Hi Hitesh, Thanks for the review.
1) This seems to vary from project to project. I find examples that use a dev directory on dist.apache.org, others copy the files into a user home directory, others use Maven. I went with the latter because the distribution to Maven is happening automatically when using the Apache parent POM. The intention was to promote the files to dist.apache.org once we have a successful vote as per http://www.apache.org/dev/release-publishing.html#distribution 2) I followed the recommendation on http://incubator.apache.org/guides/releasemanagement.html#best-practice-formats 3) I missed to add the KEYS file, it's now in place: https://dist.apache.org/repos/dist/release/incubator/apex/ The DEPENDENCIES file is actually not part of the source but automatically added by the archiver. This is again result of the Apache parent POM default behavior, I need to see whether we can skip it or otherwise exclude from rat check. Thanks, Thomas On Thu, Oct 22, 2015 at 2:09 PM, Hitesh Shah <[email protected]> wrote: > -0 (binding). Probably should be a -1 but I am not sure if there is any > rule that states that the current approach is wrong. > > A couple of issues with the release: > > 1) I don’t believe anyone uses the maven repo to host the release > artifacts i.e. the actual source tarball that is being voted upon. This is > better done via dist.apache which can then be pushed to various mirrors. > The maven staging is usually only used for staging the compiled jars. > 2) A tar.gz should be sufficient. There is probably no need to assemble > both a zip and a tarball. > 3) No KEYS file present. > > The source tarball release artifact ( along with the checksums, etc ) can > be staged at https://dist.apache.org/repos/dist/dev/incubator/apex/. > Also, I believe the new release guidelines mention using SHA512 ( > http://www.apache.org/dev/release-signing.html#basic-facts ). A KEYS file > also needs to be created containing the pgp keys used to sign the release. > > Other checks: > - basic sigs and checksums look good. > - apache-rat:check fails due to the DEPENDENCIES file which is not being > ignored. No binary files present. > - Compiled and ran unit tests successfully. > > thanks > — Hitesh > > > On Oct 22, 2015, at 12:06 AM, Thomas Weise <[email protected]> wrote: > > > Dear Community, > > > > Please vote on the following Apache Apex Core 3.2.0-incubating release > > candidate. > > > > This is the first release of the project since incubation. > > > > This is a source release. > > > > List of all issues fixed: http://s.apache.org/SRM > > > > Staged artifacts: > > https://repository.apache.org/content/repositories/orgapacheapex-1000/ > > Source zip: > > > https://repository.apache.org/content/repositories/orgapacheapex-1000/org/apache/apex/apex/3.2.0-incubating/apex-3.2.0-incubating-source-release.zip > > Source tar.gz: > > > https://repository.apache.org/content/repositories/orgapacheapex-1000/org/apache/apex/apex/3.2.0-incubating/apex-3.2.0-incubating-source-release.tar.gz > > > > Git source: > > > https://git-wip-us.apache.org/repos/asf?p=incubator-apex-core.git;a=commit;h=refs/tags/v3.2.0-incubating-RC1 > > (commit: 5de5de9d4203b43db13e3694aed662f26d1c3ee6) > > > > PGP key: > > *http://pgp.mit.edu:11371/pks/lookup?op=vindex&[email protected] > > <http://pgp.mit.edu:11371/pks/lookup?op=vindex&[email protected]>* > > > > More information at: > > http://apex.incubator.apache.org > > > > > > Please try the release and vote; vote will be open for at least 72 hours. > > > > [ ] +1 approve > > [ ] -1 disapprove (and reason why) > > > > Thanks, > > Thomas > >
