+1 binding src: - checked signature and checksum - LICENSE/NOTICE present - ran RAT check - built binary distribution (also ran into CVE-2022-39135 but I think that's fine) - ran MSQ ingestion quickstart, native batch ingestion quickstart, and some queries
binary: - checked signature and checksum - LICENSE/NOTICE present - ran MSQ ingestion quickstart, native batch ingestion quickstart, and some queries On Wed, Sep 14, 2022 at 3:39 AM Clint Wylie <cwy...@apache.org> wrote: > +1 (binding) > > src package: > - verified signature/checksum > - LICENSE/NOTICE present > - compiled, ran checks, unit tests, ran into some issues with > CVE-2022-39135 which was announced a couple of days ago, but I don't > believe we are impacted; also an issue with parquet tests due to being > on an M1 mac with incompatible snappy which should be fixed by > https://github.com/apache/druid/pull/13081 > - built binary distribution, ingested native batch quickstart data and > ran some queries > > binary package: > - verified signature/checksum > - LICENSE/NOTICE present > - MSQ ingestion quickstart and ran some queries > > docker: > - verified checksum > - started cluster with docker-compose, native batch ingestion > quickstart and ran some > queries > > > > On Tue, Sep 13, 2022 at 11:42 PM Vadim Ogievetsky > <vogievet...@apache.org> wrote: > > > > I vote +1 > > > > My checks included: > > 1. Checksum verified > > 2. Signature verified > > 3. Source code compiled (Intel based Mac) > > 4. Ran through the new quickstart and all the example queries from the > binary distribution (Java 11) > > 5. Used the binary distribution for a few days just doing all sorts of > queries (lots of MSQ usage) on it as part of other projects > > > > Regarding the issues that Frank raised: > > - https://github.com/apache/druid/pull/13068 this does not look like a > regression in 24.0 > > - https://github.com/apache/druid/pull/13069 I think it is fine to > release without it and mention it in the documentation. > > > > On 2022/09/10 08:32:18 Abhishek Agarwal wrote: > > > Hi all, > > > I have created a build for Apache Druid 24.0.0, release candidate 2. > > > > > > Thanks to everyone who has helped contribute to the release. You can > read > > > the draft release notes here: > > > https://github.com/apache/druid/issues/12825 > > > > > > The release candidate has been tagged in GitHub as druid-24.0.0-rc2 > > > (09991dcf17fb9984b65f291f0db47e38058253e4), available here: > > > https://github.com/apache/druid/releases/tag/druid-24.0.0-rc2 > > > > > > The artifacts to be voted on are located here: > > > https://dist.apache.org/repos/dist/dev/druid/24.0.0-rc2/ > > > > > > A staged Maven repository is available for review at: > > > https://repository.apache.org/content/repositories/orgapachedruid-1032 > > > > > > Staged druid.apache.org website documentation is available here: > > > https://druid.staged.apache.org/docs/24.0.0/design/index.html > > > > > > A Docker image containing the binary of the release candidate can be > > > retrieved via: > > > docker pull apache/druid:24.0.0-rc2 > > > > > > artifact checksums > > > src: > > > > 867e3c4787e4e3f2a35e066cc982698d3e1a77fe90be7de163bd893908c13fec7fd8a84e19020f6f32fb517502a8eb729ae4492d51549f72a57f2bbf42b08e9c > > > > > > bin: > > > > 8b15192a7fb5a6f979b0c8f51bfd0dee5d26a5912ec2a3d25f4739ebbf89cadebed353ba30977a0b13b6410f89a2991eb7ee5ebea4217026129ce2262875dc91 > > > > > > docker (sha256): > > > c5ab9872c2f6e340f1429fd0bd514f163b0e491a9d808ee85de9a1b8f81ffe0b > > > > > > Release artifacts are signed with the following key: > > > https://people.apache.org/keys/committer/abhishek > > > This key and the key of other committers can also be found in the > project's > > > KEYS file here: > > > https://dist.apache.org/repos/dist/release/druid/KEYS > > > > > > (If you are a committer, please feel free to add your own key to that > file > > > by following the instructions in the file's header.) > > > > > > Verify checksums: > > > diff <(shasum -a512 apache-druid-24.0.0-src.tar.gz | cut -d ' ' -f1) > <(cat \ > > > apache-druid-24.0.0-src.tar.gz.sha512 ; echo) > > > > > > diff <(shasum -a512 apache-druid-24.0.0-bin.tar.gz | cut -d ' ' -f1) > <(cat \ > > > apache-druid-24.0.0-bin.tar.gz.sha512 ; echo) > > > > > > Verify signatures: > > > gpg --verify apache-druid-24.0.0-src.tar.gz.asc \ > > > apache-druid-24.0.0-src.tar.gz > > > > > > gpg --verify apache-druid-24.0.0-bin.tar.gz.asc \ > > > apache-druid-24.0.0-bin.tar.gz > > > > > > Please review the proposed artifacts and vote. Note that Apache has > > > specific requirements that must be met before +1 binding votes can be > cast > > > by PMC members. Please refer to the policy at > > > http://www.apache.org/legal/release-policy.html#policy for more > details. > > > > > > As part of the validation process, the release artifacts can be > generated > > > from source by running: > > > mvn clean install -Papache-release,dist -Dgpg.skip > > > > > > The RAT license check can be run from source by: > > > mvn apache-rat:check -Prat > > > > > > This vote will be open for at least 72 hours. The vote will pass if a > > > majority of at least three +1 PMC votes are cast. > > > > > > [ ] +1 Release this package as Apache Druid 24.0.0 > > > [ ] 0 I don't feel strongly about it, but I'm okay with the release > > > [ ] -1 Do not release this package because... > > > > > > Thanks! > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > For additional commands, e-mail: dev-h...@druid.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > For additional commands, e-mail: dev-h...@druid.apache.org > >
