Re: Apache YuniKorn (Incubating) - Community Graduation Vote

[Sunil Govindan]

I will reach out to them.

Thanks
Sunil

On Sat, Jan 22, 2022 at 9:00 PM Felix Cheung 
wrote:

> Pls add the podling status file
> https://svn.apache.org/repos/asf/incubator/public/trunk/content/podlings/
>
> 3 ppmc members have not subscribed to private@
>
> These can be found on
> https://whimsy.apache.org/roster/ppmc/yunikorn
>
>  >
> 
> From: Weiwei Yang 
> Sent: Thursday, January 20, 2022 10:05:55 PM
> To: dev@yunikorn.apache.org 
> Cc: priv...@yunikorn.apache.org 
> Subject: Re: Apache YuniKorn (Incubating) - Community Graduation Vote
>
> hi all
>
> Most issues under the graduation preparation JIRA YUNIKORN-1005
>  are fixed.
> The remaining one is the who-are-we web page, I am currently collecting
> info for that, should be done by next week.
> Shall we start to vote now? I can start a new thread for the community
> voting if nobody has objections.
>
> On Tue, Jan 11, 2022 at 11:02 AM Wilfred Spiegelenburg <
> wilfr...@apache.org>
> wrote:
>
> > None of the security lists mentioned in the security page [1] are
> > moderated. They are private lists, i.e. not openly available for
> > browsing in an archive, but not moderated. Using the private@ for
> > YuniKorn does not seem to line up with what other projects do either.
> > None of the recently graduated projects mention anything like using
> > the private@ mailing list on their sites. They all have just used the
> > general security link mentioned on their site unless they have a
> > specific security@ list. YuniKorn would be the one standing out from
> > what seems to be the norm.
> > Examples from the last 2 years of graduated projects using a simple
> > link or a text pointing to [1]: Pinot, Dolphinscheduler, Ratis,
> > Echarts, Gobblin, TVM, Superset and Datasketches. There are more but I
> > think this provides an overview of what is expected on graduation.
> >
> > Wilfred
> >
> > [1] https://www.apache.org/security/
> >
> > On Tue, 11 Jan 2022 at 18:21, Weiwei Yang  wrote:
> > >
> > > Hi Wilfred
> > >
> > > Adding a security@ mailing list sounds like a good idea, but I do not
> > think that is required in the current stage.
> > > We can do that post-graduate. For now, the Apache security doc said
> > >
> > > > We strongly encourage you to report potential security
> vulnerabilities
> > to one of our private security mailing lists first, before disclosing
> them
> > in a public forum.
> > >
> > > I do not see any issue if we use our private@ mailing list for this
> > purpose.
> > >
> > > On Mon, Jan 10, 2022 at 11:01 PM Wilfred Spiegelenburg <
> > wilfr...@apache.org> wrote:
> > >>
> > >> The private@ is a moderated list. This has two issues: a moderator
> > >> needs to approve any message not sent by a PMC member. This will slow
> > >> down the process of interaction with the reporter. It would also not
> > >> reach the YuniKorn committers group as not all committers are part of
> > >> the PMC. Security issues should be handled and worked on by all
> > >> committers not just by the PMC members.
> > >>
> > >> The security notification update made to the website I think does not
> > >> line up with the security guidelines referenced in the link provided
> > >> in the dropdown menu of the YuniKorn site [1]. In that link there is a
> > >> well defined way to report security issues. If we need to enhance and
> > >> extend what we do we either establish a security@ mailing list and
> > >> provide a static page with security related information on our site or
> > >> we leave it as is. My preference would be to establish a security@
> > >> list and make all committers a member of that list.
> > >>
> > >> I think we need to roll back the website changes part of YUNIKORN-1006
> > >> [2] in PR [3] for the website.
> > >>
> > >> Wilfred
> > >>
> > >> [1] https://www.apache.org/security/
> > >> [2] https://issues.apache.org/jira/browse/YUNIKORN-1006
> > >> [3] https://github.com/apache/incubator-yunikorn-site/pull/105
> > >>
> > >> On Tue, 11 Jan 2022 at 04:45, Holden Karau 
> > wrote:
> > >> >
> > >> > For "The project provides a well-documented, secure and private
> > channel to report security issues, along with a documented way of
> > responding to them.' the standard that I've seen used is to tell people
> to
> > e-mail private@ when they think they might have a security related
> issue.
> > I think that would probably work well for Yunikorn too.
> > >> >
> > >> >
> > >> > On Mon, Jan 10, 2022 at 7:04 AM Chenya Zhang <
> > chenyazhangche...@gmail.com> wrote:
> > >> >>
> > >> >> Hi Weiwei,
> > >> >>
> > >> >> Thanks for driving this! The evaluation is quite comprehensive
> > overall. I checked our Apache project maturity guidelines and noticed the
> > below three items. Not sure if we already have them but they are not
> > blockers to our graduation. We could think more about them along the 

