We should definitely have the source release on https://dist.apache.org/repos/dist/dev/incubator/
We are voting for source release (and the git tag) - binaries are for convenience. Von, can you clarify the final package name inline? I think you are looking at the artifact ID not a package name? On Tue, Jan 12, 2021 at 6:09 PM vongosling <fengji...@gmail.com> wrote: > I'd love to vote +1, but after I've looked at this release, I'm sorry, I > have to vote -1. This is just the early stage of release, and I think we > have the ability to smooth the release standardization process for apache. > Here, I'll point out some of the issues I've identified: > > 1. The recommended name of the GitHub tag is 1.0.0-rc1(rc2, rc3...). This > allows you to trace the number of times before a successful release. > 2. The source code tarball needs to be uploaded to the Apache dist > repository [1] instead of the Stage repository. > 3. You are advised to use the Apache email address instead of > ja...@asu.edu > for GPG signatures. > 4. It is recommended that the final package name be > sedona-core_2.11-incubing instead of [1]. You must have at least src > distribution. Use the sha512 signature. Can you clarify? The link below is broken, and I’m not sure which you are referencing. > > 5. I have not checked the copyright-related issues and the compilation is > not passed. I hope that the compilation can pass in rc2. At the same time, > I also call on our committer to help verify it carefully and carefully. We > are more strict in the first release. If careful enough, I'm sure we'll be > able to publish it before rc3. > > If you have any questions, refer to the voting results of other items in > the incubation list. Of course, you are welcome to discuss it in your > email. > > [1] https://dist.apache.org/repos/dist/dev/incubator/ > [1] https://repository.apache.org/#nexus-search;quick-sedona > > Netanel Malka <ma...@apache.org> 于2021年1月12日周二 下午2:13写道: > > > Great Job!! > > +1 > > > > Netanel Malka > > > > On 2021/01/07 10:16:11, Jia Yu <ji...@apache.org> wrote: > > > Hi All, > > > > > > After a fruitful discussion about our first Apache Sedona release > > > 1.0.0-incubator, the release has been created. This is a call for vote > to > > > release Apache Sedona (incubating) 1.0.0. > > > > > > Note that: the current sha1 and checksum verification of Sedona will > > > require us to manually download artifact jars, sha1, asc from > > > repository.apache.org 12 times each. It is very annoying. Please let > me > > > know if you have any suggestions to speed up the process. > > > > > > Release note: > > > > > > https://sedona.staged.apache.org/download/GeoSpark-All-Modules-Release-notes/#sedona-100 > > > > > > Build instructions: > > > https://sedona.staged.apache.org/download/compile/ > > > > > > Git tag: > > > > > > https://github.com/apache/incubator-sedona/releases/tag/sedona-1.0.0-incubator > > > > > > Maven staging repository (search for "sedona", 12 artifacts in total): > > > https://repository.apache.org/#stagingRepositories > > > > > > Release Commit ID: > > > > > > https://github.com/apache/incubator-sedona/commit/29f897bbcaf65aa5b5b28ea4e93c6b7e783d83a6 > > > > > > GPG public key to verify the Release: > > > > > > https://gist.githubusercontent.com/jiayuasu/8b6cc263c538148490f7a090ee1dbeab/raw/09d3821e2794ddf22542f74c0db5195cf5c1ff49/gpg-public-key.gpg > > > > > > The vote will be open for at least 72 hours or until a majority of at > > least > > > 3 +1 PMC votes are cast > > > > > > Please vote accordingly: > > > > > > [ ] +1 approve > > > > > > [ ] +0 no opinion > > > > > > [ ] -1 disapprove with the reason > > > > > > Checklist for reference (because of DISCLAIMER-WIP, other checklist > items > > > are not blockers): > > > > > > [ ] Download links are valid. > > > > > > [ ] Checksums and PGP signatures are valid. > > > > > > [ ] DISCLAIMER is included. > > > > > > [ ] Source code artifacts have correct names matching the current > > release. > > > > > > For a detailed checklist please refer to: > > > > > > https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist > > > > > > To verify the checksum, > > > 1. open https://repository.apache.org > > > 2 (1) click each release jar (12 in total) to see its current SHA1 > (under > > > Artifact tab) (2) download .jar.sha1 to see the content of the uploaded > > > sha1. This two should match > > > > > > To verify the GPG key (12 in total), > > > gpg --import the-key-file > > > gpg --verify xxx.jar.asc xxx.jar > > > > > > You should see something like "gpg: Good signature from "Jia Yu > (Arizona > > > State University Data Systems Lab) <jia...@asu.edu>" gpg: WARNING: > This > > > key is not certified with a trusted signature!" > > > > > > Thanks, > > > Jia > > > > > > > > -- > Nothing is impossible >
