mihalik.asc
>>
>> KEYS file available here:
>> https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
>>
>> Issues that were closed/resolved for this release are here:
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?versi
>> on=12334209&styleName=Html&projectId=12319020
>>
>> Issues resolved between RC1 and RC2 are here:
>> https://issues.apache.org/jira/browse/RYA-184
>>
>> Issues resolved between RC2 and RC3 are here:
>> https://issues.apache.org/jira/browse/RYA-209
>>
>> The vote will be open for 72 hours.
>> Please download the release candidate and evaluate the necessary items
>> including checking hashes, signatures, build from source, and test. The
>> please vote:
>>
>> [ ] +1 Release this package as rya-project-3.2.10
>> [ ] +0 no opinion
>> [ ] -1 Do not release this package because because...
>>
>>
--
Dr. Adina Crainiceanu
Associate Professor, Computer Science Department
United States Naval Academy
410-293-6822
adina@usna.edu
http://www.usna.edu/Users/cs/adina/
Re: [VOTE] Release Rya (Incubating) version 3.2.10 RC3
Posted by Josh Elser <el...@apache.org>.
+1
* Sig/Xsums OK, but you have no other signatures on your key to verify
that the key used to sign these artifacts is actually your key, Aaron.
Maybe you can find someone (in person or via phone) or who can your key
for you? [1]
* Verified that geoindexing is "off"
* Cursory glance over dependencies getting bundled in shaded JARs and
they look OK
* Listed commit exists in the repo
* L&N look correct for source release
* DISCLAIMER present
* Could build from source (`mvn package`)
Overview on your website:
* "Apache Rya (incubating) is a scalable RDF triple store built on top
of a columnar index store (Accumulo)." Apache Accumulo�, please.
* Required links are present to ASF
* Incubator branding looks good (to my memory)
* "Apache Rya (incubating)" is prominent too.
Other things:
* Noticed lots of warnings in your Maven project. Would be good to
address this to reduce the likelihood of build issues by users. [2]
* Nit: would be good to include when the 72hrs is "up" (with tz) instead
of relying on the timestamp that the message landed in
someone's inbox.
* Got an error running a `mvn install` (since your dependency graph
seems to be busted -- couldn't run a `mvn dependency:tree` without as I
should be able to). [3] Rerunning it was fine the second time..
* Maintaining your shaded jars over time is probably a losing battle (if
the licensing issues this time around weren't sign enough). I'd suggest
you start putting some thought in how your source-release creates
binaries that can be useful for people who want to run Rya but are not
using the exact versions of all of the dependencies you're bundling for
them.
* I didn't inspect the JARs you're also distributing for licensing
correctness. Will let this slide since for now :)
- Josh
[1] https://www.apache.org/dev/release-signing.html#web-of-trust
[2] https://paste.apache.org/CQf3
[3] https://paste.apache.org/ssGd
Aaron D. Mihalik wrote:
> I am pleased to be calling this vote for the source release of Apache Rya
> (Incubating), version 3.2.10.
>
> The source zip, including signatures, digests, etc. can be found at:
> https://dist.apache.org/repos/dist/dev/incubator/rya/rya-incubating-3.2.10-rc3/
>
> Ancillary artifacts such as poms, jars, wars, ect. can be found here:
> https://repository.apache.org/content/repositories/orgapacherya-1004/org/apache/rya/rya-project/3.2.10-incubating/
>
> The Git tag is rya-incubating-3.2.10-rc3
> The Git commit ID is 66d8b7f060bddeeb7c50cb0918f98ce3b265c564
> https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564
>
> Checksums of rya-project-3.2.10-source-release.zip:
> SHA1: 4468f55b9f381e9103ca1e2e9c25b30e1cad4ed0
> MD5: a28d9a146857576903ff4fc3f7dae908
>
> Release artifacts are signed with the following key:
> https://people.apache.org/keys/committer/mihalik.asc
>
> KEYS file available here:
> https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
>
> Issues that were closed/resolved for this release are here:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334209&styleName=Html&projectId=12319020
>
> Issues resolved between RC1 and RC2 are here:
> https://issues.apache.org/jira/browse/RYA-184
>
> Issues resolved between RC2 and RC3 are here:
> https://issues.apache.org/jira/browse/RYA-209
>
> The vote will be open for 72 hours.
> Please download the release candidate and evaluate the necessary items
> including checking hashes, signatures, build from source, and test. The
> please vote:
>
> [ ] +1 Release this package as rya-project-3.2.10
> [ ] +0 no opinion
> [ ] -1 Do not release this package because because...
>
Re: [VOTE] Release Rya (Incubating) version 3.2.10 RC3
Posted by Seetharam Venkatesh <ve...@innerzeal.com>.
+1.
Thanks!
On Thu, Oct 20, 2016 at 10:28 PM Aaron D. Mihalik <aa...@gmail.com>
wrote:
> I am pleased to be calling this vote for the source release of Apache Rya
> (Incubating), version 3.2.10.
>
> The source zip, including signatures, digests, etc. can be found at:
>
> https://dist.apache.org/repos/dist/dev/incubator/rya/rya-incubating-3.2.10-rc3/
>
> Ancillary artifacts such as poms, jars, wars, ect. can be found here:
>
> https://repository.apache.org/content/repositories/orgapacherya-1004/org/apache/rya/rya-project/3.2.10-incubating/
>
> The Git tag is rya-incubating-3.2.10-rc3
> The Git commit ID is 66d8b7f060bddeeb7c50cb0918f98ce3b265c564
>
> https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564
>
> Checksums of rya-project-3.2.10-source-release.zip:
> SHA1: 4468f55b9f381e9103ca1e2e9c25b30e1cad4ed0
> MD5: a28d9a146857576903ff4fc3f7dae908
>
> Release artifacts are signed with the following key:
> https://people.apache.org/keys/committer/mihalik.asc
>
> KEYS file available here:
> https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
>
> Issues that were closed/resolved for this release are here:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334209&styleName=Html&projectId=12319020
>
> Issues resolved between RC1 and RC2 are here:
> https://issues.apache.org/jira/browse/RYA-184
>
> Issues resolved between RC2 and RC3 are here:
> https://issues.apache.org/jira/browse/RYA-209
>
> The vote will be open for 72 hours.
> Please download the release candidate and evaluate the necessary items
> including checking hashes, signatures, build from source, and test. The
> please vote:
>
> [ ] +1 Release this package as rya-project-3.2.10
> [ ] +0 no opinion
> [ ] -1 Do not release this package because because...
>