Re: Apache YuniKorn (Incubating) - Community Graduation Vote

[Felix Cheung]

Pls add the podling status file
https://svn.apache.org/repos/asf/incubator/public/trunk/content/podlings/

3 ppmc members have not subscribed to private@

These can be found on
https://whimsy.apache.org/roster/ppmc/yunikorn



From: Weiwei Yang 
Sent: Thursday, January 20, 2022 10:05:55 PM
To: dev@yunikorn.apache.org 
Cc: priv...@yunikorn.apache.org 
Subject: Re: Apache YuniKorn (Incubating) - Community Graduation Vote

hi all

Most issues under the graduation preparation JIRA YUNIKORN-1005
 are fixed.
The remaining one is the who-are-we web page, I am currently collecting
info for that, should be done by next week.
Shall we start to vote now? I can start a new thread for the community
voting if nobody has objections.

On Tue, Jan 11, 2022 at 11:02 AM Wilfred Spiegelenburg 
wrote:

> None of the security lists mentioned in the security page [1] are
> moderated. They are private lists, i.e. not openly available for
> browsing in an archive, but not moderated. Using the private@ for
> YuniKorn does not seem to line up with what other projects do either.
> None of the recently graduated projects mention anything like using
> the private@ mailing list on their sites. They all have just used the
> general security link mentioned on their site unless they have a
> specific security@ list. YuniKorn would be the one standing out from
> what seems to be the norm.
> Examples from the last 2 years of graduated projects using a simple
> link or a text pointing to [1]: Pinot, Dolphinscheduler, Ratis,
> Echarts, Gobblin, TVM, Superset and Datasketches. There are more but I
> think this provides an overview of what is expected on graduation.
>
> Wilfred
>
> [1] https://www.apache.org/security/
>
> On Tue, 11 Jan 2022 at 18:21, Weiwei Yang  wrote:
> >
> > Hi Wilfred
> >
> > Adding a security@ mailing list sounds like a good idea, but I do not
> think that is required in the current stage.
> > We can do that post-graduate. For now, the Apache security doc said
> >
> > > We strongly encourage you to report potential security vulnerabilities
> to one of our private security mailing lists first, before disclosing them
> in a public forum.
> >
> > I do not see any issue if we use our private@ mailing list for this
> purpose.
> >
> > On Mon, Jan 10, 2022 at 11:01 PM Wilfred Spiegelenburg <
> wilfr...@apache.org> wrote:
> >>
> >> The private@ is a moderated list. This has two issues: a moderator
> >> needs to approve any message not sent by a PMC member. This will slow
> >> down the process of interaction with the reporter. It would also not
> >> reach the YuniKorn committers group as not all committers are part of
> >> the PMC. Security issues should be handled and worked on by all
> >> committers not just by the PMC members.
> >>
> >> The security notification update made to the website I think does not
> >> line up with the security guidelines referenced in the link provided
> >> in the dropdown menu of the YuniKorn site [1]. In that link there is a
> >> well defined way to report security issues. If we need to enhance and
> >> extend what we do we either establish a security@ mailing list and
> >> provide a static page with security related information on our site or
> >> we leave it as is. My preference would be to establish a security@
> >> list and make all committers a member of that list.
> >>
> >> I think we need to roll back the website changes part of YUNIKORN-1006
> >> [2] in PR [3] for the website.
> >>
> >> Wilfred
> >>
> >> [1] https://www.apache.org/security/
> >> [2] https://issues.apache.org/jira/browse/YUNIKORN-1006
> >> [3] https://github.com/apache/incubator-yunikorn-site/pull/105
> >>
> >> On Tue, 11 Jan 2022 at 04:45, Holden Karau 
> wrote:
> >> >
> >> > For "The project provides a well-documented, secure and private
> channel to report security issues, along with a documented way of
> responding to them.' the standard that I've seen used is to tell people to
> e-mail private@ when they think they might have a security related issue.
> I think that would probably work well for Yunikorn too.
> >> >
> >> >
> >> > On Mon, Jan 10, 2022 at 7:04 AM Chenya Zhang <
> chenyazhangche...@gmail.com> wrote:
> >> >>
> >> >> Hi Weiwei,
> >> >>
> >> >> Thanks for driving this! The evaluation is quite comprehensive
> overall. I checked our Apache project maturity guidelines and noticed the
> below three items. Not sure if we already have them but they are not
> blockers to our graduation. We could think more about them along the way.
> >> >>
> >> >> QU30
> >> >>
> >> >> The project provides a well-documented, secure and private channel
> to report security issues, along with a documented way of responding to
> them.
> >> >>
> >> >> QU40
> >> >>
> >> >> The project puts a high priority on backwards compatibility and aims
> to document any incompatible changes and 

