+1 (binding) src package: - verified signature/checksum - LICENSE/NOTICE present - compiled, ran checks, unit tests - built binary distribution, ingested some data and ran some queries
binary package: - verified signature/checksum - LICENSE/NOTICE present - ingested some data and ran some queries docker: - verified checksum - started cluster with docker-compose, ingested some data and ran some queries Also verified that I could no longer repro the vulnerability. Thanks for the quick work everyone! On Fri, Dec 10, 2021 at 9:02 PM Jihoon Son <jihoon...@apache.org> wrote: > > Hi all, > > I have created a build for Apache Druid 0.22.1, release > candidate 2. > > Thanks to everyone who has helped contribute to the release! You can read > the proposed release notes here: > https://github.com/apache/druid/issues/12054 > > The release candidate has been tagged in GitHub as > druid-0.22.1-rc2 (81e4da747d4fcfd15fa15bfebb942058152a3bba), > available here: > https://github.com/apache/druid/releases/tag/druid-0.22.1-rc2 > > The artifacts to be voted on are located here: > https://dist.apache.org/repos/dist/dev/druid/0.22.1-rc2/ > > A staged Maven repository is available for review at: > https://repository.apache.org/content/repositories/orgapachedruid-1028/ > > A Docker image containing the binary of the release candidate can be > retrieved via: > docker pull apache/druid:0.22.1-rc2 > > artifact checksums > src: > 2fea9417a7c164703d8f8bc19bbe70e743b82e6c5cf3ba9b7bc63c60a545b507757e36412bf06f6f522cf6de1cff1fe5141575c030c5fb779270012110f1427b > bin: > 716b83e07a76b5c9e0e26dd49028ca088bde81befb070989b41e71f0e8082d11a26601f4ac1e646bf099a4bc7420bdfeb9f7450d6da53d2a6de301e08c3cab0d > docker: 93aae94d4509768e455c444ea7d8515e1a1b447179e043f7b39630c2350125a9 > > Release artifacts are signed with the following key: > https://people.apache.org/keys/committer/jihoonson.asc > > This key and the key of other committers can also be found in the project's > KEYS file here: > https://dist.apache.org/repos/dist/release/druid/KEYS > > (If you are a committer, please feel free to add your own key to that file > by following the instructions in the file's header.) > > > Verify checksums: > diff <(shasum -a512 apache-druid-0.22.1-src.tar.gz | \ > cut -d ' ' -f1) \ > <(cat apache-druid-0.22.1-src.tar.gz.sha512 ; echo) > > diff <(shasum -a512 apache-druid-0.22.1-bin.tar.gz | \ > cut -d ' ' -f1) \ > <(cat apache-druid-0.22.1-bin.tar.gz.sha512 ; echo) > > Verify signatures: > gpg --verify apache-druid-0.22.1-src.tar.gz.asc \ > apache-druid-0.22.1-src.tar.gz > > gpg --verify apache-druid-0.22.1-bin.tar.gz.asc \ > apache-druid-0.22.1-bin.tar.gz > > Please review the proposed artifacts and vote. Note that Apache has > specific requirements that must be met before +1 binding votes can be cast > by PMC members. Please refer to the policy at > http://www.apache.org/legal/release-policy.html#policy for more details. > > As part of the validation process, the RAT license check can be run from > source by: > mvn apache-rat:check -Prat > > The release artifacts can be generated from source by running: > mvn clean install -Papache-release,dist -Dgpg.skip > > The vote will pass if a majority of at least three +1 PMC votes are cast. > Because we want to release this version as soon as possible, the vote will > be closed as soon as it passes. > > [ ] +1 Release this package as Apache Druid 0.22.1 > [ ] 0 I don't feel strongly about it, but I'm okay with the release > [ ] -1 Do not release this package because... > > Thanks! --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org For additional commands, e-mail: dev-h...@druid.apache.org
