Adding my PMC binding -1 until Mick's comments are addressed.
On Fri, Mar 20, 2020 at 11:39 AM Mick Semb Wever <m...@apache.org> wrote: > > The vote will be open for 72 hours (longer if needed). Everyone who has > > tested the build is invited to vote. Votes by PMC members are considered > > binding. A vote passes if there are at least three binding +1s. > > > > > -1 > > A few things here don't meet the requirements. > > * There's no copyright or NOTICE file in source jar artifact. > * The license is not present in all files (eg AssertUtils.java) > * What key has been used to sign? > * Source artifacts does not compile. They depend on snapshot dependency, > see below. > * There's a ".git" directory in the source jar artifact. > > Additionally, > * `mvn rat:check` does not pass. (relates back to license and .git > directory) > * There's unnecessary duplicate source artifacts. > * The source zip file does not have sha256 or sha512 checksums. > * The contents of the source zip artifact do not match what's in scm. > * The scm SHA is not mentioned in the vote. > * Where's the scm tag for this scm SHA? > * Erroneous `.asc.asc` files. > > > The build failure I get is: > ``` > [ERROR] Failed to execute goal on project dtest-api: Could not resolve > dependencies for project org.apache.cassandra:dtest-api:jar:0.0.4-SNAPSHOT: > Could not find artifact > org.apache.cassandra:in-jvm-dtest-cassandra-tryout:jar:0.0.1-2.2-1 in > central (https://repo.maven.apache.org/maven2) -> [Help 1] > ``` > > The source zip artifact can just be removed (not generated) as there's no > need (afaik) for any artifacts outside of the maven repository. But add > those manually added files into git. This will solve the sha256 and sha512 > problem, and that the build that doesn't match scm contents. > > > I've got a few hours in front of me and will try to send some PRs to fix > what I can here. > > regards, > Mick >
