Oops, I got the process wrong: A -1 vote on a release candidate is not a veto.
Gary On Sun, Dec 3, 2023 at 8:39 AM Gary Gregory <garydgreg...@gmail.com> wrote: > > Hello Elliotte, > > As Sebb's comments in VALIDATOR-390 point out, this issue can't be > fixed in the 1.x line, so your -1 would mean that there can't ever be > a 1.x release again. Or am I missing something? > > I am happy to switch master a 2.x line after 1.8.0 is out and break > binary compatibility at that point. > > Gary > > On Sun, Dec 3, 2023 at 8:13 AM Elliotte Rusty Harold <elh...@ibiblio.org> > wrote: > > > > https://issues.apache.org/jira/projects/VALIDATOR/issues/VALIDATOR-390 > > and https://issues.apache.org/jira/projects/VALIDATOR/issues/VALIDATOR-357 > > are both open dependency upgrades with security implications. If > > they've already been fixed, then please close the issues. > > > > If they haven't been fixed, I vote -1 until they are. Looking at head, > > I think VALIDATOR-357 has been fixed and should be closed, but > > VALIDATOR-390 is still open. > > > > On Sat, Dec 2, 2023 at 3:26 PM Gary Gregory <garydgreg...@gmail.com> wrote: > > > > > > We have fixed a few bugs and added some enhancements since Apache > > > Commons Validator 1.7 was released, so I would like to release Apache > > > Commons Validator 1.8.0. > > > > > > Apache Commons Validator 1.8.0 RC1 is available for review here: > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.8.0-RC1 > > > (svn revision 65799) > > > > > > The Git tag commons-validator-1.8.0-RC1 commit for this RC is > > > c4b1afc87797f7826b84ae7f024f3d8959781ddd which you can browse here: > > > > > > https://gitbox.apache.org/repos/asf?p=commons-validator.git;a=commit;h=c4b1afc87797f7826b84ae7f024f3d8959781ddd > > > You may checkout this tag using: > > > git clone https://gitbox.apache.org/repos/asf/commons-validator.git > > > --branch commons-validator-1.8.0-RC1 commons-validator-1.8.0-RC1 > > > > > > Maven artifacts are here: > > > > > > https://repository.apache.org/content/repositories/orgapachecommons-1677/commons-validator/commons-validator/1.8.0/ > > > > > > These are the artifacts and their hashes: > > > > > > #Release SHA-512s > > > #Sat Dec 02 10:19:35 EST 2023 > > > commons-validator-1.8.0-bin.tar.gz=32128ff8ec1d992a1654e1cab0451152e844dd3076c25c80122b331dd4d3546a60b0325476ae079b83a4b8d852dc8dd48fbde64f04d19e22013e99b95b98978e > > > commons-validator-1.8.0-bin.zip=436aa1b614144b35c644dc7f1725a72b16ba276ef2d66ceafb9964e2a2484cd3438f1d76bf82c8fdd9d6c4da47a34c8bad6897bad77528a7e1531f6c8eedf67a > > > commons-validator-1.8.0-bom.json=111c721363c61cd2a85a8f6b881b2d0fbaa0b2ac12401458e65e4e39ebc4a68ec339bf21d11d424ef0034ab0ad1239458011444a99843152b5a0c35f8922975a > > > commons-validator-1.8.0-bom.xml=1ecb419c19dce8d596cbe43e6c1690d8ce121fd1a9907b6e3a85a497517fedc0fa0ffc26acb3f7124672590a48b401e5a149c6d6fae3ee5067de8aabd7233ca7 > > > commons-validator-1.8.0-javadoc.jar=7a0b2ef23f2feb5f52269c47216f69137c62eec80a64bdd0e7ee7e413fd0d05c5c8b4c054f83a25dae8f0b3e3f4ef46663a05d9e67745196f870d4ce4a6e1b9e > > > commons-validator-1.8.0-sources.jar=fe6a7039615a53638df01b1100d25a6f38451b58cd5be88027e3bc0f86b40dfa440a8a466b7097054a1133c71089958e5f8a5bf6fad67e6c7bacc9210d04e97a > > > commons-validator-1.8.0-src.tar.gz=f0c2662e5db0bbc6ee9d05d5508caa02bf45b7c7ada92f4a97a867848f3d704b35552d47859a46567705194248e7b88cd8df8f082939012ab60b6aed446e36b2 > > > commons-validator-1.8.0-src.zip=530063f04d300c0322ef5c53960bd6dd2ea9879169efe64d28234ac9877b5638876e8ed020a16eb67198d528405d9656f6e94f08ffb7cdfaa0d9e916c77aa32f > > > commons-validator-1.8.0-test-sources.jar=f111abe654dbc2241d81dbf5b7742c33a1dd304ba1f2ffe902546b1e8b97a7d8940cffd1692e7787124fd08f54a235f92a19ade41fd88a136e5135ea10db4222 > > > commons-validator-1.8.0-tests.jar=bc5440747c3192574b75378fceb535ab7f988403d24fb1fb9ca74de30a5d7790fb9ed953bda3c727b5552778cdcf03e7e85500fadb3350a888c8adaf86da957d > > > commons-validator_commons-validator-1.8.0.spdx.json=36d397ce0e251258ec7a6a90f54a1d76585762e9ee680160b79979f73f4c31e506e8b6bc6e07186db83bc0e34a9996ccbefc069569f69753ef4fea2cdd40bb8b > > > > > > I have tested this with > > > > > > mvn -V -Prelease -Ptest-deploy -P jacoco -P japicmp clean package site > > > deploy > > > > > > Using: > > > > > > Apache Maven 3.9.6 (bc0240f3c744dd6b6ec2920b3cd08dcc295161ae) > > > Maven home: /usr/local/Cellar/maven/3.9.6/libexec > > > Java version: 21.0.1, vendor: Homebrew, runtime: > > > /usr/local/Cellar/openjdk/21.0.1/libexec/openjdk.jdk/Contents/Home > > > Default locale: en_US, platform encoding: UTF-8 > > > OS name: "mac os x", version: "14.1.1", arch: "x86_64", family: "mac" > > > > > > Darwin **** 23.1.0 Darwin Kernel Version 23.1.0: Mon Oct 9 21:27:27 > > > PDT 2023; root:xnu-10002.41.9~6/RELEASE_X86_64 x86_64 > > > > > > Details of changes since 1.7 are in the release notes: > > > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.8.0-RC1/RELEASE-NOTES.txt > > > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.8.0-RC1/site/changes-report.html > > > > > > Site: > > > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.8.0-RC1/site/index.html > > > (note some *relative* links are broken and the 1.8.0 directories > > > are not yet created - these will be OK once the site is deployed.) > > > > > > JApiCmp Report (compared to 1.7): > > > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.8.0-RC1/site/japicmp.html > > > > > > RAT Report: > > > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.8.0-RC1/site/rat-report.html > > > > > > KEYS: > > > https://downloads.apache.org/commons/KEYS > > > > > > Please review the release candidate and vote. > > > This vote will close no sooner than 72 hours from now. > > > > > > [ ] +1 Release these artifacts > > > [ ] +0 OK, but... > > > [ ] -0 OK, but really should fix... > > > [ ] -1 I oppose this release because... > > > > > > Thank you, > > > > > > Gary Gregory, > > > Release Manager (using key 86fdc7e2a11262cb) > > > > > > For following is intended as a helper and refresher for reviewers. > > > > > > Validating a release candidate > > > ============================== > > > > > > These guidelines are NOT complete. > > > > > > Requirements: Git, Java, Maven. > > > > > > You can validate a release from a release candidate (RC) tag as follows. > > > > > > 1a) Clone and checkout the RC tag > > > > > > git clone https://gitbox.apache.org/repos/asf/commons-validator.git > > > --branch commons-validator-1.8.0-RC1 commons-validator-1.8.0-RC1 > > > cd commons-validator-1.8.0-RC1 > > > > > > 1b) Download and unpack the source archive from: > > > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.8.0-RC1/source > > > > > > 2) Check Apache licenses > > > > > > This step is not required if the site includes a RAT report page which > > > you then must check. > > > > > > mvn apache-rat:check > > > > > > 3) Check binary compatibility > > > > > > Older components still use Apache Clirr: > > > > > > This step is not required if the site includes a Clirr report page > > > which you then must check. > > > > > > mvn clirr:check > > > > > > Newer components use JApiCmp with the japicmp Maven Profile: > > > > > > This step is not required if the site includes a JApiCmp report page > > > which you then must check. > > > > > > mvn install -DskipTests -P japicmp japicmp:cmp > > > > > > 4) Build the package > > > > > > mvn -V clean package > > > > > > You can record the Maven and Java version produced by -V in your VOTE > > > reply. > > > To gather OS information from a command line: > > > Windows: ver > > > Linux: uname -a > > > > > > 5) Build the site for a single module project > > > > > > Note: Some plugins require the components to be installed instead of > > > packaged. > > > > > > mvn site > > > Check the site reports in: > > > - Windows: target\site\index.html > > > - Linux: target/site/index.html > > > > > > -the end- > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > -- > > Elliotte Rusty Harold > > elh...@ibiblio.org > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
