osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [VOTE] Release Apache Druid (incubating) 0.13.0 [RC1]


Thanks for finding that list, David. There are a lot of things to check. Therefore, before voting +1 you need to do some due diligence, and with your vote you should describe how you validated the release.

For example, in a recent Calcite release thread[1] a typical vote looked like this:

> +1 (non-binding)
>  - downloaded, checked gpg and sha256
>  - compiled and ran tests ("mvn clean install") using JDK 8_162, 10.0.1 on Fedora and Windows
>  - ran simple queries via sqlline

Everyone should download the artifacts, check sha256 and gpg (asc) signatures, and compile the code.

Julian

[1] https://lists.apache.org/thread.html/c85d5f3cf1bbd9e28d76acd6905dee83cb54334c8b5d8979e1894648@%3Cdev.calcite.apache.org%3E

> On Oct 22, 2018, at 10:47 AM, David Lim <david.clarence.lim@xxxxxxxxx> wrote:
> 
> I believe what Julian wanted to highlight was this line in the announcement:
> 
>> As this is our first release under the Apache Incubator program, note
> that Apache has specific requirements that must be met before +1 binding
> votes can be cast by PMC members. Please refer to the policy at
> http://www.apache.org/legal/release-policy.html#policy for more details.
> 
> Some of the statements in that document:
> 
> - Before casting +1 binding votes, individuals are REQUIRED to:
>    - download all signed source code packages onto their own hardware
>    - verify that they meet all requirements of ASF policy on releases, for
> example:
>        - Every ASF release MUST contain one or more source packages, which
> MUST be sufficient for a user to build and test the release provided they
> have access to the appropriate platform and tools
>        - All supplied packages MUST be cryptographically signed by the
> Release Manager with a detached signature
>        - Binary/bytecode package MUST have the same version number as the
> source release and MUST only add binary/bytecode files that are the result
> of compiling that version of the source code release and its dependencies
>        - Each package MUST provide a LICENSE file and a NOTICE file which
> account for the package's exact content. LICENSE and NOTICE MUST NOT
> provide unnecessary information about materials which are not bundled in
> the package, such as separately downloaded dependencies. For source
> packages, LICENSE and NOTICE MUST be located at the root of the
> distribution. For additional packages, they MUST be located in the
> distribution format's customary location for licensing materials, such as
> the META-INF directory of Java "jar" files.
>    - validate all cryptographic signatures
>    - compile as provided
>    - test the result on their own platform
> 
> Additionally, as an incubator project, we are required to have a DISCLAIMER
> file indicating that we are undergoing incubation.
> 
> One question I have: for the binary tarball package, we have a LICENSE and
> NOTICE file in the root of the distribution which is what we have always
> done, but I have not also included these files in the individual JAR files
> under META-INF. I thought that having them in the root would be sufficient,
> but now I'm thinking they might actually also need to be in each JAR file
> since those files will be made available through Maven independent of our
> tarball packaging. I checked the Maven artifacts for previous versions of
> Druid and they don't include the LICENSE and NOTICE file in the JAR, but it
> feels to me like this will be required. Thoughts welcome.
> 
> David
> 
> 
> 
> On Mon, Oct 22, 2018 at 9:04 AM Slim Bouguerra <slim.bouguerra@xxxxxxxxx>
> wrote:
> 
>> Hey Julian
>> Thanks for pointing that out.
>> 
>> For the Apache related major changes please carefully review
>> https://github.com/apache/incubator-druid/labels/Apache