Re: [VOTE} Release Apache YuniKorn (incubating) 0.12.2 RC3

[Chenya Zhang]

+1

- Build from source
- Run unit tests
- Run sample workloads
- Checked logs and K8s messages
- Verified the Web UI
- Verified REST endpoints
- Checked no unexpected files

Best,
Chenya

On Fri, Jan 21, 2022 at 11:18 PM Weiwei Yang  wrote:

> +1 (binding)
>
> - Build from source
> - Deploy the scheduler using helm charts
> - Run sample jobs
> - Verify the bug that has been fixed
>
> PS: since this is just adding a bug fix on top of RC2, I did not repeat all
> the validation steps I have done for RC2
>
> On Fri, Jan 21, 2022 at 12:28 PM Chaoran Yu 
> wrote:
>
> > +1 (binding)
> >
> > - Built images from source
> > - Deployed using the Helm chart on a k8s cluster
> > - Verified basic pod scheduling and Spark scheduling
> > - Verified that the last-minute bug in RC2 has been fixed.
> >
> > Thanks Craig for the quick effort!
> > Chaoran
> >
> >
> > On Fri, Jan 21, 2022 at 12:12 PM Sunil Govindan 
> wrote:
> >
> > > +1 (binding)
> > >
> > > - Built from source
> > > - Deployed on local k8s cluster
> > > - Ran basic jobs
> > > - Verified checksum and signature
> > > - UI looks good.
> > >
> > > Thanks
> > > Sunil
> > >
> > > On Fri, Jan 21, 2022 at 10:23 AM Craig Condit 
> > > wrote:
> > >
> > > > Hello everyone,
> > > >
> > > > I’d like to call a vote for releasing Apache YuniKorn (incubating)
> > 0.12.2
> > > > RC3.
> > > >
> > > > The release artifacts have been uploaded here:
> > > >
> https://dist.apache.org/repos/dist/dev/incubator/yunikorn/0.12.2-rc3/
> > <
> > > >
> https://dist.apache.org/repos/dist/dev/incubator/yunikorn/0.12.2-rc3/>
> > > >
> > > > My public key is located here:
> > > > https://downloads.apache.org/incubator/yunikorn/KEYS <
> > > > https://downloads.apache.org/incubator/yunikorn/KEYS>
> > > >
> > > > JIRA issues that have been resolved in this release:
> > > > https://issues.apache.org/jira/issues/?filter=12351270 <
> > > > https://issues.apache.org/jira/issues/?filter=12351270>
> > > >
> > > > Git tags for each component are as follows:
> > > >
> > > > incubator-yunikorn-scheduler-interface: v0.12.2-1
> > > > incubator-yunikorn-core: v0.12.2-1
> > > > incubator-yunikorn-k8shim: v0.12.2-3
> > > > incubator-yunikorn-web: v0.12.2-1
> > > > https://github.com/apache/incubator-yunikorn-release: v0.12.2-3
> > > >
> > > > One the release is voted on and approved, all repos will be tagged
> > 0.12.2
> > > > for consistency.
> > > >
> > > > Please review and vote. The vote will be open for at least 72 hours
> and
> > > > closes on Tuesday, January 25 2022, 1pm PDT.
> > > >
> > > > [ ] +1 Approve
> > > > [ ] +0 No opinion
> > > > [ ] -1 Disapprove (and the reason why)
> > > >
> > > >
> > > > Thank you,
> > > > Craig
> > >
> >
>