On Sun, Jun 19, 2016 at 1:07 PM, Josh Elser <[email protected]> wrote:
> > > Dylan Hutchison wrote: > >> +1 with notes below~ >> >> * NOTICE and LICENSE look good to my inexperienced eyes. >> * Source-compiled binary tar.gz matches the binary tar.gz artifact, except >> for META-INF entries. >> * Unit tests pass. >> * Good checksums and sigs. Fingerprint matches Mike's key. >> * Graphulo tests pass. >> > > Yay, API compatibility :) > > * Sunny integration tests pass on a single-node standalone deployment. >> Tested on Zookeeper 3.4.6 and both Hadoop 2.4.1 and 2.7.2. >> >> Notes / Questions: >> >> 1. On the ITs: for some reason I can't figure out, the "stop Accumulo >> processes" part of ReadWriteIT#sunnyDay gives me trouble when I run it >> alongside the others, but it passes when I run it alone. Similar >> story for >> ExamplesIT#testBulkIngest. >> > > Interesting. Are you setting forkMode > 1? Or running multiple invocations > of the build at the same time? I wouldn't be surprised if some of the logic > we have to 'test' is actually wrong when we have concurrent processes > running, but I'm not sure why these two in particular would have troubles. > Nope, I didn't mess with forkMode. In case it helps, here is the command I use for which the two ITs fail: mvn verify -P sunny -Daccumulo.it.properties="..." \ -DACCUMULO_CONF_DIR="$ACCUMULO_HOME/conf" -Dhadoop.version=2.7.2 Here is the command for which the two ITs succeed (similar for ReadWriteIT#sunnyDay): mvn test-compile failsafe:integration-test failsafe:verify -Daccumulo.it.properties="..." -Dhadoop.version=2.7.2 \ -Dit.test=ExamplesIT#testBulkIngest -DfailIfNoTests=false -DACCUMULO_CONF_DIR="$ACCUMULO_HOME/conf" > 2. On diffing the source-built binary with the binary artifact: it >> seems >> the source-built binary has more license information in >> the META-INF/DEPENDENCIES than the binary artifact, in addition to a >> few of >> the entries being permuted. This holds true for all the jars except >> accumulo-fate.jar. Here is a pastebin for the source-built binary >> deps >> <http://pastebin.com/HJZB2See>, and a pastebin for the binary >> artifact >> deps<http://pastebin.com/nKfxWd2c> for accumulo-core.jar. Here is >> a pastebin >> of their diff<http://pastebin.com/jYtggRLK>. I don't know how >> significant the difference is; maybe Sean or Christopher could >> comment. >> > > This is probably due to the difference in the release-process creation of > the binary tarball and what gets built when you just do a `mvn package` on > your computer (e.g. activating the 'apache-release' Maven profile). I also > see findbugs in the list, so that's likely unintended. > Indeed I used a different command than the one used for releasing. Mystery solved. The command I used for this is mvn clean install -P assemble -P docs -DskipTests -Dfindbugs.skip -Dhadoop.version="2.7.2" > Overall, for the purposes of the ASF licensing, the DEPENDENCIES file is a > "nice to have" (LICENSE and NOTICE are the ones we really need to get > right). > > Also, with your commit bit, you can also use paste.apache.org if you want > to avoid the ads on pastebin :) > > 3. Is it good practice to use a code-signing key with no expiration >> date? >> > > As I understand it, it's not bad like a non-expiring password, but it's > good to have an expiration date. If you do lose/compromise your key, at > least everyone knows that there is a certain date the key is no longer > valid. It's also easy to extend the validity of your key, IIRC. > > >> >> On Fri, Jun 17, 2016 at 9:31 PM, Mike Drob<[email protected]> wrote: >> >> Accumulo Developers, >>> >>> Please consider the following candidate for Accumulo 1.7.2. >>> >>> All content generated via >>> assemble/build.sh --create-release-candidate -P '!thrift' >>> >>> Changes from 1.7.2-rc1 >>> >>> ACCUMULO-4346 correct LICENSE file for source to include text of >>> reference >>> ACCUMULO-4347 Crypto notification should be in README files instead of >>> NOTICE >>> >>> Git Commit: >>> a01e67741d101c3d87f1d6e16d54ff7a96951ad0 >>> Branch: >>> 1.7.2-rc2 >>> >>> If this vote passes, a gpg-signed tag will be created using: >>> git tag -f -m 'Apache Accumulo 1.7.2' -s rel/1.7.2 >>> a01e67741d101c3d87f1d6e16d54ff7a96951ad0 >>> >>> Staging repo: >>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1052 >>> Source (official release artifact): >>> >>> >>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1052/org/apache/accumulo/accumulo/1.7.2/accumulo-1.7.2-src.tar.gz >>> Binary: >>> >>> >>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1052/org/apache/accumulo/accumulo/1.7.2/accumulo-1.7.2-bin.tar.gz >>> (Append ".sha1", ".md5", or ".asc" to download the signature/hash for a >>> given artifact.) >>> >>> All artifacts were built and staged with: >>> mvn release:prepare&& mvn release:perform >>> >>> Signing keys are available at https://www.apache.org/dist/accumulo/KEYS >>> (Expected fingerprint: 86EDB9C33B8517228E88A8F93E48C0C6EF362B9E) >>> >>> Release notes (in progress) can be found at: >>> https://accumulo.apache.org/release_notes/1.7.2 >>> >>> Please vote one of: >>> [ ] +1 - I have verified and accept... >>> [ ] +0 - I have reservations, but not strong enough to vote against... >>> [ ] -1 - Because..., I do not accept... >>> ... these artifacts as the 1.7.2 release of Apache Accumulo. >>> >>> This vote will end on Tue Jun 21 05:00:00 UTC 2016 >>> (Tue Jun 21 01:00:00 EDT 2016 / Mon Jun 20 22:00:00 PDT 2016) >>> >>> Thanks! >>> >>> P.S. Hint: download the whole staging repo with >>> wget -erobots=off -r -l inf -np -nH \ >>> >>> >>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1052/ >>> # note the trailing slash is needed >>> >>> >>