>> For bugs/features the release note is what you want to check
>> https://github.com/apache/incubator-druid/issues/6442/
>> 
>> 
>> On Sun, Oct 21, 2018 at 6:38 PM Fangjin Yang <fangjin@xxxxxxxx> wrote:
>> 
>>> +1
>>> 
>>> On Sun, Oct 21, 2018 at 3:34 PM Julian Hyde <jhyde@xxxxxxxxxx> wrote:
>>> 
>>>> Hey Slim,
>>>> 
>>>> Since this is an Apache release, and you've voted on Apache releases
>>>> before in Calcite and Hive, can you explain what you checked before
>>>> you voted "+1". There are many folks here who have not been through
>>>> the release process, and we veterans should show them the ropes.
>>>> 
>>>> Julian
>>>> 
>>>> On Sun, Oct 21, 2018 at 1:16 PM Slim Bouguerra <
>> slim.bouguerra@xxxxxxxxx
>>>> 
>>>> wrote:
>>>>> 
>>>>> +1
>>>>> 
>>>>>> On Oct 21, 2018, at 8:41 AM, David Lim <davidlim@xxxxxxxxxx>
>> wrote:
>>>>>> 
>>>>>> Hi all,
>>>>>> 
>>>>>> I have created a build for Apache Druid (incubating) 0.13.0,
>> release
>>>>>> candidate 1.
>>>>>> 
>>>>>> Thanks to everyone who has contributed to this release! You can
>> read
>>>> the
>>>>>> proposed release notes here:
>>>>>> https://github.com/apache/incubator-druid/issues/6442
>>>>>> 
>>>>>> The release candidate has been tagged in GitHub as
>>>>>> druid-0.13.0-incubating-rc1 (acf15b4), available here:
>>>>>> 
>>>> 
>>> 
>> https://github.com/apache/incubator-druid/releases/tag/druid-0.13.0-incubating-rc1
>>>>>> 
>>>>>> The artifacts to be voted on are located here:
>>>>>> 
>>>> 
>>> 
>> https://dist.apache.org/repos/dist/dev/incubator/druid/apache-druid-0.13.0-incubating-rc1/
>>>>>> 
>>>>>> Release artifacts are signed with the following key:
>>>>>> https://people.apache.org/keys/committer/davidlim.asc. This key
>> and
>>>> the key
>>>>>> of other committers can also be found in the project's KEYS file
>>> here:
>>>>>> 
>>>>>> https://dist.apache.org/repos/dist/dev/incubator/druid/KEYS
>>>>>> 
>>>>>> (If you are a committer, please feel free to add your own key to
>> that
>>>> file
>>>>>> by following the instructions in the file's header.)
>>>>>> 
>>>>>> Please review the proposed artifacts and vote. As this is our first
>>>> release
>>>>>> under the Apache Incubator program, note that Apache has specific
>>>>>> requirements that must be met before +1 binding votes can be cast
>> by
>>>> PMC
>>>>>> members. Please refer to the policy at
>>>>>> http://www.apache.org/legal/release-policy.html#policy for more
>>>> details.
>>>>>> 
>>>>>> As part of the validation process, the release artifacts can be
>>>> generated
>>>>>> from source by running: mvn clean install -Papache-release -Dtar
>>>>>> 
>>>>>> This vote will be open for at least 72 hours but likely more, in
>>>> following
>>>>>> the Druid community's practice of deploying the RC to larger
>> clusters
>>>> and
>>>>>> allowing it to soak for a period of time to flush out any remaining
>>>> issues.
>>>>>> The vote will pass if a majority of at least three +1 PMC votes are
>>>> cast.
>>>>>> 
>>>>>> Once the vote has passed, the second stage vote will be called on
>> the
>>>>>> Apache Incubator mailing list to get approval from the Incubator
>> PMC.
>>>>>> 
>>>>>> [ ] +1 Release this package as Apache Druid (incubating) 0.13.0
>>>>>> [ ]  0 I don't feel strongly about it, but I'm okay with the
>> release
>>>>>> [ ] -1 Do not release this package because...
>>>>>> 
>>>>>> Thanks!
>>>>>> David
>>>>> 
>>>>> 
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxx
>>>>> For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxx
>>>>> 
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxx
>>>> For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxx
>>>> 
>>>> 
>>> 
>> 
>> 
>> --
>> 
>> B-Slim
>> _______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______/\/\/\_______
>> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxx